Bits from Bill

Technology thoughts leaking from the brain of "Bill Pytlovany"

Friday, August 12, 2011

Windows Update Changes IE Cookies Names

Anyone who has read my blog knows how I feel about automatic software updates.  My previous posts include

* Auto Updates are Evil
* Update causes OLMAPI32.dll error
* Auto Update Programs Running all the time
* Microsoft Security Update Problems

This week one of the critical updates from Microsoft made a change in how cookie names are displayed by WinPatrol.  This is a minor annoyance and I expect it will affect other programs in one way or another. I’m not sure why but the update appears to have made a global change in how Microsoft names individual cookie files used by Internet Explorer.

While other browsers have individual database entries for cookies, Internet Explorer creates a file where it stores multiple cookies for a particular website. WinPatrol displays a list of each website and allows you to view the contents of the file.

cookiesold
Cookies created before the Windows update still have filenames which make it somewhat obvious where the cookies came from. This allows the WinPatrol Cookie Manager to remove and filter cookies based on portions of their name. At this time filtering out unwanted cookies in IE depends on the filename.

cookiesnew 
Since the update, new cookie names appear to be randomly created filenames. I’m not sure what security issue this resolves but it’s going to make it a harder to use WinPatrol to manage unwanted cookies. If this is the new Microsoft method I don’t see making any kind of change to provide a fix in the near future. The update does not affect how WinPatrol manages Firefox and Chrome cookies.


Chrome Cookies Displayed by WinPatrol

cookieschrome 


Chrome and Firefox store cookies in a SQLite database so WinPatrol is able to display the entire contents of each cookie. The recent update by Windows won’t make any changes to how we display these cookies.

I’m going to get a lot of support Email but otherwise this auto update probably won’t hurt any other Windows function. WinPatrol users will lose some functionality. I’m not sure I will have a fix coming soon but I’ll look into it.

Recommendation: Update anyway

In general, my auto update recommendation hasn’t changed. I set my Windows AutoUpdate setting to “Download updates but let me choose whether to install them”.  There will be a few exception but I usually wait 7-10 days before actually installing the updates.  That allows the rest of world to beta test the change. If there is a severe security fix for a threat which is known to be out in the wild, I will recommend updating immediately. Stay tuned to BitsfromBill for additional information.

In this particular case I would not wait. There are reports of threats actively at work which will allow others to execute programs remotely.  This danger is far more dangerous than any cookies. Given a choice I would accept and install the update from Microsoft Windows.

Update:
Microsoft has confirmed they have decided to change how cookie files are named.   http://blogs.msdn.com/b/ieinternals/archive/2011/08/12/internet-explorer-9.0.2-update-changes-file-protocol-and-cookie-naming.aspx

“We do not expect significant compatibility fallout from this change either, as the names of these files have always been somewhat dynamic. Directly enumerating or reading the Cookie files has never been supported.”

While I agree nobody at Microsoft promised to support this convention, I don’t understand how this change it related to the current threat causing remote execution of machines.

Update 8/14:
I do have a work around the changes that Microsoft has implemented. I do have other changes I’d like to release so hopefully, by the end of the month I’ll have a new release which will provides a user interface that is friendly and intuitive. 

Share on Facebook


8 Comments:

Blogger nightsmusic said...

And this would be another reason why I don't use IE. I shouldn't have to fight with my browser. Things should be easy. At least with Firefox, if nothing else, they're pretty straightforward.

10:13 AM  
Anonymous Anonymous said...

Which Microsoft update was this, Bill? Would you have the KB number?

6:13 PM  
Blogger Unknown said...

If you're looking for the KB number check out http://www.microsoft.com/technet/security/bulletin/MS11-057.mspx

Ironically, changing the cookie name has nothing to do with the threat of remote execution but that's the solution they came up with.

10:10 PM  
Anonymous Anonymous said...

Bill,
If you want to know the cookie name highlite the line of random #'s and click view. Second box gives me the name. EG. MSN.COM two extra clicks to be sure of your cookie's name? Maybe i'm not understanding this correctly.

7:18 AM  
Blogger Unknown said...

Anonymous, Finding the cookie name manually is still easy but the idea is WinPatrol manages cookies with 0 clicks. A change that breaks a program is a bigger deal than making a user use an extra click.

Using our filter you can put a portion of a cookie name like "advert". WinPatrol could automatically remove all cookies that had "advert" anywhere in the cookie name without any user intervention. Used to be a nice feature wouldn't you agree?

The feature will come back but now, everytime I scan the cookie list I'll need to read each cookie for a domain. That adds time that degrades WinPatrol's reputation as being the quickest monitor program available.

9:28 AM  
Anonymous Anonymous said...

Bill, you have a wonderful product that is a great addition to my layered security.

I have gone through the extra steps of having to view each cookie to know which ones to keep. The problem is when you go back to the same site new cookies replace the old every time. If you do not re-select them every time, you loose your preferences for said site when you clear the unwanted cookies because you thought they were all ready saved. This is a real pain.

I am looking forward to your new build. Keep up the good work.

Jackorama

3:41 PM  
Blogger wizguy said...

It seems that with the change in cookie names, we can no longer block cookies from specific sites by using Tools, Internet Options, Privacy, Sites.

7:55 AM  
Anonymous Anonymous said...

Bill,
Thank you for this information. I am using IE 8, and noticed a bunch of strange looking folders in my Cookie file. I thought I had some sort of new malware - especially since my checkers kept finding tracking cookies in those folders.
I can still block the the tracking cookies with the method described by wizguy, but it is a bit harder to learn what sites to block.
Another problem I found is that sites I frequently visit save some information in cookies to make access/sign-in easier. Most have a "remember me" option. With IE's new method, this information does not seem to work any more. I still have to enter all the stuff that previously was saved. It is a hassle to have to go through the hassle of identifying myself every time I visit one of the frequently accessed sites.
Do you have any idea how I can get around this?

5:48 PM  

Post a Comment

<< Home