If you followed the link from our news page then you already know that recent discussions on the Security Now net cast have revealed renewed usage of cookies for tracking an individual's online activities. For those reaching this page from a different link, you can find these discussions in Episode #119, which dealt with how certain sites are writing link code in such a manner as to provide tracking company cookies with first party status and in Episode #120, which among other topics covered "Flash" cookies. As a computer user condemned to dial up Internet access, web sites that rely heavily on scripting such as "Flash" are generally avoided. It was a bit of a surprise to hear that "Flash" cookies existed and as a result are the first to be covered.
Unlike the cookies we are familiar with, Flash cookies are not removed by familiar cookie removal methods. To access these or any Flash settings it is necessary to use the web based Flash Player Settings Manager. Use the link provided or do a web search and click the listing similar to the one shown here. Although Adobe has acquired Macromedia, they have continued to maintain macromedia.com, which is where the provided link or the web search will take you.
The first page you reach is the Flash Player FAQ styled help page. You will see a list of links in the upper left portion of the page as shown here. Clicking any of these links will open a page that provides access to the Settings Manager. If you are using Firefox with the NoScript add-on be sure to allow macromedia.com and adobe.com because the Settings Manager is not only web based but also uses Flash, which is blocked by NoScript. Once you reach the first page, it might be a good idea to add this site to your "Favorites" in Internet Explorer or "Bookmarks" in Firefox.
The Flash Player Settings Manager is itself a "flash object" and appears on the next page looking very much like an ordinary image. The note below the Settings Manager states pretty much the same thing. The "Global Privacy Settings" tab of the Settings Manager is shown. Of the two choices, "Always Deny" is the safest setting then use the Website Privacy Settings Panel to allow individual sites which you trust. This is reminiscent of the Security Zones of Internet Explorer.
The Global Storage Settings panel allows you to adjust the amount of storage space on your computer that a web site can use. The default is 100 KB as is allowing third-party Flash content storage. As shown in the illustration, the "Allow third-party Flash content..." box has been unchecked. This was done as soon as this option was spotted. After reading the information on web page on which the Global Storage Settings panel is displayed, you will see that this setting is best left unchecked as this is the entry point for Flash cookies.
The Global Security Settings tab provides access to settings that allow the use of older Flash security rules. The default is "Always ask", which may be sufficient for the time being. The most secure setting, of course, is "Always deny" with the use of the bottom section of this panel providing permission to trusted content on your computer.
The Global Notifications Settings panel is where you access Flash update notification functions. By default, it is set to notify you whenever a new version becomes available. Since the bad guys have focused on application vulnerabilities, it would be best to leave the Notify box checked and adjust the frequency for which updates are checked according to your Internet connection type. Users with dial up connections might want to increase the time between checks, while users with a broadband connection might want to check as frequently as possible. Keeping your programs up to date will help eliminate vulnerabilities as they become known.
The Website Privacy Settings panel provides you with a view of Flash content stored on your computer. You can also change the setting for an individual web site with this panel as mentioned earlier. First select the web site you wish to change by single left clicking on it. Then select the setting for this site by single left clicking the radio button next to the level you wish to grant the web site. Here you can also delete the stored sites from your computer either individually or all at one fell swoop.
The Website Storage Settings panel provides the means for adjusting the amount of storage on your computer on an individual site basis. As with the previous panel, web sites can be removed with this panel individually or all at once. Ad sites like the one in the illustration are the most likely culprits for storing Flash cookies on your computer. The first reaction is to delete the site which will definitely remove the Flash cookies. Another method for dealing with the situation is to set the storage space for the offending site to none and retain the site in the visited sites list and adjust all settings for the site to the most stringent. This, in theory, should remove stored cookies and prevent future storage from the site or sites on which you have placed limitations.
To delete a site click on the target site to highlight/select it then click the "Delete Website" button located just above the visited site list box. A confirmation screen appears on which you will want to click the "Confirm" button. As you can see in the illustration this deletes the site from your list and any content from that site stored on your computer.
