Should anti-spyware programs remove cookies?

Should anti-spyware programs remove cookies?

Summary: Spyware expert Ben Edelman has written a great piece on anti-spyware programs and cookies. He tested eleven different anti-spyware programs against cookies from 50 advertising systems and posted detailed results including which anti-spyware programs detected which cookies and which programs detected the most cookies.

TOPICS: Malware

Spyware expert Ben Edelman has written a great piece on anti-spyware programs and cookies. He tested eleven different anti-spyware programs against cookies from 50 advertising systems and posted detailed results including which anti-spyware programs detected which cookies and which programs detected the most cookies. 

At  the extreme ends of the scale, there are a few programs that don't detect cookies at all, including Microsoft's Windows Defender. PC Tools' Spyware Doctor is at the top of the list with the most cookies detected in Edelman's tests.

Why the fuss about cookies anyway? Some people insist that cookies are spyware. Walt Mossberg is one of those people. Advertisers are concerned because they say cookies are essential and necessary for online enterprise and that cookie rejection and deletion is harmful to the advertising industry and affects the bottom line. Some have accused anti-spyware vendors of fear-mongering to increase sales by labeling cookies as spyware. But when one anti-spyware vendor made cookie detection off by default, many users protested loudly.

My opinion is cookies are not spyware. They are simply small text files with no active code. But I do agree that third party cookies can be a privacy concern. I do not use anti-spyware programs to scan for and delete cookies. If the option is available to turn off cookie detection, I turn it off. But I do control cookies and delete the cookies that I see as having no value for me. I've tried several cookie management apps, and found WinPatrol to be the most convenient for my purposes.

I'd like to know readers' thoughts on cookies. Do you think cookies are spyware? Do you delete cookies, and if so, how do you manage them? Why do you delete them? If not, why not? Do you think anti-spyware programs should detect and remove cookies by default, or should it be optional, or not even part of the program? 

Topic: Malware

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Do we ever get asked?

    I can understand your point of view about cookies. My reason for not accepting cookies and deleting them, except the ones I want (say, to keep me logged into webmail, forums, etc) is that I never get asked if its ok to store a cookie. Or any policy explanation to what the cookie is doing. Perhaps if comapnies started to this, I might consider letting them store their cookies. Until this point, they can hardly complain if people want them removed.
  • Cookies

    It's my computer. So, just like snail mail, when on the way back to the house I make this side trip to the trash bin and toss the 3rd class mail and magazine inserts, I remove all cookies and cache each time I close my browser. If something is missed I run a spyware program that deletes the missed items each time I boot up my computer. You'll find no sympathy with me for advertiser who try to post their signs on my private property.
  • Private Property

    I'm not sure what cloud any of the cookie dropper/justifiers live in... that computer is my private property and just cause I visit their site doesn't mean I authorize them to sit/squat anywhere on my computer in ANY shape or form. Where's their right?

    Sorry I empty 'em after each session and run various cleaners beyond that. It's my private property and it should be my right (full control / toll gate) to decide when and how anything goes on that.

    The internet is interesting... in that as soon as you open your computer (DSL whatever or as soon as you dial in) here come all these friends through the backdoor saying hi how are you doing... worse yet... they don't speak and just suddenly they appear sitting on your couch in the living room.
  • Cookies

    I agree with your thoughts that they are just simple little pieces of text.I tend to let them stay but then I run several other protection programs for the more serious protection. This way I get the easy and simple re-logins (like to this forum) and auto fill options. It's a balancing act. If some people want to go to one extreme or the other, then it's a personal choice. If I find that a spyware program is attempting to install cookies, then they have stepped over the line and I will remove them.
    • Which cookies, from who?

      I agree with your comments about easy logins, and other advantages like a site "remembering" what you've looked at last visit or might be interested in during your next visit.

      My problem is not being able to tell which site installed which cookie. For example, Webroot Spy Sweeper allows me to specify which cookies to ignore and which ones to always delete - but I can seldom ID the "desirable" ones.

      Does anyone know of an easy way to determine this?
  • Not Losing Sleep Over Them

    If a scan in Ad-Aware or SpyBot detects cookies, I'll go ahead and delete them along with whatever other trashware the programs find, if any. If the scan finds nothing [b]but[/b] cookies, I consider that to be equivalent to a clean scan ... but I'll still have the program delete the cookies.

