[转载]Windows Security Checklist——Are Cookies Really Guid for You?
文章作者:Larry Stevenson, aka Prince_Serendip, CastleCops Staff WriterNo one application nor technique can protect you at 100%, but you can still get pretty close to that. When these guidelines are followed by Windows users, it can bring their chances of being infected by malwares almost to zero. Now we begin our next installment of the Windows Security Checklist, Part 5: Are Cookies Guid for You?
It is not as complicated as it may first appear, although there is a lot of information to absorb. The Security Experts, 1st Responders, Special Response Team members and Host Consultants at CastleCops can help you, if you have questions about any of these techniques.
Are Cookies Really Guid for You?
Cookies have received a lot of bad publicity, but you need cookies if you want to visit websites. And, rightfully so, people want to know how to remove them from their computers. This becomes especially important with the kind of cookies allowed in your browser. It has become a popular practice among adware and spyware developers to use third-party cookies to insert Global Unique IDentifiers onto your computer. GUIDs are mathematically generated, unique hexa-decimal numbers which can be used to track your activities anywhere online. It's the mathematical, computer equivalent of a UPC barcode or RFID tag.
Cookies are not programs placed on your computer to collect data on your computer usage. A cookie cannot read any data from your hard disk, including the data stored in other cookies, but they can be read. With a little clever manipulation, cookies can be cross-referenced between different sites monitored by a single company. By cross-referencing cookies, that include GUIDs and your personal information between linked websites, it is possible to track your online activities in detail.
A cookie is just an ordinary DOS-text file that is a record of specific information about each time you visit a particular website. The record in the cookie can contain any information, especially personal information and passwords. Cookies began in the early days of Netscape (1995), the first universally popular web-browsing software. One of their programmer's realized that the World Wide Web had a remembering problem.
The Web is a connect-and-disconnect type of system. Every time you want a web page, you call it up with your browser, either by typing in the name of the page or clicking on a link. Then, as soon as the browser opens the page for you, it disconnects from the computer that originally held the page.
This frees up the Internet for lots of connections. But it makes your connection to the Internet a lot harder. Because you use separate connections with each web page, the people on the other end cannot really tell that you are the same person viewing the next page as viewed the first page. That makes it more difficult to serve you correct information and to remember where you have been.
Cookies are one way to solve that problem. Without cookies, websites and their servers have no memory. A cookie, like a car key, enables swift passage from one place to the next. Without a cookie, every time you open a new web page, the server where that page is stored will treat you like a totally new visitor.
Session cookies are used by websites to ensure that you are recognised when you move from page to page within one site and that any information you have entered is remembered. For example, if a commercial website did not use session cookies then items placed in a shopping basket would disappear by the time you reach the checkout. You can choose to accept session cookies by changing the settings in your browser. Session cookies are deleted when you logoff from the website or close your browser.
First-party cookies are for particular websites with which you have accounts. With these cookies, you can specify your personal preferences for the features that the websites offer, such as to display the current weather conditions of the city you live in, provide the skin of your choice for the site, the colors you like, etc. Each time you visit that website in the future, it automatically recalls your choices.
Third-party cookies come from a website different from the one you are currently viewing. Third-party websites provide extra content on the website you are on, like a website within a website. These sites may use advertising from third-party websites that may also use cookies. It is common to use this type of cookie to track your webpage use for advertising or other marketing purposes. Third-party cookies can be temporary or persistent.
Advertising networks are companies that use third-party cookies, paying software developers and websites money for allowing their ads to be shown when people use their software or visit their sites. The ads are often in the form of popups or banners, presenting you with some form of advertisement. The problem with these networks is that they place third-party cookies on your computer each time you open an ad served by the particular network. This allows the advertising network to track your movements across the Internet by reading the information contained in the cookies every time you connect to a site that they are on.
Blocking Third-Party Cookies
You can learn how to configure your browser to accept only first-party and session cookies, and to deny all third-party cookies. Follow these steps to block only third-party cookies, for Internet Explorer 6:
1. For Windows 98/Me, click Start, click Settings, and click Control Panel. For Windows XP, click Start and click Control Panel.
2. Double-click the icon labeled 'Internet Options.'
3. Click the 'Privacy tab' and click the button labeled 'Advanced.'
4. Place a check in the box next to 'Override automatic cookie handling.'
5. Select 'Allow' under 'First-party Cookies.'
6. Select 'Block' under 'Third-party Cookies.'
7. Place a check in the box next to 'Always allow session cookies.'
8. Click OK, click OK, and close the Control Panel.
More information is available from Microsoft on Internet Explorer 6 Settings.
Deleting Cookies
You can easily delete any cookies that have been installed in the cookie folder of your browser. For example, if you are using Microsoft Windows Explorer:
1. Open 'Windows Explorer'
2. Click on the 'Search' button on the tool bar
3. Type "cookie" into the search box for 'Folders and Files'
4. Select 'My Computer' in the 'Look In' box
5. Click 'Search Now'
6. Double click on the folders that are found
7. 'Select' any cookie file
8. Hit the 'Delete' button on your keyboard
If you are not using Microsoft Windows Explorer, then you should select 'cookies' in the 'Help' function for information on where to find your cookie folder.
P3P (Privacy Preferences Platform)
Established by the World Wide Web Consortium (W3C), P3P provides Internet users with greater privacy when surfing the internet. W3C is the official web standards body, which essentially attempts to bring law and order to the Internet.
P3P was started to reassure user concerns about the amount of data collected by websites. The idea is that any site gathering information about its users should state why it wants the information, and how long information will be retained for. A user visiting a site with a P3P policy has access to its privacy policies and can decide whether or not to accept cookies or use that site at all.
P3P enables you to control - at the browser level - how websites use information about your visit.
You can actually set privacy preferences in your browser before you begin to surf the internet. As you download web pages a P3P-enabled server (Netscape 7 and Internet Explorer 6 are P3P enabled) will send the content to your browser together with a privacy policy that your browser can automatically read. Before your browser displays the page it will match your privacy preferences with that website - if there is no match, you will be alerted so that you can decide whether to proceed or not. For a more detailed explanation of this ongoing project please click here [url]www.w3.org/P3P[/url]
Merry Christmas and always take care of your security! See you in 2005.
页:
[1]