Steve Dodson's WebLog

A Premier Field Engineer supporting customers with security related topics.

Blogs

"Tracking" Cookies in Anti-Spyware Applications

  • Comments 4
  • Likes

As a user of many anti-spyware applications over the years, one item has always bothered me when removed by antispyware applications. That item is "tracking" cookies. Many people in the industry know what cookies are, and how they can be used, but I do not think my parents would know anything about cookies. In my opinion, the industry has created a scare tactic in order to make a "problem" seem worse than it really is. I see this a lot when people are reporting that one program is better than another in respect to cookies. I really do not see how someone can make that argument. I can write a program which deletes n+1 files if I want until I reach a point where there are no more files to delete.

So why is this a problem?? Users do not know what files are good or bad, and therefore rely on the application to determine this for them. But if I am the programmer for another application, I could delete all good and bad files and then say... " We delete more files than Product X." The end user then says... "Of course..I want the other product...more is better!!" These users will then end up losing some settings which were never malicious in the first place. This leads me to the last thought...

Cookies by themselves are not malicious; they are text files with settings. Cookies can be a part of some application which calls on the text file in order to send information to a 3rd party, but end the end, they are only text files. In order for "tracking" cookies to be of use, a corresponding application needs to be running in the background and grab information off this file. I think this is where anti-spyware applications need to be focusing their efforts - removal of the application which uses these text files instead of blowing away all good and bad cookies.

I think the cookie argument will go on for a while, but as long as the end user cannot discern what is good versus what is bad, the industry needs to work on improving the logic of removing applications as opposed to deleting all cookies.

Comments
  • I don't want tracking cookies sitting around on my system that allows advertisers such as Doubleclick to collect information about me and use it to further target advertising toward me. There's already so much advertising on the web that I take great pains to block out of my browsing experience, the last thing I need is for companies such as Doubleclick to try to target more to me. There's plenty that sites can do to get your personal information from tracking cookies that do not require "corresponding application[s] running [on your computer]."

    The fact that MS Anti-Spyware doesn't delete tracking cookies puts it at a huge disadvantage with its competition. If you like having your Internet experience cluttered with spam and targeted advertisements, more power to you. But that does not mean that the software shouldn't give me the option to remove that from my experience.

  • It seems to me that deleting cookies will in no way reduce the quantity of advertisement aimed at you while browsing the Web; it will merely affect the quality of those advertisements. Of course "quality" is a subjective term here, and you can interpret it as a negative or positive change depending on whether you look at it from the point of view of the user or the point of view of the ad industry. Either way, my point is if a Web site wants to show an add and you have deleted the cookie that it uses to decide which ad to show, it will pick one randomly. You think clearing your cookies will cause Web sites to not show ads?

    Of course, I do not think we should sit back and allow these cookies, but can you not set Internet Explorer's cookie settings to prevent one site from reading a cookie set by another? Can you not just add doubleclick.com to your blocked cookie list?

  • Tracking Cookies...just what they say. I hate them! Why? Because they are nammed after something I love, real cookies. Couldn't they have nammed them something different. Besides that, they don't bother me. My opinion is that you shouldn't worry about what is tracked if you aren't doing anything wrong. If you are, then you should be worried about them. Maybe they are a good thing...Like your mom or dad keeping an eye out for what you are doing online. Every now and then that's a good thing. If you want to hate something, hate spyware and viruses. People creating something to crash your computer or hack in to it. People need to just sit back, relax, and eat a cookie...a real one!