Intrusion blocking

[Fraggle Rocker]

Why not just get rid of all cookies, virus and completely secure from future viruses all together?

Because some cookies have a useful purpose. When I see an interesting article on the Washington Post website and I want to share it with several friends, I click on the "E-mail" button and the e-mail composition screen comes with a list of my friends' addresses to select. Without the cookie I have to remember those addresses and type them, or go into my e-mail software and copy one address at a time.

I know this because my office workstation has a cookie blocker and it takes forever to send out a news link. Of course they don't really want us doing a lot of that here so I can't complain.

[mathman]

After using Noscript for several days I have found it a pain in the neck. I have disabled it and will use it only where I think it might be needed. Adblock Plus is much more user friendly.

[steampunk]

It is possible to make a web page completely disable fundamental features because you have blocked it to begin with. Even when you unblock everything after blocking a page, in some rare cases, the page never loads as it was intended. I have had this happen on websites with those extensions, so I don't use them.

I've chosen to go online with each time by creating a new user account that has no history of being on the web. This way, no attacks can be built based on previous sessions, if something slips through. I get the full functionality of the web page this way, because an attack has no persistence when you create a new account every time you access the web. Sites that are ridiculously burdensome, I just don't go there. It's like Android, but better, because Android allows viruses to persist, whereas this method removes that.

[steampunk]

Because some cookies have a useful purpose. When I see an interesting article on the Washington Post website and I want to share it with several friends, I click on the "E-mail" button and the e-mail composition screen comes with a list of my friends' addresses to select. Without the cookie I have to remember those addresses and type them, or go into my e-mail software and copy one address at a time.

I know this because my office workstation has a cookie blocker and it takes forever to send out a news link. Of course they don't really want us doing a lot of that here so I can't complain.

Have you thought about creating a template email with a selected group of friends? Just reopen it and edit it when that particular group of friends is the one you want to send an email too.

Cookies are awesome, but can create a security issue. There are some good solutions to handling things that cookies and other persistent web storage techniques provide.

For passwords, if you let your browser save them, you browser can give them to any website that knows how to ask for them. How? How do you think automatically sign in to a website? It can use a similar mechanism. So, if you save banking passwords, and visit an attacking website, it can trick the password manager into getting your password. There is a program called Keypassx witch allows you to store all your passwords and keeps them encrypted. It's available on all platforms. Instead of keeping all your passwords in a browser which a webpage can sneak them from, why not just keep them safely encrypted in an app that is much harder to break into?

[Stryder]

steampunk,

Properly designed websites will never store passwords in a cookie. Back about 15 years ago they might of, but a lot has changed over the years. The only real thing a cookie has any practical use for nowadays is to attempt to identify a "Session", but that doesn't even have to be done client-side, in fact it's possible for server-side sessions to be created that attempt to identify the client through a number of variables.

The main problem with Advertisement cookies however is they can be used to track your movements if you happen to go to websites that use the same advertising backend. That's what the main concern is about cookies, advertisers building up vast amount of data in regards to what activities you do online, who might use it for target marketing or potentially should they have their systems exploited allow for a rogue-third party to inject you system with viruses or undermine secure connections while attempting to make financial transactions.