MVP-HELP for Windows

...where you can have fun AND be secure


Windows Security Checklist, Part 5: Are Cookies Really GUID for You?

Posted on May 29, 2010 at 1:29 PM

by Larry Stevenson, aka Prince_Serendip

First published at CastleCops: December 26, 2004

Revised and updated: May 29, 2010

No one application nor technique can protect you at 100%, but you can still get pretty close to that. When these guidelines are followed by Windows users, it can bring their chances of being infected by malware almost to zero. Now we begin our next installment of the Windows Security Checklist, Part 5: Are Cookies Really GUID for You?

It is not as complicated as it may first appear, although there can be a lot of information to absorb. The Security Experts, Malware Removal Specialists, Hardware Experts and MVPs at SpywareHammer can help you if you have questions about any of these techniques.

Are Cookies Really GUID for You?

Cookies have received a lot of bad publicity, but you need cookies if you want to visit websites. And, rightfully so people want to know how to remove them from their computers. This becomes especially important with the kind of cookies allowed in your browser. It has become a popular practice among adware and spyware developers to use third-party cookies to insert Global Unique IDentifiers (GUID) onto your computer. GUIDs are mathematically generated, unique hexa-decimal numbers which can be used to track your activities anywhere online. It's the mathematical equivalent of a UPC barcode or RFID tag.

Cookies are not executable programs placed on your computer to collect data on your computer usage. They cannot replicate themselves. A cookie cannot read any data from your hard disk, including the data stored in other cookies, but they can be read. With a little clever manipulation, cookies can be cross-referenced between different sites monitored by a single company. Using cross-referenced cookies, that include GUIDs and your personal information between linked websites, it's possible to track your online activities in detail.

A cookie is just an ordinary DOS-text file, stored by your web browser, that is a record of specific information about each time you visit a particular website. The record in the cookie can contain any information, especially personal information and passwords. Cookies began in the early days of Netscape (1994), the first really popular web-browser, invented by Lou Montulli. The people at Netscape discovered that the Internet has amnesia.

Whenever you want a web page, you bring it up with your browser, either by typing in the name of the page or clicking on a link. When the browser opens the page for you, it disconnects from the computer that had the page.

This allows the Internet to have many connections. However, it makes your connections to the Internet a lot harder. Since you use separate connections with each web page, the website you are viewing cannot tell if you are the same person at each page in turn. This makes it harder to provide the proper information and to remember where you were.

Cookies are a way to solve this problem. Without cookies, websites and their servers have no memory. A cookie, like a car key, enables swift passage from one place to the next. Without a cookie, every time you open a new web page, the server where that page is stored will treat you like a totally new visitor.

Session cookies are used by web sites to ensure that you are recognised when you move from page to page within one site, and that any information you have entered is remembered. For example, if a commercial website did not use session cookies then items placed in a shopping basket would disappear by the time you reach the checkout. You can choose to accept session cookies by changing the settings in your browser. Session cookies are deleted when you logoff from the website or close your browser.

First-party cookies are for particular websites with which you have accounts. With these cookies, you can specify your personal preferences for the features that the web sites offer, such as to display the current weather conditions of the city you live in, provide the skin of your choice for the site, the colors you like, etc. Each time you visit that web site in the future, it automatically recalls your choices, using the cookie.

Third-party cookies come from a web site different from the one you are currently viewing. They provide extra content on the web site you are on, like a web site within a web site. These sites may use advertising from other web sites that may also use cookies. Often this type of cookie is used to track your web page use for advertising or marketing purposes. Third-party cookies may be temporary or persistent.

Advertising networks are companies that use third-party cookies, paying software developers and web sites money for allowing their ads to be shown when people use their software or visit their sites. The ads are often in the form of popups or banners, presenting you with some form of advertisement. The problem with these networks is that they place third-party cookies on your computer each time you open an ad served by the particular network. This allows the advertising network to track your movements across the Internet by reading the information contained in the cookies every time you connect to a site that they are on. Any of the most popular web search engines also do this by default. Information in the cookies is recorded on their servers, and the GUID numbers provide identification with time and date specified. It should be noted that cookies don't identify a specific person, but track the user account, computer and web browser. This kind of information can then be provided to law enforcement (for example) to assist an investigation if the user account has been engaging in illegal activites, or sold to another company seeking to use the information for their own purposes.

