10 replies to this topic

[Quikfix]

As great as Malwarebytes is, I think that Malwarebytes should have a "scan for tracking cookies" feature as a its own scan. What I mean by this is that there is a "Full, Quick and Flash scan", and it would be nice to add a "Cookie" scan as well. It can scan for tracking cookies and remove them. That way, we won't have to use other programs/addons such as Hitman Pro Ghostery or our main antivirus. Just a suggestion, wanted to see what y'all think.

[exile360]

Cookies aren't malware, that's why we don't remove them. They can easily be removed by clearing your browser's cache or by running a temp file cleaner such as CCleaner.

[Quikfix]

But don't tracking cookies put our privacy at risk, making them PUPs and therefore malware?

[exile360]

Quikfix, on 18 May 2012 - 07:01 PM, said:

But don't tracking cookies put our privacy at risk, making them PUPs and therefore malware?

No, because they aren't software, and malware is a term defined as 'malicious' (mal) 'software' (ware).

Besides that, by the time a user has scanned for and removed tracking cookies (after they're done browsing the web), it's already too late, the cookies have done their job. Cookies are used by websites to track where you have been. For example, if I access my GMail account and then leave GMail and begin browsing the web, and later visit YouTube, YouTube will recognize me thanks to the cookie left behind from logging into GMail.

That's a simplified example obviously, but that's basically how it works. The tracking takes place during the browsing session, so if a user is concerned about the risk of tracking cookies, then they're better off blocking the cookies to begin with instead of removing them after the fact with a scanner when it's already too late. Blocking cookies can be done in most browsers by using their 'private' browsing modes which most modern browsers have.

[DarkSnakeKobra]

Quikfix, on 18 May 2012 - 07:01 PM, said:

But don't tracking cookies put our privacy at risk, making them PUPs and therefore malware?

PUP's are not malware by the way. Stands for Potentially Unwanted Programs. Usually composed of things like torrent programs, toolbars, some poker games and registry scanners as many consider them junk and unnecessary. PUPS don't do anything malicious other then maybe changing your default search engine to some other.

[exile360]

Buttons, on 18 May 2012 - 09:46 PM, said:

PUP's are not malware by the way. Stands for Potentially Unwanted Programs. Usually composed of things like torrent programs, toolbars, some poker games and registry scanners as many consider them junk and unnecessary. PUPS don't do anything malicious other then maybe changing your default search engine to some other.

That's correct, and cookies aren't programs either so the same rule applies.

If we were to detect them, it would indeed warrant them having their own classification, as they are not malware and they are not programs, but again, considering that every browser has the capability of removing (or even blocking) cookies to begin with, it strikes me as a useless function in an anti-malware tool.

[BornSlippy]

This is a good compromise
http://abine.com/dntdetail.php

[exile360]

BornSlippy, on 19 May 2012 - 07:34 AM, said:

This is a good compromise
http://abine.com/dntdetail.php

Exactly, because that solution blocks the cookies/tracking to begin with instead of simply removing them after the fact. If a user wishes to prevent websites from tracking them with cookies, that's the type of solution that actually accomplishes something. Removing tracking cookies with a scanner after the fact is pointless unless you run a scan after visiting each individual webpage you visit on the web (closing your browser in between so that the cookies can actually be removed).

[mountaintree16]

Eh, I remove cookies after each browsing session usually

[nosirrah]

This debate came up when we first started this project and the consensus was as follows:

• The vast majority of people that we asked did not want cookies detected.
  
• Cookies are not malware as 'ware' implies a program and cookies small bits of data.
  
• There were already plenty of ways to control cookies both in existing freeware and within windows itself.
  
• Listing cookies as malicious was potentially unethical as it would nearly always generate detections even on a completely clean system.

I have never seen an argument compelling enough to challenge our original position.

[Quikfix]

Ok
@BornSlippy: Btw, thanks for the link, I'll look into it.