Feature-Complete NoScript Add-on Now Available For Firefox Mobile

If there is one Firefox add-on that I don’t want to live without it is the NoScript extension. It is a security add-on that will block all scripts by default which are one of the main attack vectors on today’s Internet. Users can whitelist scripts on specific domains temporarily, e.g. for a browsing session, or permanently.

A side effect of this is that most advertisements and other script driven objects and elements will be blocked as well by the extension.

NoScript offers more than just script blocking and whitelisting though. It comes with additional modules to enforce HTTPS usage, Cross-Site Scripting filters, Clickjacking protection and a firewall like component that the developer calls Application Boundaries Enforcer.

The developer of NoScript has been working for quite some time on a Firefox Mobile port of the extension. The recently released NoScript 3 Alpha 9 version is the first feature-complete version of the security add-on for Firefox Mobile on Android and Maemo devices.

NoScript Mobile in particular offers the following major security features that the desktop version of the add-on offers:

• A domain based content permission management for scripts
• Anti-XSS (cross-site scripting) filtering options
• Clickjacking protection called ClearClick
• The web application firewall App Boundaries Enforcer

NoScript Mobile furthermore introduces permission presets that can be configured after installation and later on in the extension’s options.

The developer has added four different permission presets to the add-on.

• Easy Blacklist – The user picks the sites where JavaScript and plugins are blocked on
• Click to Play – Plugins are automatically blocked until activated with a click by the user
• Classic Whitelist – The standard setting on NoScript for desktop Firefox versions. Blocks all scripts automatically and will only run whitelisted scripts.
• Fortress – Like the Classic Whitelist setting but all contents are blocked even on whitelist sites until clicked on.

Another interesting feature that will be implemented eventually is the ability to synchronize NoScript settings between desktop and mobile versions.

Users interested in running NoScript on mobile devices can download the latest version from the NoScript Anywhere project website.

---

© Martin Brinkmann for gHacks Technology News | Latest Tech News, Software And Tutorials, 2011. | Permalink |
Add to del.icio.us, digg, facebook, reddit, twitter
Post tags: Firefox, firefox add-ons, noscript, Security, web security

Microsoft: Internet Explorer More Secure Than Chrome And Firefox

Your Browser Matters is a new site by Microsoft and partners that aims to make Internet users aware of security in general, and the web browser they use in particular. Some users may decide to ignore the site completely considering that it is maintained by Microsoft, others might want to check it out to see what it is all about and if the points that it tries to make are valid.

When you open the homepage of the informational site in a supported web browser you get a score for that browser right away. The site unfortunately does not support beta versions of web browsers which means that I was only able to get a score for Internet Explorer 9. Neither Firefox Aurora, Google Chrome Dev nor the latest stable Opera version were compatible with the site.

Microsoft’s Internet Explorer 9 scores 4 out of 4 points, which obviously is the highest possible score. Ed Bott ran Chrome Stable and Firefox Stable through the test and noticed that the browsers scored 2.5 (Chrome) and 2 (Firefox) respectively.

It all boils down to the test criteria. When you look at all of them in the screenshot below you will notice that Microsoft analyses how the browser handles the following four attack forms: Dangerous downloads, Phishing websites, Attacks on your browser and Attacks on websites.

You will also notice that no browser scores perfectly in all tests. Microsoft’s Internet Explorer 9 for instance fails in three of the sixteen tests, Chrome in seven and Firefox even in nine tests.

When you look at the core differences you notice that Microsoft’s Internet Explorer is the only browser in the test that passes all dangerous download tests which the company attributes to its SmartScreen technology. Both Firefox and Chrome fail in the tests.

All browsers pass the phishing websites tests. The attacks on your browser group of tests is divided into securing extensions and effective sandbox. Internet Explorer is the only browser according to Microsoft with the ability to restrict extensions and plugins on a per-site basis. The browser also passes the “benefits from Windows operating system features that protect against structured exception handling overwrite attacks” test where the two others fail.

Chrome on the other hand is the only browser in the list that passes the sandbox test.

Internet Explorer passes four of five tests of the attacks on websites test. It is the only browser that can automatically block insecure content from https pages and to sanitize HTML to remove potentially problematic code.

The question at this point is obviously if the tests are biased towards Internet Explorer by leaving out tests that might not be as favorable.

I can list a few missing tests without really thinking much about it, for instance:

• Is the browser protecting the user from third party extension or plugin installations?
• Does the browser warn the user of outdated plugins?
• Can users disable security related features, like JavaScript on a per site basis.
• Does the browser support different user profiles?

What I like about the site in general is that it offers information that educate users. The prevention tab for instance lists basic but important security information on one page.

Security is obviously only one feature when users pick a favorite browser that they use most of the time. There are other features like speed, extensions support or general compatibility with web standards that can make a difference.

What’s your take on Your Browser Matters? Is Microsoft making a valid point here or is this just marketing mumbo-jumbo?

Before you answer note that that Internet Explorer 6 scores 0 of 4 points and Internet Explorer 7 1 out of 4.

---

© Martin Brinkmann for gHacks Technology News | Latest Tech News, Software And Tutorials, 2011. | Permalink |
Add to del.icio.us, digg, facebook, reddit, twitter
Post tags: google chrome, internet-explorer, mozilla-firefox, Opera, secure browser, smartscreen filter, web security