270    Chapter 5 • Communication Security: Web Based Services

             site’s designer wanted or needed your computer to retain while you visit the site.As
             you use the site, the Web pages can recall the information stored in the cookie on
             your computer, so that it doesn’t have to ask for the same information over and
             over.There are two basic types of cookies:

                  ■   Temporary or session, which are cookies that are created to store infor-
                      mation on a temporary basis, such as when you do online shopping and
                      store items in a shopping cart.When you visit the Web site and perform
                      actions (like adding items to a shopping cart) the information is saved in
                      the cookie, but these are removed from your computer when you shut
                      down your Web browser.
                  ■   Persistent, which are cookies that are created to store information on a
                      long-term basis.They are often used on Web sites that have an option for
                      users to save login information, so the person doesn’t have to login each
                      time they visit, or to save other settings like the language you want con-
                      tent to be displayed in, your first and last name, or other information.
                      Because they are designed to store the information long-term, they will
                      remain on your computer for a specified time (which could be days,
                      months, or years) or until you delete them.
                 Generally these types of cookies are innocuous, and are simply used to make
             the Web site more personalized or easier to use.A more insidious type of cookie is
             the ones often created by banner ads and pop-ups. Tracking cookies are used to retain
             information on other sites you visit, and are generally used for marketing purposes.
             The cookie is placed on your computer by a Web site you visit or by a third-party
             site that appears in a pop-up or has a banner advertisement on the site. Because the
             cookie can now be used to monitor your activity on the Internet, the third party
             essentially has the ability to spy on your browsing habits.


                Removing Tracking Cookies
           Damage & Defense…  listing of them using programs like Windows Explorer, it’s wise to use spy-
                Since tracking cookies look identical to regular cookies when you view a

                ware removal tools to identify and quarantine them. Programs like
                Lavasoft’s Ad-aware www.lavasoftusa.com/software/adaware/ have the
                ability to identify which cookies on a machine are used for tracking
                Internet activity, and which are used for other purposes such as those that
                enhance a person’s experience on a Web site. By running this program on
                a regular basis, you will be able to remove any tracking cookies that
                you’ve picked up on your travels on the Web.



          www.syngress.com