You may have been thinking that trying to change settings for Flash on the fly could be a hassle. There is a more direct way to access the Flash Player Settings Manager in these situations. Right clicking on any Flash object will give you a context menu as shown here with the Flash Player Settings Manager, which is itself a Flash object. Left click the Settings entry on this menu.
This results in a slightly different version of the Settings Manager that provides access to Website settings. Clicking the "advanced" button, circled in the illustration, opens the Flash Player Settings Manager web pages if you are wanting to access Global settings.
Now that the Flash cookie situation has been covered, less experienced computer users will now need to deal with the old style cookies that accumulate on their computers while surfing the web. Traditionally these were stored in the Cookies sub-folder of the Windows folder. With the arrival of Windows XP this location was changed to Documents and Settings and for each user's sub-folder there is the sub-folder Cookies. With Windows Vista, the path to the cookies folder becomes even more confusing. Complicating things still further, some web sites have begun placing their cookies in the Temporary Internet Files folder. To make a long story short, manually deleting cookies has become a major chore.
Fortunately there are easier ways to deal with Cookies and Temporary Internet Files. As shown here, right click the Internet Explorer entry on your Start Menu then left click the Internet Properties entry on the resulting context menu.
When the Internet Properties screen opens click the delete button under the heading of "Browsing History".
Clicking the top two buttons on the Delete Browsing History window takes care of quite a bit of the junk that accumulates on your computer while web surfing. Sounds like the end of the story doesn't it? Unfortunately, the people that make money keeping track of web surfers also know about these buttons. They also figure out ways to keep their cookies and other files from being deleted by these buttons. That means additional tools similar to the Flash Player Settings Manager need to be added to our arsenals.
CCleaner is just one of the tools you can use in your battle against Cookies and Temporary Internet Files. We became aware of this program when seeing it recommended on several web forums. Being paranoid, web searches were done, looking for "horror stories" involving CCleaner. None were found and being satisfied that it was a legitimate program we tried it out. One does need to be careful as this type of program has rouge versions just as does anti-spyware and anti-virus programs. At any rate, we have had no problem with CCleaner and find that it does its job fairly well and with regular use performs its function quickly. If you would like to try it out you can find it at CCleaner.com In fact we download and install this program on customer computers to help in malware removal. It seems that some malware likes to hide in the Temporary Internet Files folder and can often times be found there inside archived files.
CCleaner is quite easy to install and requires few adjustments once it is up and running. It does come with the option of installing the Yahoo! Toolbar. Having no use for this extra weight, we generally decline this installation by unchecking the box on the install screen. We also choose not to run CCleaner at startup but do recommend adding CCleaner options to the Recycle Bin's context menu. The only other thing we change from the setup defaults is deleting "Old Prefetch data". This setting is found by scrolling toward the bottom of the tabbed text box to the left of the "Analyze" button. Left click the check box next to the "Old Prefetch data" item listed under the "Advanced" heading. The box next to "Advanced" will fill in when you check the Prefetch box. If you check the "Advanced" box first, all the items under this heading will be selected. Deleted Prefetch data is replaced as needed without noticeably affecting your computer. You may notice a great deal of difference with the other items under the Advanced heading checked/selected.
Once you have made settings adjustments, you are ready to run the program. If you would
like to see what files will be removed with the settings you have in place without actually
deleting any of them then single left click the "Analyze" button. The column above the
two buttons will fill with full paths to files that are to be deleted. If satisfied
all that remains to do is single left click the "Run Cleaner" button. If you have been
doing a lot of web surfing and no file cleaning, the first time you use this Cleaner
may take a while. The more cookies and Temporary Internet Files on your hard drive
the longer it takes for CCleaner to run. Once you have your system cleaned up, it will
accomplish its task in a matter of seconds providing you don't wait to long between
cleanings.
CCleaner has other functions as well, however, we have pretty much covered those that
deal with removing cookies. If you didn't deselect the option during installation, CCleaner
will automatically check for newer versions. It is advisable to download and install these
when they become available. This insures the ability to remove junk files when new
techniques have been developed to prevent you from cleaning these files off your computer.
Microsoft, Microsoft Office, Windows, Windows XP and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Other names have been included in the above text that are trademarks of the respective companies.
