Re: Adware blocking failures

From: N. Miller (anonymous_at_discussions.microsoft.com)
Date: 07/30/04 

Date: Thu, 29 Jul 2004 17:06:23 -0700

In article <erny6fIdEHA.3864@TK2MSFTNGP10.phx.gbl>, says...

> CookieWall (see previous post 27/7/04) does not block should
> SHOULD automatically delete cookies when found. I have it set to
> scan every 60 seconds.

It has been a long time since I used a third party cookie manager; at least
since the final release of MSIE6. By that time all the major browsers; Opera
5.x, Mozilla 1.0.x, Beonex 0.8.1, and Netscape 6.x had integral cookie
management. MSIE 6 introduced that, and a few other nifty security features.

> Spybot S&D says that it immunises against known threats - but
> then finds ones that it is already supposedly immunised against..
> This I can not understand.

I wouldn't know that a cookie is a "threat". I don't use the Spybot immunize
feature. Hmmm. The Spybot S&D help file on "Immunity" says nothing about
cookies; apparently "Immunize" is intended to block "drive by downloads". I
suspect your expectations may be affected by your misconception of cookies
as a "threat".

> > > Moreover, what can I do about it? [OS is W2kPro SP4].

> > Is MSIE6 your preferred browser? Did you know that it has
> > cookie controls? Tools > Internet Options > Privacy. Look
> > to the bottom, the "Web Sites" section. Click the "Edit" button,
> > and add sites, choosing the "Block" button for sites you wish
> > to block. Stick "doubleclick.com" and "doubleclick.net" in that
> > list, and neither Ad Aware, nor Spybot S&D will ever find
> > another MSIE cookie from "Doubleclick". Do the same for any
> > other sites you wish.

> > There may even be a way to set MSIE to ask about cookies,
> > before accepting them, as Mozilla and Opera do; you could
> > then set the permissions on the fly. I don't use MSIE6
> > often enough to know if that is possible.

> My browser is IE5.5 (5.50.4134.0600 with SP3 and various other
> updates).
> I have so far resisted 'upgrading' to IE6. Perhaps I should
> re-think that option

Indeed you should. And lower your expectations about Spybot S&D; it is not a
cookie blocker. Also, looking over the functions of the "Immunize" feature,
it looks like it interacts with the browser. It may be that, if you had
MSIE6 installed, Spybot R&D could then add "bad sites" to the MSIE6 cookie
controls.

P.S. Cookies are really not security threats; though they can be privacy
threats. One should take a security threat at the highest priority. 

-- 
Norman
~Win dain a lotica, En vai tu ri, Si lo ta
~Fin dein a loluca, En dragu a sei lain
~Vi fa-ru les shutai am, En riga-lint