Comments on: Please Do This

By: Bryan

Bryan — Thu, 28 Jun 2007 02:50:54 +0000

I have a couple of programs, Norton and HP stuff, that insist in using IE, even though is is definitely not the default, and that sucker is a magnet for tracking cookies.

If something looks weird, I’ll use IE to verify that it is not a Firefox error, but I avoid it like the plague.

By: Steve Bates

Steve Bates — Thu, 28 Jun 2007 02:20:14 +0000

I have found that once you know the domain name of a tracking cookie offender (e.g., from running Ad-Aware), placing it in the cookie “block” list of Firefox is pretty effective. I’d do the same for IE, but I use IE only for testing sites I develop and for Microsoft’s own sites, and I tend to dump all cookies in IE anyway, as I do not in Firefox. I clear the cache frequently in both browsers. (Firefox has a quirk in caching JavaScript files that makes it difficult to refresh my blogroll, which is kept in a .js file.)

By: Bryan

Bryan — Tue, 26 Jun 2007 18:47:54 +0000

I use multiples, Alice, but Ad-Aware seemed to be the most straight forward, and I’m targeting people who haven’t done anything to button up their machine, some because they don’t know, others because they don’t have the cash.

By: Alice

Alice — Tue, 26 Jun 2007 18:01:22 +0000

In addition to Ad-Aware, when I was on a Windows machine I also used both Spybot Search & Destroy and Spyware Blaster. It may be overkill, but an ounce of paranoia …

By: Bryan

Bryan — Tue, 26 Jun 2007 14:44:06 +0000

The cookie dump is because of two sites I watch for clients which are “cookie monsters.” I complained to no effect that they keep adding a new cookie every time you visit which negates the real purpose of cookies, and there is too much detail in the cookies they use. It had the side effect of preventing a number of problems that Blogger had with reading cookies.

By: Steve Bates

Steve Bates — Tue, 26 Jun 2007 06:56:09 +0000

Bryan, yes, I am a creature of convenience when it comes to cookies for nonsensitive passwords… and I have sole access to my computers. (Stella almost never uses them, and always asks before she does.) I power down this desktop machine when I’m not sitting at it. The a/v runs all the time, and I run a spyware checker not less than once a day. And I never save web passwords on computers for which I am not the sole user… not even Stella’s. For my purposes, that’s enough security, but not too much for convenience. Your habits doubtless were developed under circumstances with much more stringent requirements.

I do wish people would follow your minimal advice in this post. Everyone except the nasties would be better off if they did.

By: Bryan

Bryan — Tue, 26 Jun 2007 05:00:53 +0000

I dump all cookies every time I shut down, but I don’t bother deleting the MRU, because it doesn’t affect me.

I realize that a lot of people don’t think about it, but especially those on cable modems that never shut down may be bots for the DoS attacks.

AVG is okay for most people and it keeps the obvious stuff away. I need something more robust because of some of the things I do on the ‘Net and I don’t have the time to clean the crap out.

By: Steve Bates

Steve Bates — Tue, 26 Jun 2007 04:43:30 +0000

Thanks for reminding me of LavaSoft’s Ad-Aware. I removed it from my previous machine when it repeatedly quit working in mid-scan… likely a side consequence of the gradual HD failure on that computer… and used Spybot Search & Destroy instead. The latter is passable, but IMHO far less effective. I just reinstalled Ad-Aware; it found a lot of things Spybot S&D missed.

One warning: for people like me who do not remove all cookies every session, Ad-Aware tends to make some baldfaced assumptions. E.g., all my email host’s cookies were marked as tracking cookies. New users of Ad-Aware should take a serious look at the first batch of “tracking” cookies Ad-Aware finds, mark those they want to keep, and click Ignore. Do the same for the MRU (most recently used) lists if you don’t want those removed, which I don’t. I understand that this is a matter of circumstance: people who must secure their computers before they leave them should probably choose options different from mine.