Noscript is one of my essential browser tools. What it does is intercept java, flash, and other script including executable content on a Firefox browser and keeps it from executing until the user specifically whitelists the site. It can be an inconvenience to someone who doesn’t understand the dangers that exist on the Internet, however it doesn’t save us from every danger out there.

It seems someone at ZD Net noticed it recently. It’s nice to know that Noscript protects from specific Zero Day attacks too.

If you use Firefox (and you should) then you should use Noscript to complete your safety net.

It is rare when the XSS detection triggers, but even for someone that browses as carefully as I do, it can. In fact there are some times when I am browsing through things that aren’t necessarily all on the up-and-up. I had a PC that I needed to hack into a couple weeks ago and my traditional tool is ophcrack over at SourceForge. They recently updated the tool and it no longer performs as it did – very disappointing. I downloaded a previous version and let it crack away on the target computer, however it couldn’t reveal any of the passwords. I did some searching for an alternative tool, and as you can guess that led me to some shady websites. With Noscript I didn’t worry at all.

The one thing that Noscript doesn’t save us from is a trusted site that we’ve whitelisted that was subsequently cracked. If the defacement includes posting compromised code, then it will execute just as if it were trusted.

I have been testing Google’s new Chrome browser, and there are many things that I like about it. If you haven’t heard about it by now, you should have. They made a cute little cartoon to describe the differences in their browser and why they feel it is necessary to have yet another browser. My summary of the positive points are as follows in order of importance.

1. Tab isolation. Independent processes for each tab means is that each tab runs isolated from every other tab. It has happened to me too many times where I’ll be writing a blog post and doing things in other tabs and suddenly the browser locks up. The vast majority of the time it is Adobe that does it, but that’s beside the point. Fortunately WordPress and many web based email clients now automatically save drafts periodically to prevent a total loss when this happens. Still, this is a big advantage for a web browser.
2. Speed. This is especially apparent on Google’s websites, but I did notice speed improvements elsewhere. Part of this is due to the independent processes since one tab won’t block another one. Part of it is due to Google’s Javascript engine V8.
3. Sanity. The autocomplete feature. You have to see it in action to believe how much better it is than what you are used to.
4. The pop-up blocker is not over-protective, yet still blocks popups from view until you want to see them. Some websites still require popups in order to function properly.
5. The interface is natural and extremely flexible. You’ll find yourself moving tabs and windows around like never before. It almost feels like you are in a sci-fi movie manipulating a futuristic computer screen. This is another one where you won’t realize how useful it is until you actually try it.

Now for the summary of negative points in order for me.

1. Bugs. Ok, well maybe I should say bug because I have one that really annoys me. I have a Synaptics touchpad on my laptop and I use the right side as a scrolling area. This action works everywhere except on Chrome. It will scroll down, but will not scroll back up. Until that is fixed the browser is a little annoying to use.
2. Plugins. One of the reasons my Firefox browser is slower than Chrome is because of all the plugins I’ve added into it. There is a reason why I haven’t uninstalled them to make Firefox go faster, and that is because I like them. So it makes Chrome go backwards a little to lose this functionality. Some of my favorite plugins will probably never be supported or ported to Chrome – unless it becomes at least as popular as Firefox.
3. Security. It is a new product and crackers haven’t had a chance yet to do much in the way of independent vulnerability testing. There are sure to be some flaws that can be exploited, and it remains to be seen how responsive Google will be to fixing those and/or alerting the public. I haven’t used it yet for my bank site. I will give it a bit longer for that.
4. Memory requirement. Not so much of an issue for me because I have a good amount of memory on my computers, but it is a concern. When each tab is a separate process that can add up to extra memory requirements. I see this more of an issue on slower/older computers or UMPCs where memory is usually smaller.
5. Compatibility. I haven’t found a site that didn’t look good enough to use yet, however the fact that they emphasized this problem in their cartoon makes me worry that something won’t show up right. Still, they do more testing internally than anyone else except Microsoft is doing. Everyone else relies on the community to test for them.

Some of those negative points were a stretch. You’ll have to check it out for yourself!

UPDATE 11/08/2008: Google updated Chrome to fix the scrolling bug with the Synaptics Touchpad!