More Crumbling Cookies

Author	All Replies
R2 R Not Premium,MVM join:2000-09-18 Long Beach, CA kudos:1	More Crumbling Cookies OK, a week ago I rarely even gave cookies a second thought. But two things changed my mind. First, it was reading so many excellent and informative posts here about cookies and cookie blocking programs; and second, was reading more about Web Bugs. Here is some information on Web Bugs that we all should know (and I know many of you do): Email Cookie Leak Security Hole Invasion of the Web Bugs The WebBug FAQ So I decided I would look further into my cookies and what to do with them. I thought about simply turning OFF all cookies (Tools\|Internet Options\|General\|Internet Zone\|Custom Level\|Cookies\|Disable). Well, I did not like that decision, because I could not even sign-on to DSLR -- I need to Enable cookies to even come here! Richard Smith gives more information as to why turning off cookies does not always work so well. So I set out to learn more about cookies. I found SOME information at Microsoft: Frequently Asked Questions About Cookies But the information I could get from them was not adequate. The more I looked into this I realized that Microsoft's recommendations about deleting cookies is simply WRONG. It does NOT address the index.dat file. See this thread for my findings on that. After having fixed the index.dat issue to my satisfaction, I set out to see what I could do about blocking cookies. I quickly realized that "per-session" cookies really are NOT the problem. So I set the Custom Security Level to Enable for per session cookies. This seems to be a no-brainer decision. Then I tried to set up the "persistent" cookies to be "Prompt" (instead of Enabled -- no security, or Disabled -- too much security). I absolutely hated this! It makes surfing the web completely intolerable. Just try it. Set persistent cookies to prompt and just try to navigate the Microsoft web site. Every page has from 1 to 4 cookies that need to be rejected!! I could not stand that. So, I then re-tried CookieWall -- and I am CONVINCED this is a far superior solution. Why? Because with CookieWall I can choice to "Temporarily Accept" a cookie from microsoft.com. This the key part. Once I do that, ALL cookies from this site are temporarily accepted. I don't have to keep clicking "NO" every 5 seconds. This is much more user-friendly and logical. The cookies are NOT written into my \Cookies folder -- instead they are held in limbo until I decide to "Always Accept" or "Always Delete" those cookies. If I reboot my computer, during the reboot process I am asked about each site that I have not decided about yet. This is very cool. In summary, I found the 'cookie program' solution to be a far superior choice than to using the tools that Microsoft gave us. I appreciate any input. Thanks.
	to forum · permalink · 2001-05-17 14:08:42 ·
Taurus333 join:2001-04-06 Ohio	said by R2: The cookies are NOT written into my Cookies folder -- instead they are held in limbo until I decide to "Always Accept" or "Always Delete" those cookies. If I reboot my computer, during the reboot process I am asked about each site that I have not decided about yet. This is very cool. I understand the advantages of doing it but ugggh too much work. I would rather deny all and then do the work on adding the site to trusted zones if I need to accept. Notice I said "need to accept", I do not want to accept any and will only accept those that are essential. Considering only 3 sites are in trusted zone and over 700 are not it just makes more sense. I tend to follow links...can spend hours following link after link after link....from the way you describe it, it would take me a half hour to reboot my computer with all the prompts I would have to deal with.
	to forum · permalink · 2001-05-17 14:21:34 ·
jaykaykay 4 Ever Young Premium,MVM join:2000-04-13 Scottsdale, AZ kudos:19 Reviews: ·Speakeasy	reply to R2 For what it's worth, I agree with your conclusions and for the reasons you concluded what you did. I, too, use CookieWall. Have for some time. Really like the little proggie. At the end of the day, I normally just end up deleting all new cookies, unless there's a specific one that I feel like moving to one of the other options. I also use the hosts file and various settings on IE, but over all, I do as you seem to have concluded you might do. I am not the only one using this computer either, so making the settings totally one way or another is far too aggravating for anyone but me to deal with, and even I question some of the settings I have. I was paranoid to begin with, and now I question whether I am just plain nuts some times. We'll see what other responses you get to your question, though. There are many who will agree and many disagree, vehemently, I am sure. Oh, and I have nothing in my trusted zone...not even DSLR. -- JKK Age is a very high price to pay for my maturity, so if I can't stay young, I can at least stay immature! [text was edited by author 2001-05-17 14:27:26]
	to forum · permalink · 2001-05-17 14:26:11 ·

Zhen-Xjell Prolific Bunny Premium,VIP,ExMod 2001-04 join:2000-10-08 Bordentown, NJ	reply to R2 Were it not for Web Washer, I would be using Cookie Wall full time. As a matter of fact, I've been "taking" CW off of my system now for close to a week. It is an excellent application, and the member who pointed me to it was Hank, our Linksys Host and Moderator.
