Cookie, A Risk?

so i have several of these appear during virus, adware and other checks and im wondering as they appear even after "fixing" them should ibe worried?

also why when i run two virus checks after each other i still manage to find more infections

 

I'm guessing you mean tracking cookies. They aren't really an infection usually. It is just a stupid cookie you get from visiting websites. It is like any other cookie, except that some invade your privacy.

I think they are classified by virus software as "undesirable" rather than "harmful".

I wouldn't be too worried since they are hard to avoid.

Check out where the cookie came from. There must be a site you visit regularly that keeps slipping them to you. That is probably why you keep finding them in your antivirus software.

 

Cookies are just saved settings for various websites. For example, the one from NotebookReview.com keeps me logged in so I don't have to log in every time I visit the site.

 

You'll always get new cookies as you visit sites, especially if they keep you logged in. Nothing to worry about.

 

Cookies are indeed dangerous, an specific web site will read its cookie on your laptop and perform some tasks, what about if another web site that reads it?

 

Cookies don't store the information in plain text.

 

That's total BS. A cookie cannot "perform a task" on your computer. Also, cookies cannot be read by other web sites because there is security in place to prevent that.

All a cookie can do is follow you around a little bit. For example, google ads can send a cookie, and any time you visit a site that uses google ads, google knows about which site you went to. That might be a little scary for some, but that's the absolute most any cookie can do.

 

Yeah cookies don't actually perform any tasks on your computer. It is the server that gave you the cookie which does the tasks. Even then, the tasks aren't really harmful ones. Just recording your access of their site. (That's what I meant earlier when I referred to violating your privacy.)

As far as other sites reading the information, I'm not sure that is completely possible. Generally a cookie will at most display a website name & time visited in plain text. The rest is just a garbled bunch of text which the server who gave you the cookie translates. That's been my experience at least.

 

Cookies are restricted to only go back to the site that set them. However, there is a trick around this (which google uses as do others). The trick is that you embed an ****** into the web page which has it's source at the original site (like google ads). Then when that page loads, the ****** knows the ID of the site owner, and also has access to send the cookie.

 

I will interpret BS as Brilliant Statement, not also cookies put your computer on the hands of spammers, but it can also hold passwords and user id's.

 

In that case, I have a BS.

This is all about convenience v. security, and I would much rather have convenience for small things like keeping me logged into a forum and having my favorite pizza ready to go than worry about someone stealing this account, or heaven forbid, gaining access to my favorite toppings.

 

Turn off cookies globally, define exceptions for sites where you actually need them (forum logins etc.). If you use FF, get the Cookie Button extension.

 

Cookie does Perform task like Record unique Visiter to the site, record his IP etc.

Reliable sites dont misuse the Cookie feature.

But if u go to fishy sites then you should remove their cookies.



I enable cookies so i am logged into NBR

 

Brilliant statement it is!

I'm curious now that you bring it up though... I assumed that cookies don't actually store the password locally. Instead I figured it was stored on the websites server and the cookie just tells them to use it.

Or have I been wrong here...?

 

Here are some links to cookies.

http://en.wikipedia.org/wiki/HTTP_cookie
http://www.cookiecentral.com/faq/

Cookies cannot be read by anyone other than the originator. For example, if I visit google.com, google.com can set and retrieve google.com cookies, but not cookies created by my bank.

 

Cookies are text files, they cannot execute or perform anything.

Cookies store data based on a unique ID assigned by the site you visit. So unless you know how they generate these IDs you cannot read them. So other sites can't read your cookies.

 

Actually, a cookie can contain any type of data, but that data must be set by the site sending the cookie. As a result, cookies cannot contain any data that you did not specifically give to the site.

Many sites that are concerned about security will only store some sort of "session identifier" in the cookie, and use that to restore your session. However, this is limited to the knowledge and experience of the developer who wrote the site, so it's possible that your username, password, and any other information you gave to the site could be in there.

The only definition of cookies is that they hold "text data", and they are limited to a certain size. Any data that fits in those requirements is fair game to be stored in a cookie.

 

Well, remove the cookies from your computer and then try to get into some web sites that you don't care much to get your password and user id memorized, let me know what happens.

 

That wouldn't give an answer to what I was saying... What I was suggesting is that the cookie would contain a unique set of characters that don't mean much to anyone that doesn't know how to interpret it. However, the server that gave you the cookie would use that to identify you & pull up your data from it (the server itself).

Kind of like what Orev explained:

So i guess the answer is, sometimes it is one way & sometimes the other.

 

There's no reason to store a password in a cookie. Any web developer who does that is insanely stupid. Passwords are stored in the site's database.

A username could be stored in a cookie, and so could any other arbitrary data. Most sites that have login/password tend to store only a user id in the cookie, and maybe some other minor stuff that they might want to show up without having to log in.

IMO, the main reason anti-malware programs flag cookies is so users see that it catches stuff and say, wow, this program really works! I've seen people post here that Windows Defender sucks because it didn't find any malware, while some other program like AdAware is really great because it found over 200 "objects". Why does it find so many? Because AdAware flags all the cookies. Is that helpful? No, not really. If you don't want cookies, you can just turn them off in your browser. But these antispyware programs flag all the cookies so people think the program's really necessary and worth it.

 

Yes, those programs works on fear, and false positives, even if the program mentions they are false, make people feel better that the software they paid for found something.