I agree on your Whitelist approach. It keeps the number of items manageable.
Perhaps create a learning mode whereby you can "carefully" go to each site
that you frequent on a trusted basis and the program will list cookies from
those "good" sites in an acceptable list.

The problems arise when "Joe Six-Pack" leaves learning mode and is told that
there is a cookie from the next site he visits. The program should provide a
description of the cookie in some manner so the typical home user has enough
information to make a rational decision. This becomes difficult since
warnings from the usual spyware detections rely on negative listings and can
tell an unskilled user that this is a nasty cookie and why based upon a
history of complaints. I do not see how that can be done without some
technical analysis of the cookie by the program. Does anyone know of
techniques that actually analyze a cookie to see if it is "good"? Otherwise
it seems that we are back at the blacklist if a reasonable amount of info is
to be given to the customer to make a sensible decision about a cookie.

Dick

<Vanguard> wrote in message
news:(E-Mail Removed)...
> "Adelphia" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
>> Has Microsoft announced that they will eventually detect cookies that are
>> deemed unsavory?
>
> Who is going to become the Cookie Dictator to decide which domains try to
> save "bad" cookies on your host? Viruses, spyware, trojans, and such are
> deemed such because of their behavior. If cookies were blocked or purged
> based on their behavior then all cookies would get blocked or deleted -
> and you already have that option within IE to configure it to never accept
> cookies.
>
> Rather than wasting time compiling a huge list of "bad" cookie domains
> (based on someone else's choices than you), Microsoft should instead
> incorporate a cookie whitelisting function. You decide which cookies you
> want to keep and all the rest are either blocked or forced to be
> per-session cookies (they get deleted when IE is exited). Many sites
> won't function correctly unless you save their cookie but it only needs to
> be around while you are there, so purging all non-whitelisted cookies
> after exiting IE would force them to be per-session cookies. Then you
> don't need to bother wasting time compiling a bad cookie list to include
> in frequent updates based on criteria which was NOT that of the user.
>
> If you want to provide for some cookie management now then go configure
> IE's cookie options. I set mine to allow 1st-party cookies, block
> 3rd-party cookies, and allow per-session cookies (because they expire and
> get deleted when you exit IE). There are also LOTS of cookie managers out
> there that provide whitelisting. Some popup blockers, like PopUpCop, also
> provide cookie whitelisting. If you want to manage your cookies then do
> so. You not vacuuming the floor after dropping cookie crumbs all over and
> leaving them there is your fault.
>
> Anyone know if cookie management got any better in IE 7 beta?

Hoi Plun,

new spyware?

gold miners?



Regards >*< Old Digger >*<



> Adaware detects tracking cookies, MSAS not within Beta 1.
> Click o the "golden lock" within Adaware and check your log files,
> probably all of them are tracking cookies or gold miners.

Yes

Dataminers But whats the difference
to tracking cookies ?

--
plun


Tom Emmelot formulated the question :
> Hoi Plun,
>
> new spyware?
>
> gold miners?
>
>
>
> Regards >*< Old Digger >*<
>
>
>
>> Adaware detects tracking cookies, MSAS not within Beta 1.
>> Click o the "golden lock" within Adaware and check your log files,
>> probably all of them are tracking cookies or gold miners.

"plun" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Vanguard used his keyboard to write :
>> Anyone know if cookie management got any better in IE 7 beta?
>
> It seems to be the same functionality within IE7 Beta 1 as I can see.

Alas, Microsoft is still shortsighted. I suppose the other option is to
disable all cookies and then have it prompt you whereupon you can select to
block or allow the cookie, or go edit the cookie list yourself for the few
domains where you want to use them and keep them (Internet Options ->
Privacy -> Sites). If you use SpywareBlaster's "bad" cookie list, you'll
see them listed there already.

> Maybe a "Whitelist" is a solution Or use Spywareblaster for a
> "blacklist" .............

Personally I don't like blacklists. Even with SpywareBlaster, I
occasionally look at the list to make sure the author's choices match my
own. (BTW, SpywareBlaster does NOT function as the author now claims but as
the author used to claim. It will NOT prevent the AX malware from getting
onto your machine.)

> A newbie or "normal user" never touches any settings within IE tools !
> They never changes anything from "defaults", nothing under the hood.

As is evident from all the lazy users asking how to make OE stop blocking
attachments because they bother to look at the options. However, if they
are too lazy to look at the options, they are too lazy to be using a
security product.