	to forum · permalink · 2001-05-17 14:52:06 ·
R2 R Not Premium,MVM join:2000-09-18 Long Beach, CA kudos:1	reply to R2 There is one concern about using the Trusted Zone approach -- could this be spoofed? This is a recent MS Security bulletin: A patch is available to eliminate two newly discovered vulnerabilities affecting Internet Explorer, both of which could enable an attacker to spoof trusted web sites. If they can do it one way, they might be able to do it another...
	to forum · permalink · 2001-05-17 15:16:11 ·
Taurus333 join:2001-04-06 Ohio	But is using Trusted Sites an issue when you up the security to medium and have the same security within it as you would within the Internet Zone? I make that change and all that adding sites does is allow me to accept cookies and nothing else. I can't imagine that there would be a greater security risk that way than allowing cookies with all sites in Internet Zone, the only difference being that you're only accepting cookies from sites you want to.
	to forum · permalink · 2001-05-17 15:24:06 ·
R2 R Not Premium,MVM join:2000-09-18 Long Beach, CA kudos:1	I am really not sure of the risks -- I just remembered that bulletin so I posted the link. The benefit of CookieWall is that you are seeing all sites that are placing the cookies before they place them. Less is hidden.
	to forum · permalink · 2001-05-17 15:31:09 ·
Lex Luthor Premium,Mod join:2000-09-17 Hicksville, NY kudos:3 Host: OptimumOnline Users find Hot Deals Users find Hot Dea.. Requests for Hot D..	Are you positive that cookies do not get placed in the cookies folder or the TIF cache when using cookiewall? I thought it put them there then deleted them if you chose delete. I could be wrong as I had tried so many cookie programs lately. I decided to block all stored cookies and then open up sites I need via the trusted zone. I think that's going to work just fine with zero hit on my resources/memory. Lex
	to forum · permalink · 2001-05-17 15:51:21 ·
Taurus333 join:2001-04-06 Ohio	reply to R2 said by R2: I am really not sure of the risks -- I just remembered that bulletin so I posted the link. The benefit of CookieWall is that you are seeing all sites that are placing the cookies before they place them. Less is hidden. I checked out the link but as I was reading it, it occured to me that if its talking about trusted zones with the default setting of low or medium low (can't remember which) than it may be different than Trusted Zones being set as if it were Internet Zone. Just wondering if security settings of the zone or the zone itself is the issue. But my question is if I'm denying the cookie anyway why would I care about seeing the cookie in the first place? The only time I have to even think about cookies is if I find a site like this where it won't let me in without one or if something won't function correctly.
	to forum · permalink · 2001-05-17 15:56:08 ·
Zhen-Xjell Prolific Bunny Premium,VIP,ExMod 2001-04 join:2000-10-08 Bordentown, NJ	But my question is if I'm denying the cookie anyway why would I care about seeing the cookie in the first place? The only time I have to even think about cookies is if I find a site like this where it won't let me in without one or if something won't function correctly. Different GUIs for different people. Some like CW, some don't. I have enjoyed using it. Instead, why don't you try out WW?
	to forum · permalink · 2001-05-17 16:12:02 ·
R2 R Not Premium,MVM join:2000-09-18 Long Beach, CA kudos:1	reply to Taurus333 Well, if you SEE the cookies being placed, then no one is spoofing a Trusted Zone site behind your back. I am NOT really even sure that this is possible, but I don't really know. The black hats seem to be able to get around most any thing Microsoft creates, so why can't they spoof a Trusted Site and set an unwanted cookie? And as I said in the first post, blocking all cookies may not be the perfect solution -- read Richard Smith's take on this.
	to forum · permalink · 2001-05-17 16:38:51 ·
OzarkMan$ join:2000-12-22 Ozark Mtns.	said by R2: no one is spoofing a Trusted Zone site behind your back. It's been awhile that this was brought up....and some may remember the thread from a FEW months back(yeah right...at my age ! ). It was titled MSN Cookie Data Crosses Domains with a write up by pc-help Keith Little and an explanation of how MSN said by pc-help: Violates "Trusted Zone" Settings Savvy Internet Explorer users often use IE's "Trusted Zone" options to help provide protection against cookies and other intrusions. Users can browse the Net at large with very tight security settings, while allowing the convenience of cookies and active content on sites they believe they can trust. As a result, millions of users have cookies disabled for ordinary browsing, but enabled in their Trusted Zone. This data-passing tactic allows Microsoft to take undue advantage of those users (a huge number of them) who have placed MSN.com in their Trusted Zone. The fact that a trusted domain is in the data-sharing "loop" means the GUID will be retained indefinitely via the MSN cookie. Microsoft can reliably track those users on its other enterprises' domains using their MSN GUID. -- Genuine Wisdom is knowing what you are talking about but deciding to keep your mouth shut.
