A cookie is a small text file that is set by a web site and stored on your hard drive. The contents of the file is under the control of the web site and may contain information about you and/or your past and present surfing habits. You supply most of the information that a cookie gets about you. When you fill out a form that asks for your name and email address for example, that information may be stored in a cookie for future use. This is not necessarily a bad thing however. Cookies are most often used to customize your browser or for personalizing content delivery. In other words, if you go to www.yahoo.com and you choose to "Personalize" the page so that it shows your local weather and news, stock quotes, and entertainment, that information is stored in a cookie so that when you go back to the page all of your personalized settings are displayed for you. Cookies are sometimes used to track your browsing habits such as what sites you visited before and what sites you went to after the site that issued the cookie. This is often used for gathering statistics about the popularity of the site, market research and targeted advertising. A Web site can look at the cookie (only the site that issued the cookie can get access to this information) to see where you have been and where you are going so that the site can customize the banner ads that are displayed on your browser. You might notice when you go to a search engine like Yahoo or HotBot and type in a query, the banner ads that appear after you submit the search seem to be relevant to your search.
But what if you don't want any information about you to be collected by a web site? There are several ways to prevent cookies from being generated. The easiest way is to disable cookies in your browser options. By default, Internet Explorer and Netscape Navigator accept all cookies. However, you can set your browser to reject all cookies or accept only certain cookies.
To change Cookie settings in your favourite browser, follow the instructions below.
Click Tools from the menu. On the Tools click Internet Options. On the Security tab, choose Custom Level.
The Security Setting window is displayed.
From here you can select Enable, which is the default, Disable, which will reject all cookies, or Prompt, which will prompt you whenever a cookie is about to be set.
You should use the Prompt option with caution however since you may end up spending a lot of time rejecting/ accepting cookies!
Setting up cookies in Netscape is a bit different than in Internet Explorer.
Click on Edit from the Netscape menu and then choose Preferences. Once the Preferences window pops up, click on Advance to change the preferences that affect Netscape. There is a section dedicated to cookies and you can pick one of the four choices available to you.
Netscape offers one more option than Internet Explorer, Accept only cookies that get sent back to the originating server. This ensures that only the site that you are currently visiting will get the cookie data, and not some other third party, thus preserving some of your privacy.
You should check for security patches on vendor sites to make sure that your software is up to date.
For Netscape, visit the "Current" Security Notes page at http://home.netscape.com/security/notes/index.html and the "Previous" Security Notes page at http://home.netscape.com/security/notes/previous/index.html.
For, Internet Explorer, go to the security updates page at http://www.microsoft.com/windows/ie/download/default.htm.
Internet Explorer makes it easy for you to set the security level that you wish to use. You do this by going to the Tools menu and choosing Options. From the Options window select the Security tab. A window will pop up and will list the four content zones for which you can specify security settings. Each zone can be set to one of four security settings.
To set the security settings for a particular zone, highlight the zone. Then choose the Default Level for that zone or customize the security settings.
The default setting for the Internet Zone is Medium. This setting gives you the most browser functionality while still prompting you about possible unsafe content. The Medium setting disallows all unsigned ActiveX controls. Medium Low will give you the same functionality but you will not be prompted before content is downloaded. The Low setting allows all content to come through and gives you no security at all. High blocks everything - cookies, ActiveX, and Java - but your browser functionality will suffer as a result.
If you wish, instead of using the slider to set your browser security, you can customize the settings for a particular zone yourself. By clicking on the Custom level… button, you can set up your own custom level of security. For example, you can set the zone level to High but enable cookies manually so that you don't lose whatever custom settings you may have for certain sites.
You can also specify the actual sites that fall into the Local Intranet, Trusted Sites and Restricted sites zones. The example to the left shows the University of Toronto home page and the Computer Security Administration page as Trusted sites.
For sites in the Trusted Sites zone, you may also choose to require server certificate verification for all sites included in the zone. However, this is an all or none option. If you are going to include sites that do not require server certificate verification, then do not check off the Require server certification (https:) for all sites in this zone option.
The default security setting for Netscape Navigator is Low. Changing the setting is easy. With Netscape you don't have the level of customization that Internet Explorer allows.
When you enter a secure site, in other words, a site that sends your information in encrypted form, both Internet Explorer and Netscape navigator give you a visual indicator that the site is in fact secure. With IE you will see a little closed padlock in the lower right hand corner of the browser window. In Netscape a similar padlock can be seen in the lower left hand corner of the browser. It is important that you verify that a site is secure before you send any information of a confidential nature over the Internet. Never send credit card information or any other confidential information unless the site offers encryption to protect the information.
Browser security has come a long way in the last few years. They have gone from being extremely insecure applications to applications that offer customizable security. But as long as there are "hackers" out there, new security holes will be found and exploited. Remember, always practice save surfing!
When you access a web site, your browser saves page images in cache. Cache is used by the browser to store images of pages you have visited. Web browsers do this in order to speed up access. Web browser also maintains a history of sites you have visited. If you do not clear the cache and history files, anyone can view the information you have accessed simply by using the back button on the browser.
Browsers have facilities that let you clean the cache and history lists.
Netscape History and Cache Cleanup
In Netscape, click on Edit and choose Preferences. Choose Navigator from the left frame. You can specify when pages in the history list expire be entering the number of days. You can also clear the history list by clicking on Clear History.
Browsers use two types of cache: Memory Cache and Disk Cache. You can clear Memory and Disk cache in order to ensure that no one else who has access to your computer can view information that you have accessed using the browser. To clear cache, click on Edit and choose Preferences. Choose Advance from the left frame and expand the list by clicking on the plus sign. Then click on Cache. To clear cache, click on Clear Memory Cache and Clear Disk Cache.
Internet Explorer History and Cache Cleanup
On the Tools menu in Internet Explorer, click Internet Options. On the General tab, click Settings. To delete temporary Internet files (cache) click Delete Files. To clear history, click Clear History. To clear Temporary Internet Files, click Delete Files and when the Delete Files window is displayed, click OK.
With the number of computer viruses and worms increasing on a daily basis, it is important that you have a virus-scanning program running on your computer. It is also important to make sure that the program is updated regularly so that it is able to detect new viruses and other malicious code. A few things to keep in mind:
When using the Internet to view and transmit confidential information, make sure that you have a "secure" connection to the site you're visiting. When you are finished, clear the Cache and History files right away.
All contents copyright © University of Toronto 2000-2003
This Site is maintained by the Computer Security Administration Group
Comments & Questions