Welcome to the Computer Security Wiki! You can help us by expanding stubs, create new articles and improve current articles.
You can also help us by logging-in or creating an account!

Cookie

From Malware Wiki
Jump to: navigation, search

To see the DOS virus, see Cookie (Virus).

Nomalware.png This page is not malware, despite having an article on the Wiki.


File:Internet cookie.jpg
The food Cookies and Computers are often combined to resemble Internet Cookies

Cookies are pieces of information generated by a Web server, sent to a Web client (usually a web browser) and stored in the user's computer, ready for future access. Cookies are embedded in the HTML information flowing back and forth between the user's computer and the servers. Cookies were implemented to allow user-side customization of Web information. For example, cookies are used to personalize Web search engines, to allow users to participate in World Wide Web (WWW)-wide contests, and to store shopping lists of items a user has selected while browsing through a virtual shopping mall.

Details

Essentially, cookies make use of user-specific information transmitted by the Web server onto the user's computer so that the information might be available for later access by itself or other servers. In most cases, not only does the storage of personal information into a cookie go unnoticed, so does access to it. Web servers automatically gain access to relevant cookies whenever the user establishes a connection to them, usually in the form of Web requests.

Process

Cookies are based on a two-stage process:

First, the cookie is stored in the user's computer without their consent or knowledge. For example, with customizable Web search engines like My Yahoo!, the user selects categories of interest from the Web page. The Web server then creates a specific cookie, which is essentially a tagged string of text containing the user's preferences, and it transmits this cookie to the user's computer. The user's Web browser, if cookie-savvy, receives the cookie and stores it in a special file called a cookie list. This happens without any notification or user consent. As a result, personal information (in this case the user's category preferences) is formatted by the Web server, transmitted, and saved by the user's computer.

During the second stage, the cookie is clandestinely and automatically transferred from the user's machine to a Web server. Whenever a user directs her Web browser to display a certain Web page from the server, the browser will, without the user's knowledge, transmit the cookie containing personal information to the Web server.

Cookies are also subject to a number of misconceptions, mostly based on the erroneous notion that they are computer programs that run on the browsing computer. In fact, cookies are simple pieces of data that affect the operation of a web server, not the client, and do so in very specific ways. In particular, they are neither spyware nor viruses, although cookies from certain sites are described as spyware by many anti-spyware products because they allow users to be tracked when they visit various sites.

Orphan Cookies

Orphan cookies are cookie files in the user's Temporary Internet Files and do not belong to any particular browser index file, they may also appear in listings of the index file that aren't an associated cookie. These types of cookies are considerably harmless and only take up space. Most PC optimizers will clean these files.

Awareness

Cookies are on almost every site, from Google to this wiki, but most people ignore them. Some users that are aware may overreact about them, thinking every cookie is a tracker. Trackers are the main culprit if they are hacked, however. That means it is actually essential to be aware of hackers, something most people are. Ridding the trackers is a good way to prevent any private or sensitive data exposure.

References

This article is missing a source for the first half. Orphan Cookie: https://www.symantec.com/security-center/writeup/2006-080217-3524-99