Well, I guess Internet Explorer 7 doesn't have the ability to disable JavaScript features, like the resizing of windows, preventing context menu from opening (which I don't like it), disabling shortcut keys, etc.
It's not just a matter of switching to Firefox (which is not my preference) but I'm hoping Microsoft would implement the checkboxes to disable certain JavaScript features...
Securing Firefox: How to avoid hacker attacks on Mozilla's browser
Disabling JavaScript
This is a continuation of the previous slide. CERT/CC recommends disabling all of the options displayed in this dialog.
Talkback Most Recent of 93 Talkback(s)
-
Grayson Peddie9th Jul 2007 -
NoScript!
The most important security add-on to firefox if you want to lock down the browser is NoScript. Not only does it have built-in XSS protection, but it will also sanitize Flash, Java, /and/ Javascript on a per-domain basis. That's much more secure than trying to live without javascript on all sites (which will just drive you to enable it dozens of times a day to use sites that require it).
http://noscript.net/
jwiens9th Jul 2007 -
NoScript!
I've my enterprise PCs secured, in part, with NoScript, as well as having trained my family and friends on using it.
gmunk.internet@...9th Jul 2007 -
NoScript!
If you install only one add-on it *HAS* to be NoScript!
Magic, there's no other word for it.
Jacdeb6009@...10th Jul 2007 -
Yes, NoScript is required equipment
I consider NoSCript a REQUIREMENT, not an optional add on. Install it, learn it real quick, and use it. Do not just allow everything, be selective.
JoesCat10th Jul 2007 -
What version are these screen shots from?
They don't appear to be from the latest version (2.0.0.4). V 1.5 maybe?
ejhonda9th Jul 2007 -
Ha ha
They must be so embarrassed
PhilM10th Jul 2007 -
???
Read the blog, try to understand it, then post. It was prominent in the blog that the screen shots were from an EARLIER version.
And so much for the "ha, ha". Only embarrassment is yours-they were plain enuff.
DirtyDingus10th Jul 2007 -
Read it - it's still puzzling
Why would someone put up a how-to on an outdated version? I look forward to ZD's series on how to secure Windows 95.ejhonda3rd Jan 2008 -
RE: What version are these screen shots from?
" They don't appear to be from the latest version (2.0.0.4). V 1.5 maybe?"
The latest version I believe is 2.0.0.11 (its even mentioned in the article)
devlin_X4th Jan 2008 -
screen shots
the screen shots do are not from 2,0,0,11 which I have
clancymcq@...4th Jan 2008 -
You read but didn't comprehend
Again I repeat the quote with the key part highlighted:
"They don't appear to be from the latest version (2.0.0.4). V 1.5 maybe?"
I wasn't refering to the screen shots but what they said the latest version was. The poster said the latest version was 2.0.0.4 when the current one is 2.0.0.11...
Though now I'd like to correct myself since after I posted I noticed the date the comment I was posting in response too was older than I realized and it's possible 2.0.0.4 could have been the current version at time of posting.devlin_X5th Jan 2008 -
The option to
enable cookies for the original site only is unfortunately no longer available in the latest FF 2.0.0.4 toolbar, which I run on both Windows XP and Ubuntu 7.04 (I haven't checked Gran Paradiso 3.0a6, which I'm using in a Vista partion). NoScript, which I run on all three partitions is a wonderful tool, which allows one to choose which sites are permitted to run script. The problem is that very few sites run a single script - when reading this particular article, for example, I am asked not only to determine whether I should allow script from zdnet.com (which I of course do - surely those lovely people at ZDNet would never do anything to harm me !), but also to do the same thing for i.com.com and pointroll.com, about which I know very little. Googling takes me to pointroll.com's website, which offers me ?rich media solutions?, but when I attempt to connect to i.com.com, I am informed that Firefox is unable to find the server. Some sites, like those for major newspapers, will be coupled to upwards of ten of these subsidiary sites, most of which presumably count the number of visitors, and all of which clamor for attention in NoScript. Under these circumstances, your average user is probably going to click to permit all of them simply to get rid of that annoying NoScript yellow warning bar at the bottom of the active window, thus greatly reducing the tool's usefulness as a security device. Websites badly need cleaning up, so that users aren't confronted with a plethora of URLs, all requesting access to their computers....
Henri
mhenriday9th Jul 2007 -
Why not set NoScript to not warn you?
NoScript marks any site that you don't allow as untrusted. I just allow the main ZDNet site. Who needs the other stuff, I'm reading the blogs, not the ad's or the counters or the flash or the Java.
I also use flash block and Adblock with good results.
k12IT9th Jul 2007 -
An interesting alternative,
but imagine the situation from the point of view of the novice. Perhaps he or she wants to be able to make use of a link to view another article or see a screenshot slide-show, and doesn't know what to block and what not to block in NoScript. To mind, the owner of the main site - in this case, ZDNet - bears a certain responsibility to its readers to inform them which sites coupled to his/her/its own are essential for making use of links provided on the site and which are not, and to guarantee that the ones that are are not infected. (I understand perfectly well that in these situations, no guarantee can be 100 % - even the best of sites can become infected - but in the business world there exists a concept known as ?due diligence? which I find applicable here.) I think a discussion of the responsibility of website owners to readers in this regard is long overdue, and that Ryan's blog would be a not inappropriate venue for it. What does Ryan himself have to say on this matter ?...
Henrimhenriday10th Jul 2007
Talkback - Tell Us What You Think
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
