An excellent post from Jason Dunn at Digital Media Thoughts today:
I’ve had two emails in the past week from Pocket PC Thoughts asking why we’re distributing “spyware” onto their computers. We’re not – it’s that simple. What people are seeing is over-protective anti-spyware software treating normal cookies like spyware….
In this case, Avenue A (one of the third-party advertisers that serves up banners when we don’t have our own paying ad) is doing nothing more than dropping a cookie on your machine. The cookie is like every other advertising cookie from DoubleClick and other large advertising agencies: it tracks what ads you’ve seen so it doesn’t show you the same ad more than “X” times.
It’s grossly irresponsible for these anti-spyware companies to treat cookies like spyware. REAL spyware is malicious, machine-hijacking junk that throw pop-ups on your computer, resets your start page, and all sorts of other ugly tricks. A cookie is a text file that has some non-personal information what banner ads have shown on certain sites. That’s it.
Go ahead and open the cookie on your computer and you’ll see it’s harmless. Cookies are not spyware, no matter how hard these anti-spyware companies try to make them out to be. You have to realize that these guys are trying to sell their software too, and if they start blocking cookies as well, they give the perception that they’re “protecting” you even more often. They have an agenda too – think about it.
Yes, indeed. Makers of security software have a vested interest in making sure you are afraid, very afraid. They want you to believe that the online world is dangerous and that without their software you are in danger of being mugged (virtually, anyway) every time you open your browser.
This idea is, to put it bluntly, just so much crap. I spend a frightful amount of time online. I look at all sorts of sites, some of them quite disreputable, when I’m researching security-related topics. And yet I’ve never had one of these evildoers plant a piece of so-called spyware on my computer. Why? Because:
- I am conscientious about installing security patches. Any exploit that relies on OS and browser vulnerabilities is unlikely to affect you if you do likewise.
- I do not install untrusted software, including ActiveX controls and browser add-ins, and I do a lot of due diligence before I decide to install a program even when it comes from a trusted source.
- I am alert to the danger signs of possible problems with rogue software – sudden, unexplained deterioration in performance, mysterious pop-ups, crashes – and I work on solving those problems the instant they appear.
Did you notice that I didn’t mention cookies at all? I don’t spend a lot of time worrying about them. Yes, I block third-party cookies, and yes, I have my browsers set to alert me when a site wants to install a new cookie. But most of the time I say yes. Because cookies are not a serious problem. If anyone would care to point to evidence where someone has had their privacy or security attacked in a serious way as the result of a cookie, I’m interested in hearing about it. I watch this stuff for a living, and I’ve never seen anything that fits in that category.
I wish that the makers of anti-spyware programs would stop obsessing about cookies. All they’re doing is distracting us from the real threats.
Ed Bott 
You have a vested interest in this argument and it colors your opinion. This is a tracking cookie and I think it is right for AdAware and Spybot S&D to point that out.
I realize that this is a free newsletter and that your time is not free and you have a right to earn income when and where you can. However, I have a right to delete this junk from my computer.
Well, where to begin?
First of all, I don’t have a vested interest in anything. I don’t use tracking cookies, and I don’t have a newsletter. So it’s hard to tell what you’re talking about. I was quoting a post from Jason Dunn. Perhaps he’s the one you mean to yell at?
His point, and mine, is that tracking cookies are not spyware. You may have a legitimate reason to keep them off your system, and that is your right. But for anti-spyware programs to identify them as spyware, on the same screen with programs that hijack computers, is pure BS.
Btw, it’s much easier to have a dialog with someone if they leave a name and some way to contact them.
Ed:
I found this comment about cookies to be very helpful. Also, congratulations on your new book, which I have already read about halfway through. 🙂
This is slightly off topic, but I would love to get your thoughts on so-called “performance software” generally, such as utility suites (e.g. Systemworks, SystemSuite, System Mechanic, and the like), defraggers (such as Diskeeper and PerfectDisk), memory managers (e.g. Memokit, Cacheman), etc. — especially on Windows XP SP2. Ditto for “Internet Security” suites” and third party firewalls. My opinion on all of this is that with the possible exception of defraggers and a good stand-alone anti-virus program, less is more and native Windows XP (especially after SP2) is more than good enough for most users (even better for experienced users who know what not to download from the Internet). Do you agree? TIA
I bet the spyware alerts stem from the dark days when DoubleClick bought Abacus and announced plans for a system to track users across the Web. That having been said, we probably get several e-mails a month from people convinced that we are attempting to do all sorts of evil things to their computers because their Ad-Aware or whatever reports our cookies (in our case from, yes, DoubleClick) as things demanding immediate, urgent removal.
How does one sign up to get on a mailing list for
Ed Bott’s Windows expertise?
Bpresti, look in the column on the right for the e-mail updates box.