|
Cozahost Newsletter Archive |
|||
| Contact us | Cozahost | Subscribe | |
|
Here is your Cozahost newsletter: In this issue we are going to talk about cookies, stoves and adware. Some of it is more for you to worry about when you go online. Sad really; we keep wasting more and more time each week working around defending our computers against scumbags... |
|
|||||||
| ..:: Hello :-) | ||||||||
|
Cookies. When you read the word "cookies", what do you think about? Those ginger cookies Grandma used to make, or Romany creams, or those little cookies with the zoo animal icing? I'll bet the last thing you would associate with cookies is your web browser! Yup, the browser on your PC. Strangers hand it cookies every day, which it gulps down without a second thought - making it grow fatter and fatter. These cookies are often not baked with tender love and care, and they definitely do not come with milk! Time to learn about cookies and
eating them... |
||||||||
| ..::Taking cookies from strangers | ||||||||
|
It starts like this: When you tell your browser to connect to a web site, the software contacts the server responsible for the site and request a page to be sent. Once the page is sent, the browser and server disconnects from each other. When you request the next page from the server, your request is treated like a brand new request The server has no idea at all that you requested a page just seconds ago. The HTTP protocol (rules for transmitting web pages) is said to be "stateless". It is like placing a phone call, asking one question and putting the phone down again. When you want to ask the next question (based on the first), you make another call again, ask the question and put the phone down again. The guy on the other side (the server) has to cope with thousands of phone calls like these every second, and must maintain a track of each interrupted conversation. In the "old days", most web sites were static, in other words, you viewed pages like in a book - with no search or other dynamic functions. Today however dynamic web sites have to find away to work around the stateless nature of the HTTP protocol. Think about your online banking site. Your bank's web server must remember who you are and whether or not you logged on so that it can send you the correct bank statement. Considering that the server sees every page request as a brand new and distinct operation, how does it keep track of the fact that you did already log on? The answer is cookies. What is a cookie A cookie is a little text file. On first contact, the server asks the browser for it's cookie. If the browser does not have a cookie for the server, the server creates one and sends it to the browser to keep for future use. Inside the cookie is a very long random number that uniquely identifies that browser session. If that quick explanation went right over your head, let's do it a bit slower using our telephone conversation example of earlier: A person places the first call to the server with the question "who is the oldest person on earth?" The server responds: "Who is calling please?" The browser responds: "None of your business." The server responds: "Ok, I respect your need for privacy, but, in order for me to help you, let's agree that your name will be "007" for the duration of this conversation. Next time when you ask me a question, first tell me that it is 007 calling." The browser responds: "Ok, I can do that." The server responds: "The answer to your question is: Ma Pampo." and it makes a note to itself that a browser by name of 007 asked about the oldest person on earth. The browser responds: "Thank you!" and terminates the connection. (Slams the phone down) A few seconds later the browser calls the server again: "This is 007, how old is she?" The server looks up in it's notes and sees that 007 asked about the oldest person on earth. It finds the age of Ma Pampo and replies: "125 years." The browser goes: "Cool." and slams the phone down. The server mumbles to itself: "And you're welcome you rude swine.", and makes a note to keep 007 waiting just a little bit longer next time. ;-) A cookie can contain more information than just a "name". The server can also tell the cookie to store other information like the date of first contact, the last page that was visited and so on. The server can also tell the browser when (if) the cookie should expire (grow stale) and be destroyed. Not so good cookies So, cookies are not bad right? That depends. Imagine another scenario: You contact a server to buy a book. The server assigns you a cookie that is flagged to expire 5 years from now. A year later you return to the site to buy another book. Because the cookie identifies your browser, the server now knows that you visited the site a year ago and you bought the "internet for dummies book". (It also knows all your contact info from your previous order) Sensing an opportunity, the server can now recommend that you buy "internet for almost-dummies", a follow up on the first book. This is good service. On this particular occasion however, you go to the adult books isle to buy a book on erotic massage as an anniversary present for a friend. The information is added to the cookie and the server now profiles you as a novice computer user with an interest in erotica. Not so good, potentially embarrassing - and completely inaccurate. The first issue around cookies are therefore privacy. If it concerns you that a server might know stuff about you (without you volunteering information in a particular session), cookies will worry you, and offend your sensibilities. Given our earlier explanation of how cookies work, you will know that many web sites CANNOT work without assigning a cookie to you - because it is the only way they can maintain a session state in order to conduct a coherent "conversation." These are relatively good cookies and you have to live with them if you want to use those web sites. Managing cookies At the same time, if privacy is an issue for you, you might object to cookies being stored on your computer after you completed a conversation with a server - in other words, you do not want the server to know who you are before you are ready to tell it. In this case, you can delete the cookies stored on your computer by clicking on Tools, then Internet options and then Delete Cookies in your Internet Explorer web browser. If you are using Internet Explorer 6.0 and above, you can also set the level of privacy you prefer by choosing to accept cookies or deny cookies - or to be asked before a cookie is accepted by your browser. (Click on Tools, then Internet options and then select the Privacy tab). As we explained earlier, if your privacy policy is too strict (ie you do not accept cookies at all) then some web servers will not be able to talk to you - so be careful when you make changes. The really bad cookies Apart from cookies on your PC that makes it possible for