Tracking cookies

[Rappaping]

Does Avast! detect traking cookies? if no, why not?

[DavidR]

No

Because it doesn't bother looking for them.

It is a waste of time:
- The main issue with cookies are third party cookies, those that aren't for a site that you are viewing, they can track your browser usage and activity for that site other site (shopping, etc.). Depending on your browser (?) you should be able to block third party cookies, you can also set your browser to clear your cookies when you close it.

Since I use Firefox 6.x, I also have the cookie monster add-on and by default that only allows session cookies; they are only valid for the time you have your browser is running. The cookie monster add-on also allows you to accept cookies (normal time limited ones) for a site, like forum.avast.com as cookies are used so you don't have to logon all the time, etc.

All of the above helps remove the need for you to manually manage cookies.

Also see, See http://en.wikipedia.org/wiki/HTTP_cookie

[Rappaping]

Ok, my question is:
can cookies implement a sort of malware that can harm my computer or spy my personal data like credit card numbers etc? If yes, can avast detect this malicious cookies?

[Pondus]

can cookies implement a sort of malware that can harm my computer or spy my personal data like credit card numbers etc

did you not read what David said ?.....and the link he posted

cookies are not malware....Cookies are simply text files stored on your hard drive and cannot themselves harm your computer in any way.

Cookies can be used to track your movement on the Internet ONLY if a site is aware of the cookies and is designed to use the specific cookies.
Because of their use in tracking, many feel that this constitutes spyware.

If yes, can avast detect this malicious cookies?

avast does not scan for cookies...

you can empty the cookie folder with a program like CCleaner or ATF-cleaner

[SHARKY7SHARKY]

Even Santa Clause needs cookies.
When I’m Banking or buying on line with IE I use in private Browsing under safety, every little helps,
I would be more worried about Antivirus & firewall set up then the Cookie Monster.
If you have a good set up & a clean computer use a dedicated server it helps to stay safe.

[Rappaping]

http://my.safaribooksonline.com/book/networking/security/9780596514839/automating-with-libwwwperl/sending_malicious_cookie_values#X2ludGVybmFsX0ZsYXNoUmVhZGVyP3htbGlkPTk3ODA1OTY1MTQ4MzkvMTY1

[Pondus]

What are Malicious Cookies?

Cookies normally do not compromise security, but there is a growing trend of malicious cookies. These types of cookies can be used to store and track your activity online. Cookies that watch your online activity are called malicious or tracking cookies. These are the bad cookies to watch for, because they track you and your surfing habits, over time, to build a profile of your interests. Once that profile contains enough information there is a good chance that your information can be sold to an advertising company who then uses this profile information to target you with interest specific adverts. Many antivirus programs today will flag suspicious spyware or adware cookies when scanning your system for viruses.

http://www.webopedia.com/DidYouKnow/Internet/2007/all_about_cookies.asp

How can a cookie threaten a computer?
A cookie itself cannot harm the computer, as it does not and cannot hold code (therefore the cookie cannot perform an action itself). However, the cookie can support (help) malicious actions to be taken on the respective system. Even more, being a plain text file, they are vulnerable, meaning that they can be “harvested” by other applications.

Why is it necessary to scan cookies?
As already mentioned the cookies themselves cannot harm the computer. However they can contain certain information to lead a possible attacker to the respective computer. For example: we will consider that an attacker releases a Trojan in the wild in order to gain control over several computers. This Trojan’s payload contains in dropping a Backdoor (to open a port), changing the homepage of the browser and placing a “malicious” cookie in the browser’s cookie area. When the unsuspecting user launches the browser, then it automatically connects to the new homepage (namely the attacker’s website). Once this is done, the malicious cookie is being read and the attacker becomes aware of the fact that the computer is infected. By knowing this, it becomes a piece of cake to take over the computer using some exploits or the open port.
Let’s say that the user becomes aware of the infection and manages to remove the Trojan and the Backdoor from the computer. However, if the cookie remains on the computer, it can supply information again to the attacker if the user “manages” to access the untrusted web page again. The computer is therefore exposed once again to a possible attack.
As explained in the above scenario, the cookie is used to provide information about a computer but it is not responsible with the attack itself.

http://www.bitdefender.com/support/What-are-Cookie-threats-1.html

[Rappaping]

Opening a web site, a cookie can also let the opened site to execute some malicious script or download some bad file (as described in the doc whose url I've previously posted) that can harm your system if you are not very well-protected by your antivirus, so cookies not only make the attacker aware of the fact that the computer is infected, because the cookie itself could be THE FIRST step (piece of software) that set inside your system can LEAD to a cross-site infection (so malicious cookies have not only information function).

Ok, cookies have only INDIRECT malicious (often POWERFUL) abilities, but to detect cookies with bad code, could be a further useful (and that doesn't take any additional pc resources as the cookies are very small plain text files) barrier for malware infection, as not always, antiviruses, are able to detect malware, especially very new malicious software.

However, my interest was to know if Avast can detect cookies and if they can DIRECTLY harm my pc: you answered me and I'm glad, so thanks a lot.
About other written information I'm also glad talking about them, but don't be hangry with me because this is not a school, noone is a teacher and I just want to find best ways to fight malware and to speak about and take ahead my great passion for internet security.
Thank you all.

[SHARKY7SHARKY]

IE blocks third party cookies that have no privacy policy
& blocks cookies that save information & so on.
You can set this to be more robust but many sites need cookies.

[Rappaping]

Is there any FREE program that can detect tracking cookies in real-time? (like SuperAntiSpywarePro, that's good but not free). I used Spyeare Terminator, but it's too heavy.