	to forum · permalink · 2001-05-17 17:02:40 ·
Taurus333 join:2001-04-06 Ohio	reply to R2 said by R2: The black hats seem to be able to get around most any thing Microsoft creates, so why can't they spoof a Trusted Site and set an unwanted cookie? Don't know the answer to that but in reality how many trusted sites is one going to have if only placing a site there when a cookie is absolutely neccesary? For me its 3 but I don't shop online but you would assume that the number would be very low for anyone. And as I questioned earlier is the security setting the problem or the zone itself? Being that Trusted Zone has lower security than Internet Zone I could understand why there'd be problems if people simply used it without changing the security level.
	to forum · permalink · 2001-05-17 17:11:55 ·
tup Premium join:2001-01-15 Port Elgin, ON	reply to R2 I just noticed this on my CookieWall. The filter is set so 206 different cookies delete automatically and so far I have 3674 "kills." I have 6 in "Cookies to Keep."
	to forum · permalink · 2001-05-17 18:41:08 ·
R2 R Not Premium,MVM join:2000-09-18 Long Beach, CA kudos:1	reply to OzarkMan$ Oz- makes it sound as if Trusted cannot be eh, trusted?
	to forum · permalink · 2001-05-17 19:57:00 ·
OzarkMan$ join:2000-12-22 Ozark Mtns.	It's hard sometimes to beleive this way....but Trust No One is unfortunately in my volcabulary for the most part R2 -- Genuine Wisdom is knowing what you are talking about but deciding to keep your mouth shut.
	to forum · permalink · 2001-05-17 20:47:54 ·
Fox2 join:2001-02-07 Belgium	reply to Lex Luthor Lex, hi ever tried idcide ? the link is www.idcide.com someone here suggested it o me a while agoo
	to forum · permalink · 2001-05-18 08:15:18 ·
Zhen-Xjell Prolific Bunny Premium,VIP,ExMod 2001-04 join:2000-10-08 Bordentown, NJ	reply to R2 If you take a look at the Wheelert's thread, it seems many are now catching onto the web washer bandwagon. I've been using it, and recommend it highly. It seems to offer many solutions in one package, and there is virtually no maintenance.
	to forum · permalink · 2001-05-18 08:54:47 ·
Lex Luthor Premium,Mod join:2000-09-17 Hicksville, NY kudos:3 Host: OptimumOnline Users find Hot Deals Users find Hot Dea.. Requests for Hot D..	reply to Fox2 said by Fox: Lex, hi ever tried idcide ? the link is www.idcide.com someone here suggested it o me a while agoo Seems as if the version for IE5.5 is beta testing and there was no way to download it. You used it? Know anything about it? Lex
	to forum · permalink · 2001-05-18 10:07:09 ·
wingman8 join:2000-12-05 San Jose, CA	reply to R2 said by R2: ...with CookieWall I can choice to "Temporarily Accept" a cookie from microsoft.com...The cookies are NOT written into my Cookies folder -- instead they are held in limbo until I decide to "Always Accept" or "Always Delete" those cookies. If I reboot my computer, during the reboot process I am asked about each site that I have not decided about yet. This is very cool. Experiment 1: (1) Open CookieWall and remove microsoft.com from kill list (2) Go to www.microsoft.com and temp accept cookie (3) Open cookie folder (C:\Documents and Settings\[user]\Cookies in Win2K) (4) See [user]@microsoft[1].txt (Microsoft cookie) in the list Conclusion: Temporary accept in CookieWall DOES put the cookie in the cookie folder. Experiment 2: (1) Continue from Experiment 1 (2) Close all browser sessions (3) Open cookie folder (4) Microsoft cookie is still there! Conclusion: CookieWall's definition of "temporary" is different than mine. Experiment 3: (1) Continue from Experiment 2 (2) Open CookieWall (3) Move Microsoft cookie from temp (center) to kill (left) (4) Close CookieWall (5) Open cookie folder (6) Microsoft cookie still there Conclusion: Hmmmm Experiment 4: (1) Continue from Experiment 3 (2) Open CookieWall (3) Push button "Delete all new cookies from disk" (4) Close CookieWall (5) Open cookie folder (yes, I'm refreshing it) (6) Microsoft cookie still there Conclusion: Maybe I confused it by moving the cookie from temp to kill in Experiment 3? Experiment 5: (1) Continue from Experiment 4 (2) Manually remove Microsoft cookie from cookie folder (3) Remove Microsoft from CookieWall kill list (4) Go to www.microsoft.com and temp accept cookie (5) Verify Microsoft cookie in cookie folder (6) Open CookieWall and hit "Delete all new cookies from disk" (7) Check cookie folder. Microsoft cookie is gone. Conclusion: - Temporary cookies DO go in cookie folder - Temporary cookies are not removed when you close browser - Temporary cookies are permanent until you open CookieWall and push the "Delete all new cookies from disk" button. - If you move a cookie from temp to kill in CookieWall it will stay on your disk until you remove it manually. [text was edited by author 2001-05-18 11:26:09]
	to forum · permalink · 2001-05-18 10:59:47 ·

Broadband Tech > Security > Security > More Crumbling Cookies