servers to identify you and your purchasing habits, many web sites allow you to "remember" passwords and user id's when you log on. These details are "remembered" by means of a cookie, and it presents three problems: a) The privacy issue - people can trace which web sites you visited, b) anyone can open a cookie file (it is a normal text file) to read your user id and password and c) anyone using your computer will automatically be granted access to a web site if you told the server to "remember your password". On your own computer the above issues might not be such a big problem for you, but understanding the mechanism of cookies will help you to make decisions if you use someone else's computer or a public computer in a library or internet cafe. All web browsers have a built-in security feature where a web server can only read it's own cookies - so the book club's server cannot see that you bought a novel from the opposition...unless there is "AdWare" or a virus installed on your PC, but more about that later. My least favorite cookies are those fed by advertising servers: every time an ad is shown to you, they track which advertisements you have seen and reacted to, so you can be targeted by more relevant ads. While in principle this is not bad, large numbers of service providers use the same set of ad servers, so all of them know what interests you and what does not. Again, if privacy is not an issue for you this might not bug you too much. If you read the classic book 1984 where big brother watches everything, you will know that privacy is an absolute thing. If you loose even a little bit, you are vulnerable to loosing all of it. The more potentially bad guys know about me, the better their changes to do something nasty to my computer - so I prefer to cruise the internet incognito...what they don't know can't harm me. :-) (Cookies accumulate on your PC, and while they are very small files, add to the clutter on your computer - making your browser fat and less responsive.) Cookies, adware and viruses - the sharks in the bathtub If you are one of the VERY brave folks who do not regularly update their operating system and who does not run a firewall, changes are that you have more of one AdWare application running on your computer - without your knowledge. "AdWare" is a type of "SpyWare" which is a type of trojan or virus. In essence the classification means that it is software that was installed on your computer without your knowledge when you visited a web site, opened an infected email or used your PC on the internet without the protection of a firewall and operating system updates. In many cases your anti-virus program will identify AdWare or spyware as a virus and clean your PC, but in many other cases it will not. The reason for this is that the more technically savvy AdWare authors will design their programs in such a way that it functions as an extension to your browser - because it does not run as a separate file, many virus scanners will not pick it up, and, besides, it is not strictly speaking a virus because it may not try to spread itself. The subject of AdWare and SpyWare will be covered in detail in a future edition of the newsletter, but for now here is a quick rundown: These programs run "inside" your web browser and can collect information about your browsing habits. The information that is gathered is sent to a central server where it is analyzed and used for commercial or malicious purposes. Remember that we said that a web server can only read it's own cookies? Well, this restriction does not apply to SpyWare: because these are programs in their own right, they can read any cookie on your computer and send the information to their masters. Once your computer is compromised, the AdWare software can read all your cookies and it knows which web sites you visited and, by looking inside the cookies, may even find your email address, login id and passwords. Of course a "normal" virus has the very same capabilities. Given the above, you can see that accepting cookies might not be intrinsically bad for your computer, but they can be used (abused) by third parties or third party software to bite you in the unmentionables when you least expect it. Whether you think you have adware installed on your PC or not, I recommend that you download a free copy of the Ad-aware personal software to scan your PC. The software will find most of the bad guys, and, at the same time show you which cookies are installed on your computer and give you the ability to delete them. In closing So why is it called a "cookie"?
I'm not 100% sure, but I think it comes from the Hansel and Gretel fable
where Gretel left crumbs to find her way back home... :-) |
||||||||
| ..:: Super computers does not super users make | ||||||||
|
A teraflop is a trillion transactions per second. Don't get it? Try this: if every man, woman and child on planet earth perform 60 000 transactions per second, then the combined processing power will approach the peak capacity of this computer. Not too shabby! In the 50s or 60s someone said that he thinks telephones are really useful devices. So useful in fact, he can see that some day every city will have one. Today you can say that supercomputers are really useful devices and some day every country will have one...but I'm going to keep my trap shut. :-) Of course not even the fastest computer on earth will magically make you more productive. The best stove on the earth will not magically turn you into a gourmet cook either. A computer is very much like a stove: stoves cook meals, and computers "cook" information (preferably not your accounting records). Unfortunately a stove is just a stove and a spade is
just a spade. A computer is just a computer. No matter how many
blinking lights, and no matter how large the fans and the fancy box - it is
still just a tool that can only come to it's right in the hands of a
skillful user. You can't blame the stove when you burn the hot water,
and you can't blame the computer (or it's software) when you botch your
information cake. Invest the time to learn how to use it and you'll
reap the benefits. Translated: read newsletters like this one. :-) |
||||||||
| ..:: Services and products | ||||||||
|
||||||||
| ..:: Your smile for the day - I think not | ||||||||
|
He is very relieved when he sees a note stuck under the windshield wiper. It read: "Sorry. I just reversed into your car. The witnesses who saw the accident are nodding and smiling at me because they think I am writing you a note with my name, address and insurance company details. But screw you. I'm not." |
||||||||
| ..:: Subscribe / Unsubscribe | ||||||||
If you like this newsletter, you can subscribe here: http://www.cozahost.com/news/ for your own free copy. |
||||||||
| ..::Goodbye! :-) | ||||||||
Wishing you happy, safe and productive computing - till next time. |
||||||||
(c) Cozahost 2004, All rights reserved.