How to Block ID Tracking by Search Engines

Most major search engines online use tracking cookies, and record your IP address when you use them. The information recorded in their cookies is stored in permanent files on their servers hard drives. If you want your search history recorded for all posterity then by all means keep using them as you have in the past. Alternatives do exist. Two search engines (trusted) that don't use tracking cookies nor keep permanent records of your visits are Scroogle and Startpage.  Click on the links to see what each is about. Each has plugins so they can be added to your browser's search engine selections. Here's the multi-language plugin list on Scroogle for Firefox.

What To Do About Poisonous Cookies

Cookies are far from perfect. Although they are not executable they can be stolen, replaced, redirected, and rewritten for illegal or nefarious purposes. Instructions for blocking Third-Party cookies in Internet Explorer are provided below, and at the links for Firefox and Opera. But just blocking cookies may not be enough. Three freeware applications can provide extra muscle to stop poisonous cookies dead in their tracks. (I use these every day online.)

1. Get the MVPS-Hosts file. A full explanation of what the Hosts file does and how to install it are provided at this site. If you hate ads when you surf, this will get rid of them.

2. SpywareBlaster. Download, install, update and apply the update, and you're done. It's simplicity itself. It protects your browsers, and your computer so that malware cannot be loaded nor even opened. Keep it updated, and you're protected.

3. Spybot - Search & Destroy. Click through according to your language preference. On the next page, click on the symbol beside Spybot Search & Destroy in the upper-right corner to get started. Download and install it. Update it. After receiving the updates, click on the Immunize shield on the main window. Make sure there's a checkmark in the box beside Global Hosts, under the Windows heading down at the bottom. Then click on the green "+" beside Immunize at the top. It will take a minute or two, but when it's done your Hosts file will be augmented with Spybot's protections against bad cookies and nasty web sites.

These three work together to provide comprehensive malware protection online. Spybot Search & Destroy can also scan your hard drive for pernicious threats on demand.

Blocking Third-Party Cookies

You can learn how to configure your browser to accept only first-party and session cookies, and to deny all third-party cookies. Follow these steps to block only third-party cookies, for Internet Explorer 7+:

Click Tools > Internet Options, select the Privacy tab and click the Advanced button. Put a check in the box beside Override automatic cookie handling, then select Allow, Block or Prompt for First Party and Third Party cookies. In this case, Allow First Party and Block Third Party. By putting a check in the box beside Always allow Session cookies, these will be saved on your computer instead of being deleted when you close your browser. You don't have to keep them if you don't want to. Session cookies are used for browsing specific web sites, and using extra content they may have.

Enabling or Disabling Cookies in Firefox 3.6

Cookies for Opera 10.53

P3P (Privacy Preferences Platform)

Established by the World Wide Web Consortium (W3C), P3P provides Internet users with greater privacy when surfing the Internet. W3C is the official web standards body, which essentially attempts to bring law and order to the Internet.

P3P was started to reassure user concerns about the amount of data collected by websites. The idea is that any site gathering information about its users should state why it wants the information, and how long information will be kept. A user visiting a site with a P3P policy has access to its privacy policies and can decide whether or not to accept cookies or use that site at all. That's why you see so many sites that have stated privacy policies and terms of service. You need to read them carefully depending on how you choose to use those sites. For more information.

Here you have the basic nuts and bolts of cookies online, what to keep, what to avoid and how to mitigate against malware attacks through your browsers. It's still important to surf carefully, even with added protection. Malware authors are always trying to screw us over, so do your best to stay safe online.

Best regards and always take care of your security!

This document is provided "AS-IS" without warranty, and confers no rights.


Categories: Security Articles