AVG found webtrends tracking cookie - False Positive?

Discussion in 'ewido anti-spyware forum' started by dcdc, Mar 16, 2007.

Thread Status:
Not open for further replies.
  1. dcdc

    dcdc Registered Member

    Joined:
    Nov 22, 2004
    Posts:
    195
    Location:
    Boston area
    I just downloaded a fresh copy of AVG with the latest updates and did a full scan. Of the two tracking cookies found (one being msn), the one that might be a false positive was identified as webtrends at
    c:\Documents and Settings\LocalService\Cookies\system@m.webtrends[1].txt.

    The problem is that I cannot find this folder \LocalService\ at all. I looked for it via Start>Explore and it wasn't there, and I did a search for "LocalService" on drive c: and came up empty.

    I thought maybe this was a hidden folder, but I checked under Folder Options in My Computer and found the "Show hidden files and folders" was checked, so that seemed OK.

    I have a system that is well protected and I rarely get so much as a false positive, and I suspect this may be one, but it's strange to find a FP supposedly in a folder that I cannot find. If AVG were a "rogue" AS application then I would suspect a deliberate FP, but AVG is reputable and generally well regarded I believe.

    By the way, I have been using AVG(ewido) as an on-demand scanner only for some time, and my system has always come up clean in full scans with AVG, and with everything else too. I only did an uninstall and new install because for a couple of weeks I was unable to get any updates. I kept getting an error message that the update server was not available, so I tried a new download.

    Any thoughts from those more familiar with AVG?
     
  2. calcu007

    calcu007 Registered Member

    Joined:
    Oct 10, 2006
    Posts:
    18
    Why you worry about a cookie? A cookie is not dangerous for your system. Search for the folder Cookies, not for LocalService.
     
  3. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    The 'Local Service' folder is there right enough, however it is a system folder so it is not sufficient to simply to unhide hidden folders - you must also uncheck the box for 'hide protected system operating files'.

    To reveal the folder in a 'search' you would need to configure the 'more advanced options' section to show hidden folders.
     
  4. dcdc

    dcdc Registered Member

    Joined:
    Nov 22, 2004
    Posts:
    195
    Location:
    Boston area
    Some cookies are useful, even essential on certain sites. Tracking cookies are not, in my opinion; they are associated with adware. Tracking cookies are installed without my consent. I consider them a violation of my privacy and I don't want them on my machine.

    You can find a very lengthy discussion of cookies here: http://en.wikipedia.org/wiki/HTTP_cookie .

    Most browsers including IE provide users the option of handling cookies in some way. Additionally, most AS applications with which I am familiar incorporate cookies in their scan and detection options. My Spy Sweeper logs show that it has automatically removed quite a few tracking cookies that I have picked up in the course of routine web surfing. Unfortunately it missed this one.

    As for the Cookies folder, that 'standard' one is visible and did not contain the cookie in question. I'll have more on this in a separate post, but let me make one additional point here. If the webtrends cookie is so legitimate and harmless, why did they stash it in a hidden system folder that I knew nothing about and where it was virtually undetectable, when normally it would have gone in the regular Cookies folder? Clearly they were trying to hide it from detection. Is that something a reputable company would do?
     
  5. dcdc

    dcdc Registered Member

    Joined:
    Nov 22, 2004
    Posts:
    195
    Location:
    Boston area
    Thanks for this invaluable tip, TopperID.

    Sure enough, there was the webtrends cookie, hidden in a system folder and safe from all scans, save one. I find its presence there alone very suspicious.

    So I am going to say at this point that the AVG detection is not a false positive, and kudos to them for being able to detect it.

    I plan to leave the cookie there for the time being, and as time allows perform some scans with other antispyware applications to see if any of them detect this particular item.
     
  6. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    Out of interest, I suppose you could always copy and paste the cookie in question into the 'regular' cookie folder and see if any other scans pick it up while it is in that location. It might not make a difference, but perhaps some scanners are not looking at the Local Service folder? o_O
     
  7. calcu007

    calcu007 Registered Member

    Joined:
    Oct 10, 2006
    Posts:
    18
    As appears in the wikipedia information: "In fact, cookies are simple pieces of data unable to perform any operation by themselves. In particular, they are neither spyware nor viruses, despite the detection of cookies from certain sites by many anti-spyware products." They don't steal information or harm your system.
     
  8. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,721
    Location:
    Texas
  9. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Hi dcdc, why bother for all this? Why don,t u control all cookies at browser level. Any scanner will never find a cookie on ur system in that case.
     
  10. Biscuit

    Biscuit Registered Member

    Joined:
    May 26, 2006
    Posts:
    978
    Location:
    Isle of Man
    I'm with dcdc on this one.

    Tracking cookies are a method by which advertisers place a cookie on your computer without your consent or knowledge with the sole intention of tracking your browsing. That's spyware to me!

    It's also why just about every anti-spyware software (except the useless Defender) will detect tracking cookies.

    My recommendation for full (& free) tracking cookie protection is to use Firefox with the CookieSafe extension.
     
  11. dcdc

    dcdc Registered Member

    Joined:
    Nov 22, 2004
    Posts:
    195
    Location:
    Boston area
    I don't know if some scanners are looking at this particular folder or not, but I have just completed full scans with the following AS applications, none of which detected the item in question (all are the current versions with up-to-date definitions):

    Windows Defender
    Spy Sweeper
    Norton Internet Security 2006, which includes AS
    Spyware Doctor
    Spybot
    Ad-Aware SE
    a-squared
    Super AntiSpyware

    I may send the cookie off to at least one of them for analysis.
     
  12. dcdc

    dcdc Registered Member

    Joined:
    Nov 22, 2004
    Posts:
    195
    Location:
    Boston area
    I have Windows XP SP2 and IE6 with MSN Premium. You can adjust your privacy as far as cookies go as follows (for those who may be unfamiliar with this):

    Start>Control Panel>Internet Options>Privacy tab. (I think there are other ways to get to this as well.)

    You will find a slider there that you can use to set what type of cookies you will accept.

    The problem with this is that sometimes a site will not work properly if you reject the cookie. That's the rub. So you have to go back and adjust the privacy level.
     
    Last edited: Mar 18, 2007
  13. dcdc

    dcdc Registered Member

    Joined:
    Nov 22, 2004
    Posts:
    195
    Location:
    Boston area
    I guess that's sound advice. A lot of people prefer Firefox over IE for any number of reasons including security, but for me there's just too much of a learning curve on something like a new browser, and as I understand it some sites do not work well with Firefox for some reason.
     
  14. Biscuit

    Biscuit Registered Member

    Joined:
    May 26, 2006
    Posts:
    978
    Location:
    Isle of Man
    Firefox is a lot less of a learning curve than from IE6 to IE7 IMHO.

    A further useful extension is NoScript which allows you to selectively turn on Javascript for sites that you trust.

    I can also recommend the Adblock Plus extension, I can't remember when I last saw an ad on a website!

    The sites that do not work correctly are often written to use ActiveX. This is a very insecure method, but for those sites, you can use IE7 or the IETab within Firefox.

    You may like to try Firefox, it doesn't uninstall IE, you can even use both browsers at the same time.
     
    Last edited: Mar 19, 2007
  15. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    FF or Opera will let u manage cookies on site basis.
    Not sure about IE 7.
     
Thread Status:
Not open for further replies.