    In general, I don't think it's worth the trouble to go on a cookie "search & destroy" mission, or to use a program whose sole [i]raison d'?tre[/i] is cookie management/deletion. The only time I go out of my way to delete cookies is if I'm working on a machine that has a serious, active malware infection and I'm making sure I cover all the bases.

    I'm sure there are plenty who would disagree with me, but I'm not putting down anyone who [b]does[/b] choose to be more vigilant about cookies on their machine. I'm just offering my $.02 worth, based on my experience, on what's worth sweating and what's not. And IMO cookies, for the most part, fall into the "not" category.
    • And Regarding the Question at Hand ...

      My apologies; I forgot to speak to the question at hand here.

      Anti-spyware programs should neither completely ignore cookies, nor automatically delete them. Rather, they should detect cookies [b]and[/b] give the user the option to delete them or leave them alone. Information + choice = empowered user, which is abolutely, positively, how it should be.

      It's your computer; therefore, you have the right to know what's on it [b]and[/b] the authority to decide what you want done about it!
  • interesting comments

    Thanks for the comments. I see some strong views about cookies intruding on your private property and I can understand that completely. There are some cookie management apps that will prompt for each cookie attempted to be put down. I used to use CookieWall by AnalogX and I remember one website attempted to put 15 or 16 cookies before I got disgusted and left the site. But I got tired of the constant cookie prompts after a while.

    One feature of WinPatol that I like is it's easy to view the contents of the cookie file, though some don't make much sense. Most of the time you can identiy the site that the cookie came from at least. Every few days I check the cookies in WinPatrol and check the ones I want to keep and delete the rest. It's easy and convient for me. WinPatrol is free, although there is a paid Pro version, and I don't work for them, in case anyone wondered.
  • Cookies are part of a mechanism...

    ... by which websites provide people with the services they want. I save a number of cookies, each of which I know by source.

    There are also cookies used for malicious purposes, but that's a different issue.

    I don't think there's any reason to use a special product. Most junk file disposers will clean out the cookies, leaving the ones specified. Takes only time to manage.

    XP, by the way, does have cookie m,anagement features. Try turning cookies off and see how many sites complain.
    Anton Philidor
  • I look at it like this...

    Who cares about "advertisers" complaining about cookies being deleted. It's my choice because it's my computer.

    I'm glad anti-spyware applications pick them up, although realistically people should be clearing out their cookies on a regular basis. Especially when visiting banking sites or what have you.

    Personally, anything that allows for a company to track my movements without my consent is spying on me. Plain and simple.

    Would these whiners say the same thing if I put things on their computers to track their browsing habits? Would they not say the same thing "Invasion of Privacy".
  • Should anti-spyware programs remove cookies?

    No. I have Enhanced Cookie Manager extension in Firefox with which I may protect cookies that I need and want. The others that I don't want are not protected. I do want to decide. I also set my browsers to prompt me for cookies, so that I may decide. That is enough.
  • Cookies....what about Flash Cookies, AKA Local Shared Objects?

    I find LSOs to be more of a security threat than browser why aren't more anti-spyware companies targeting those?

    As far as normal browser cookies are concerned, unless it is from the originating site, and is not an ad-counter or some other stupid nonsense, I kill the cookie. Anything that stinks of tracking me across sites via cookies, scripts etc is annoying.

    For Firefox users: Cookie Culler, NoScript, Adblock Plus and NoFlash seem to work the best.

    For IE users...well, you are kind of out of luck.
  • Yawn

    Some interesting perspectives. I tend to the "not a big deal" perspective, partially I admit, because I'm lazy and can't be bothered checking out each cookie.

    The thing is that many cookies do assist the browsing "experience", i.e. they assist in reducing keystrokes etc. in subsequent visits. Yes they can be used to track my browsing habits but I lean to the convenience factor 'cause that's more important than the risk of someone tracking my behaviour (as if anyone should care).
  • RE: Should anti-spyware programs remove cookies?
  • RE: Should anti-spyware programs remove cookies?

    Yes definitely.
    Programs such as <a href="">SecuredPrivacy</a> that remove cookies and other sensitive data on a computer prevent identity theft!
    andy sacks