Mozilla Firefox Deny Cookies vs. SpywareBlaster FF Protection

How does the Firefox protection in SpywareBlaster have any advantage with Mozilla Firefox set to deny third party cookies ?...

 

Hi Squash ,

Here, have a look through this search page, it links to some earlier threads that may have previously addressed
your question .

GF

 

Link does not work

 

Oop's ! Sorry.

GF

 

Links still don't work... aw well, forget about it... (the question i asked in this post)

 

squash,

I'm sorry I don't have the answer for you, and didn't realize search links become broken.
Try some of these links for until someone answers your question direct, OK.

http://texturizer.net/firefox/cookies.html

http://www.bleepingcomputer.com/forums/index.php?showtutorial=49

http://www.spywareinfoforum.com/index.php?showtopic=19342&view=old

http://forum.aumha.org/viewtopic.php?p=37570

These are not broken!


GF

 

squash,

AFAIK, the idea is that if you are somehow redirected or lured to the "evil" sites, then it would no longer be a third party cookie. But because SWB added the "evil" sites to the cookie exception list (blocking them anyway), it protects you from the spyware cookies.

 

Whats the difference between the only accept cookies from orginating site and the blacklist that spyware blaster has... what does spywareblaster protection for firefox does that, the option does not do ?

 

Let me put it another way.

Using FF only accept cookies from orginating site.
You visit a site. You are redirected (via javascript or one of several other methods) to a malicious website. Or you click a link that leads you to the malicious website. Either way you end up at the malicious website. The malicious website is now able to place the spyware cookie because it is from the originating site.

Now with the SWB "blacklist" cookie exception list.
Even if you have FF accept cookies normally (I would still only accept cookies from orginating site even with SWB). You arrive (via whatever method) at a malicious website. The malicious website is NOT able to place the spyware cookie because the malicious website is blocked in the cookie exclusion list.

Sure, you could add all those sites manually to FF and do the same thing. But SWB has a convenient update and it doesn't take any memory resources.

 

But the third party cookies are loaded from the ad server and not the server that a person is visiting...

 

Thanks for the walk in Devinco, and the explanations.

GF

 

Normally, you visit a regular website with advertisers that try to drop a third party cookie. If that is the case, then the Firefox only accept cookies from orginating site (shown in Tools/Options/Privacy/Cookies/for the originating website only) would be sufficient.

You asked:

The answer to that is in post #9. Companies that drop spyware cookies have already shown a lack of moral fortitude. What is to stop them from taking another step down on the moral ladder if all it takes to get their spyware cookie in place is a little malicious redirection? SpywareBlaster, that's who!

Of course, you could set FF to ask for each cookie. But every site will ask, so I set it to accept for current session only.

Hope this helps.

P.S. Thanks GF

 

Then SpywareBlaster wouldn't really need a must-need because if i set firefox to accept only from originating site and clear cookies regularly and before i go to sites that require me to input personal info like passwords etc... i would be fine...

 

So you have never gotten kookies, except when you put in a name and password? You must have bad luck, I never do that and get kookies every where I go, and where I don't plan to go! Are you sure about this?

 

ah... you don't know what i mean...
what i meant was...

1. set firefox to only accept cookies from originating websites
and then i regularly clear my all cookies... whether they are good or bad... from firefox before i go any website which requires me to enter personal information

whats so hard to understand about that... ?!

 

squash,

I think you will be fine with SWB or without. It's just a matter of preference. On the overall scope of things, cookies are more related to privacy than security. I do not know however, the full potential of spyware cookies.
I have recently read about some javascript exploits to grab cookies to steal passwords.
Unless they do a redirect as I mentioned, it would be fine. Even if they did, as you said you regularly empty your cookies, the spyware cookie wouldn't be there too long.
For me, I will use SWB because it uses no resources, is easy to update, is set and forget, and it works.
Besides, I think one should always accept and eat good cookies. They're delicious!

 

Posted by Devinco :

I'm with you!

GF

 

How do I accept cookies with Moxilla after I have denied it for a site. I tried putting the site on exceptions and it still won't work....can anyone help

 

Hi Jennipoo,

If you are using the Mozilla web browser (which is different than the Mozilla Firefox browser), then I can't help.

But if you use FF (Firefox), Go to Tools/Options/Privacy/Cookies/Exceptions...
Locate your website in the list. If it shows block, then click on remove site. Click OK, OK. Visit the site again and it should place the cookie.

Unless you are using some other cookie blocker, or a firewall that blocks cookies, Pest Patrol's-cookie patrol, etc. If one of those are also blocking the cookie, then you will need to put the website in the "white list" of the respective cookie blocking program.

 

One difference between browsers and third party privacy applications is their ability to cope with encrypted (https) websites. Since the traffic is encrypted, this means that active content (cookies, Javascript, ActiveX, etc) will only be visible when decrypted by the browser, preventing many third party utilities from filtering them (see The Dangers of HTTPS for more details).

Whether SpywareBlaster will function with encrypted websites or not will depend on how it works - if it alters Firefox's own settings (like it does with IE) then it should, if it tries to monitor web traffic separately then it will not.

 

Thanks Paranoid2000,

That is a really useful thread and an important security concern.

From what I know of SpywareBlaster, it modifies the Firefox settings directly by adding websites to the Firefox cookie exception list (blocking them). In that case, it should work with HTTPS.

 

Thanks for the info Devinco.

In that case, SpywareBlaster should be as effective as Firefox's own settings, so it then becomes a question of what SB's presets and user interface offers.