Windows_Security
Level 24
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
- Mar 13, 2016
- 1,298
Hi,
In Chrome it is possible to block scripts by default, adding exceptions for specific websites (e.g. https://[*].com allowing scripts from all com domains). Firefox does not have such an option, but by using an firefox add-on Policy Control it is possible to implement similar protection in three simple steps.
1. Install the add-on Policy Control.
2. Change default settings to (see image below) and click on save button.
This blocks third-party requests of fonts, plug-ins, javascript (i)frames, XMLHttpRequests and WebSocket and all requests for Ping and CSP reports. CSO reports give site owners a warning when their site contains illegal scripts. This is a benefit for site owners, not surfers so you don;t reduce your security. Also CSP feature is only less than 10% of the websites.
3. Add allow rules for the domains yoy normally surf.
I live in the Netherlands (.nl country level domain) and normally only visit websites with com, net, org and inf domains. With this restriction I reduce the attack surface while surfing with 60% (when you look at origin of malware). By allowing all stuff from those websites the functional impact of malfunctioning websites is near zero.
When you live in Germany you could change https://*.nl to https://*.de or add other german speaking countries like Switzerland and Austria (replace https://*nl with https://*.de, https://*.ch, https://*.at) or when you live in the UK, replace https://*.nl with https://*.co.uk or when you want to add Australia and New Zealand (with https://*.co.uk, https://*.co.au, https://*.co.nz).
In Chrome it is possible to block scripts by default, adding exceptions for specific websites (e.g. https://[*].com allowing scripts from all com domains). Firefox does not have such an option, but by using an firefox add-on Policy Control it is possible to implement similar protection in three simple steps.
1. Install the add-on Policy Control.
2. Change default settings to (see image below) and click on save button.
This blocks third-party requests of fonts, plug-ins, javascript (i)frames, XMLHttpRequests and WebSocket and all requests for Ping and CSP reports. CSO reports give site owners a warning when their site contains illegal scripts. This is a benefit for site owners, not surfers so you don;t reduce your security. Also CSP feature is only less than 10% of the websites.
3. Add allow rules for the domains yoy normally surf.
I live in the Netherlands (.nl country level domain) and normally only visit websites with com, net, org and inf domains. With this restriction I reduce the attack surface while surfing with 60% (when you look at origin of malware). By allowing all stuff from those websites the functional impact of malfunctioning websites is near zero.
When you live in Germany you could change https://*.nl to https://*.de or add other german speaking countries like Switzerland and Austria (replace https://*nl with https://*.de, https://*.ch, https://*.at) or when you live in the UK, replace https://*.nl with https://*.co.uk or when you want to add Australia and New Zealand (with https://*.co.uk, https://*.co.au, https://*.co.nz).