Script Defender is a Script-Blocking Extension for Google Chrome

Apparently, Google has developed its own version of NoScript. This seems like a good idea, but further testing is needed to determine if it really works.

Script Defender is a NoScript-like extension for the Google Chrome web browser. The extension enables you to block scripts, plugins and other page elements automatically on websites that you visit in Chrome, so that you stay safer, run into less annoying things on the web and even save some bandwidth in the process.

When you install Script Defender in Google Chrome you will notice that it adds a blue shield icon to the main toolbar of the browser. This icon is used to open the options and configure global or site-specific permissions.

Only and are whitelisted by default by the extension, while all other domains and hostnames that you come across are not, which means that scripts and plugins won’t load when you open the websites in the browser.

Note: Images and iFrames are allowed by default by the script. You can modify that in the preferences.

Script Defender

script defender chrome

The interface of the extension is somewhat confusing, as there is a lot going on. When you click on the icon, you see something similar to what you see on the screenshot above. Here is a quick rundown of the elements on that screen:

  1. The top icon bar from left to right does the following: Block Cookies, Block images, IFrames, JavaScript files, Plug-ins, XMLHTTPRequests, and pause.
  2. The icon on the right opens the program preferences.
  3. The Allow and Block buttons below that are global preferences, which means that you can use them to quickly enable or disable scripts, plugins, images or iframes on a global level.
  4. The bottom section displays permissions for the domain you are currently on. White items are blocked, while blue ones indicate that they are allowed on the host.
  5. Below that is a list of external scripts and files that are loaded when you open the site, with white items indicating that the connections have been blocked by the extension.

I’m not entirely sure how the small icon bar at the top and the global buttons differ, as they seem to trigger the same functionality.

The two remaining options that you have here is to look-up the host on Norton’s Safe Web website — which you have to temporarily or permanently whitelist first (oh, the irony) — and to look-up whois information about the host.

Instead of using the icon, you can also right-click on a page to change permissions using the context menu. Here you can also add sites to the whitelist.

script defender

You can configure the default behavior for scripts, plug-ins, images and iFrames in the preferences. If you use the extension a lot, you may also want to enable auto-reload to make things more comfortable in this regard.

Note that external scripts are allowed by default, which you may want to disable as well to protect against these kind of scripts as well.

The difference between whitelist and list as far as I can tell is that the first is permanent, while the second only enabled for the current session. So, if you clear the browser you will automatically clear all permissions listed under list in the preferences.

Closing Words

It is too early to tell how effective Script Defender really is. It seems to block scripts and plug-ins accurately, but it is definitely necessary to run a scientific test to see how close to NoScript it really is.

It seems to use Google Chrome’s native blocking mechanisms to block scripts, plug-ins and images. Definitely worth a closer look.

Link to Original Content

Tags: , , ,

Comments are closed.