PDA

View Full Version : Is this normal with Spybot or somthing else?



OblivionLord
2006-10-15, 00:04
Ok here is the scenerio....

After a fresh install of XP sp2, you then setup your connection and make sure IE has a blank page. You then open IE and update windows to the latest. Now install SpyBot S&S. Now goto a site called www.Astalavista.com this way it puts a few spyware cookies in the temp folder. You then close IE and clean out the cache so it is empty. Now run Spybot, update it then start the scan.

Here is my issue...

After the scan is complete it shows that I have spyware in the form of cookies even though when i goto the temp folder it is completly empty. How is this possible or is the spyware just running through Ram but, showing itself as a cookie even though its not there?

I have looked at the folder in the cmd.exe and nothing exists and it only goes away when I Fix it using Spybot.

OblivionLord
2006-10-15, 17:55
anyone?

Danny
2006-10-15, 21:08
anyone?
Hi
It's normal.....cookies do go in the same place...you must clean cookies by yourself in IE ......and cookies are not spywares......
http://pix.nofrag.com/a5/61/f00c2da3a73a24a69a268738c17b.jpg (http://pix.nofrag.com/a5/61/f00c2da3a73a24a69a268738c17b.html)
Bye
http://mywebpages.comcast.net/SupportCD/XPMyths.html

Myth - "Cookies are Spyware."

Reality - "Cookies are not Spyware. It's grossly irresponsible for these Anti-Spyware companies to treat cookies like Spyware. REAL Spyware is malicious, machine-hijacking junk that throw pop-ups on your computer, resets your start page, and all sorts of other ugly tricks. A cookie is a text file that has some non-personal information what banner ads have shown on certain sites. That's it. Go ahead and open the cookie on your computer and you'll see it's harmless. Cookies are not Spyware, no matter how hard these Anti-Spyware companies try to make them out to be." - Source - Source 2 - Source 3

Notes - "Certain Cookies can still pose some privacy concerns and if you wish to remove them it will do no harm. The point is when you find many of these after running a standard Anti-Spyware scan you should not get excited that you are infected with malicious Spyware."

OblivionLord
2006-10-16, 15:41
As I stated previously...

"Now goto a site called www.Astalavista.com this way it puts a few spyware cookies in the temp folder. You then close IE and clean out the cache so it is empty. Now run Spybot, update it then start the scan."

What I'm saying here is to clear out the cache, First, making it so you have no cookies in your temp folder and then runing Spybot to scan. Again.. the issue that I am having still stands that 'some' of the cookies are being detected in Spybot even after the cookies has been cleared.

Is this a bug within Spybot or are these "special" cookies somehow stored elsewhere temporarily in the ram or maybe page file perhaps?

captain_gut
2006-10-16, 16:06
Please make sure that the cookies were really removed either by
- manually browsing to your Temporary Internet Files folder or by
- going to Tools --> Internet Options in Internet Explorer. On the General tab please select Settings in the Temporary Internet Files section. On the upcoming screen please click on View Files... in order to see the folder.
The Internet Options also provide an option to remove cookies.

OblivionLord
2006-10-16, 16:09
Ive also stated in my first post that I looked in the folder manualy after I cleaned it in windows using cmd.exe and nothing was in it.

I am only logged in as the Administrator with no other accounts at all. Therefore the location to the default IE temp folder for just an Administrator account is..

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files

Again there was nothing to be found here using CMD.exe after I deleting everything in it first using the Windows interface.

captain_gut
2006-10-16, 16:49
Ive also stated in my first post that I looked in the folder manualy after I cleaned it in windows using cmd.exe and nothing was in it.
well, sorry about that :oops:


cookies are not exclusively stored in Temporary Internet Files:
http://www.canadiancontent.net/tech/computing/erase-internet-history/
(please scroll down to get to the part that deals with XP)

PepiMK
2006-10-16, 16:58
Hmmm looking into that folder is not enough, Spybot-S&D detects cookies by their occurence inside the index.dat file in that folder. I've got a cache viewer for most browser somwhere... try Browser Cache Info (http://www.safer-networking.org/files/browserci.zip), which we wrote as an example of what Spybot-S&D can scan (though it may be a bit outdated, but IE hasn't changed since).

It also detects cookies for all users, not just the current one. Cleaning from inside IE will only clean the current user. Though that's probably not the "problem" here.

Oh, and we call them "Tracking Cookies" since we know they're not spyware, but many people want them removed anyway ;)

OblivionLord
2006-10-16, 17:34
I didnt know that Spybot searched within the Index.dat. Very interesting. Would you know of a program that can clear it out or would this program do what Im asking when I click on Purge all? Or perhaps I should just leave it up to Spybot since it is able to view within the Index.dat and clear it out from there?

bitman
2006-10-18, 03:27
Cleaning cookies is an exercise in futility, because they'll just return the very next time you go to the sites. The point behind cookies is that they track and/or remember things about you during or between browsing sessions. So they've already done their dirty work before you remove them, thus, pointless.

Spybot S&D has the ability to block the 'bad' cookies in it's detections using the 'Bad Download blocker' Browser Helper Object, called SDHelper.dll available with a checkbox on the Immunization screen. This will block these cookies from being written in the future and can be done silently using the associated pull-down on that same page.

Personally, I see no reason for any of this, since as Patrick (PepiMK) has posted before, all current browsers can do this themselves. Here's the article about this on the Spybot S&D web site.
Why do other anti-spyware applications detect so many more tracking cookies? (http://www.safer-networking.org/en/faq/37.html)

Patrick: I'd really like to see Safer-Networking commit to something here, since the tracking cookie situation creates lots of confusion for unknowledgable people. I often reference the link above from the Microsoft Windows Live OneCare forum and Windows Defender newsgroups, since it's the most simple and clear explanation for several major browsers I've seen, from a widely known reputable source.

Presently there are three choices:

Remove after the fact - pointless since most tracking is session based
Use SDHelper BHO - only works for Internet Explorer, limited to cookies in detections
Configure the Browser(s) to block properly themselves - supports all major browsers

I think the best choice is obvious and that supporting the other options simply implies that they are worthwhile, which doesn't really help users. Spybot Search & Destroy is much more valuable for its ability to remove real spyware, so maintaining cookies in the detections is simply a distraction from the much more important work you do.

If you created a detection for the Block 'Third-Party cookies' option in the 'Advanced privacy settings' of Internet Explorer, and included a link to the above in the built-in help, you'd do more to inform users of the best option. If this could also be done for other browsers, it would allow you to concentrate on the more important things, like keeping track of where Opera placed the configuration info for the next version of their browser. :p:

Bitman