"Adelphia" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> Does anyone know of techniques that actually analyze a cookie to see if it
> is "good"?

From what I see of the blacklists for "bad" cookies, they are by domain.
That is, how the domain uses their cookie is bad for the user. It's just
data within a cookie, so even a simple and innocuous looking string like
"gh89llll" might not mean anything to the user that had a utility to look
into the cookie but to the site it is the encoded string telling that site
when you last visited them, or where you came from, or other encoded
information. It would be like trying to use Notepad to look at an SQL
database: you would see a bunch a values but YOU wouldn't know how they were
used or what they meant.

From what I recall of cookies, a cookie lists its owning domain. Only that
domain can use that cookie. So a "bad" site cannot try to hide its cookie
under some other domain's name (by changing the domain field within the
cookie) because then that "bad" site couldn't use their own cookie. So
whitelisting works to let you keep only those cookies that you really need.
IE already has a whitelisting feature (Internet Options -> Privacy ->
Sites). You can add good domains with the Allow attribute and then
configure IE to block all other cookies. If you find a site where you want
to keep their cookie then you can add them to the Allow list. However, this
doesn't help for sites where you don't want to permanently save their cookie
but would like to permit it as a per-session cookie. Their site may not
function properly without their cookie, so let them have it while you are
there, and then forcibly delete it after you leave (i.e., if not whitelisted
in the Allow list, force all other cookies to be per-session cookies).

I have maybe less than a dozen domains where I trust their use of their
cookies. Management of a dozen good sites - and which are of MY choosing -
is a lot easier than managing a blacklist of thousands of domains unless, of
course, you are lazy and let someone else decide for you what sites are
"bad". There are already plenty of cookie managers available to makeup for
IE's lack of per-session handling of non-whitelisted cookies. IE does have
a whitelist (by setting Allow on a domain) but it doesn't have a means of
forcing all other cookies to be per-session cookies.

Vanguard submitted this idea :
> "plun" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Vanguard used his keyboard to write :
>>> Anyone know if cookie management got any better in IE 7 beta?
>>
>> It seems to be the same functionality within IE7 Beta 1 as I can see.
>
> Alas, Microsoft is still shortsighted. I suppose the other option is to
> disable all cookies and then have it prompt you whereupon you can select to
> block or allow the cookie, or go edit the cookie list yourself for the few
> domains where you want to use them and keep them (Internet Options -> Privacy
> -> Sites). If you use SpywareBlaster's "bad" cookie list, you'll see them
> listed there already.

Well, speaking for myself I never uses any "blacklists" and if it is
shortsighted or not with IE7 I don´t know.

There is no other alternatives for companys using these tracking
cookies for ads business and sales.

And MS is for sure aware of this.

For myself I removes them perhaps once a week. Some of these are also
within my TrendMicro PC cillin protection to "always remove" after a
scan.

>
>> Maybe a "Whitelist" is a solution Or use Spywareblaster for a
>> "blacklist" .............
>
> Personally I don't like blacklists. Even with SpywareBlaster, I occasionally
> look at the list to make sure the author's choices match my own. (BTW,
> SpywareBlaster does NOT function as the author now claims but as the author
> used to claim. It will NOT prevent the AX malware from getting onto your
> machine.)

True

A "whitelist" must be really difficult to maintain in worldwide
perspective and from who ?


>> A newbie or "normal user" never touches any settings within IE tools !
>> They never changes anything from "defaults", nothing under the hood.
>
> As is evident from all the lazy users asking how to make OE stop blocking
> attachments because they bother to look at the options. However, if they are
> too lazy to look at the options, they are too lazy to be using a security
> product.



Well, they are maybe lazy but the biggest user group never touches
anything under the hood, thats it.

Everything must be "default" for all program settings and automagic
controls for example security/defs updates and/or to start a scan.

And noone can change this fact about going "under the hood" and change
settings for a majority of users. Mission impossible.

--
plun

Hi Denis,
In the Beta1 version, the program doesn't go into the cookie jar, nor does
it chase data miner objects.

As you can see from the rest of the thread, cookies are an item of hot
contention.

Ron Chamberlin
MS-MVP



"Denis" <(E-Mail Removed)> wrote in message
news:E89BD00E-85C2-4C13-81FA-(E-Mail Removed)...
> MS Antispy b1 consistently fails to detect spyware even on full system
> scan.
> I do a weekly scan with MS Antispy followed by Adaware which detects
> numeruos
> spyware, something like 10-30 items each weekly scan.
> Can anyone suggest a reason for this?