Some time ago, TechPaul, in his Blog Tech – for Everyone, wrote a great piece on why FireFox users’ would benefit by installing the NoScript add-on. If you’re not familiar with NoScript, the developer describes it this way:
So I was more than a little surprised, to see a recent reader comment referencing this article, in which the reader (a self described “web developer”), complained:
My immediate response after reading this uninformed reader’s comment was – What planet are you living on? What internet are you surfing? How could you be totally unaware of the following?
Trojan horse programs
Back door and remote administration programs
Denial of service
Being an intermediary for another attack
Unprotected Window shares
Hidden file extensions
Yes, uninformed reader, you must be right – TechPaul and the following informed users, and reviewers, must be wrong.
CNET News: “Giorgio Maone’s NoScript script-blocking plug-in is the one-and-only Firefox add-on I consider mandatory.” (March 9, 2009, Dennis O’Reilly, Get a new PC ready for everyday use)
Forbes: “The real key to defeating malware isn’t antivirus but approaches like Firefox’s NoScript plug-in, which blocks Web pages from running potentially malicious programs” (Dec 11, 2008, Andy Greenberg, Filter The Virus Filters).
PC World: Internet Explorer 7 Still Not Safe Enough because it doesn’t act like “NoScript […] an elegant solution to the problem of malicious scripting”
New York Times: “[…] NoScript, a plug-in utility, can limit the ability of remote programs to run potentially damaging programs on your PC“, (Jan 7, 2007, John Markoff, Tips for Protecting the Home Computer).
The Washington Post security blog compares MSIE “advanced” security features (like so called “Zones”) to Firefox ones and recommends NoScript adoption as the safest and most usable approach.
The final part of this uninformed reader’s self serving comment was as follows:
“ If you have half decent anti everything, the real nasties will be blocked by them and the need for these add-ons won’t be there. This is not great news for web developers!!!”
One of the aims of Bloggers like TechPaul, Sir, is to offer information to readers which allows them to determine, based on real information, what steps they need to take in order to enhance security to a level which is appropriate for their needs.
A self described “web developer”, such as you, would be well advised to keep the needs of his clients, and end users, uppermost in his mind. Otherwise,it seems to me, you may not remain a web developer, ‘”self described”, or otherwise, for very long.