• Eliminate Flash-spawned 'zombie' cookies

    Home » Forums » Newsletter and Homepage topics » Eliminate Flash-spawned 'zombie' cookies

    Author
    Topic
    #470786


    TOP STORY[/size][/font]

    Eliminate Flash-spawned ‘zombie’ cookies[/size]

    By Woody Leonhard

    Way back in a 2008 column, I spotlighted one of the most insidious and least-known features on the Internet: Adobe Flash cookies that were not subject to the usual cookie rules.

    Almost two years later, these special Flash cookies are still living in our PCs, and enterprising privacy-busters now use them to create zombie cookies — regular cookies that come back from the dead.[/size]


    The full text of this column is posted at WindowsSecrets.com/2010/08/05/02 (opens in a new window/tab).

    Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.[/td]

    [/tr][/tbl]

    Viewing 24 reply threads
    Author
    Replies
    • #1237591

      In addition to Flash Player, other Rich Internet Applications (RIAs), most notably Microsoft’s Silverlight, also set LSOs in various non-browser areas of your computer. That’s the bad news. The good news is that CCleaner will clean these Super Cookies if you check off the options to do so. Using Secure deletion (overwriting deleted data) may also help prevent Zombie Cookies from reappearing. And many antispyware programs, including Super Antispyware, will detect and remove LSOs. In Firefox, it is also wise to clean out DOM Cookies, which some cleaners can also do. And there is a Firefox Extension to turn off Google Analytics, also a rich source for data mining by advertisers. I don’t know whether Google Chrome can be tricked out to block Google Analytics, but I would like to be able to opt out in Chrome, which I use in my new 64-bit Windows 7 Toshiba Satellite laptop.

      -- rc primak

    • #1237627
    • #1237640

      @Betona –

      Yep, that’s the site I talked about two years ago. It hasn’t changed much. For starters, it’s so confusing that the instructions start out “Note: The Settings Manager that you see above is not an image; it is the actual Settings Manager.”

      There’s still no way to manipulate, control or delete LSOs using an Adobe-supplied program on your computer, or using your browser. Instead, you need a Firefox add-in, or CCleaner.

    • #1237694

      Is there any way to remove them using Opera? Opera is my preferred browser, for speed and security reasons.

    • #1237695

      @bmeacham

      You can’t remove them directly using Opera, but you can go to the web site mentioned above and get rid of them.

      Details are in my article from two years ago.

    • #1237800

      Interesting — I read the article, downloaded and ran the “Flash Cookies Cleaner” (found 62 *.sol and *.com files!). I then clicked on the humorous video link from your site — ran FCC again — and 5 more files were found (which I deleted)!

      Turned Cookies off in IE — visited that video again — ran FCC — and again 5 files found to delete!

      I lowered cookies to moderate-high. I also have CCleaner and ran it AFTER visiting the same video link — but to no effect on the *.sol files (FCC still found 5).

      Pernicious little suckers, aren’t they?

      BTW — I’ve appreciated your work. Pray you have a Happy Retirement/Redirection in life!

      Mike

    • #1237847

      @Mike

      You’re very kind, but Brian’s retiring. I’m still solidly poised at my keyboard, nose to the grindstone.

      They are pernicious little suckers. I ran the Adobe tool on my main machine and found that I have TONS of Flash cookies, from the likes of:

      msn.com
      paypalobjects.com
      shoutcast.com
      cnet.com
      skype.com
      cbs.com
      merriam-webster.com
      wolframalpha.com
      zdnet.com
      americastestkitchen.com
      acrobat.com
      tweetdeck.com
      abcnews.com
      msads.com
      wsj.net
      hbo.com
      forbes.com
      bbc.co.uk
      washingtonpost.com
      hulu.com
      twitter.com
      ninemsn.co.au
      turner.com
      clearspring.com
      epson.com
      google.com
      ebaystatic.com
      paypal.com
      flickr.com
      istartedsomething.com
      images-amazon.com

      And many others. Of course, not all of those are going to spawn zombie cookies – but I have to wonder how many will.

      One reader sent email to me with details about CCleaner that astound me – he’s having trouble getting rid of the pests, too, and CCleaner apparently isn’t doing the job. Hope to get him to join in here momentarily.

    • #1237855

      I’ve been using CCleaner for years and I didn’t recall seeing any specific settings for clearing out LSOs. On the CCleaner dashboard, when I go to Cleaner > Applications tab, by default there is a check mark for Multimedia > Adobe Flash Player (as well as Windows Media Player.) After running CCleaner I can go back into the Adobe Settings Manager and none of the LSOs appear to have been deleted. So I went to the CCleaner forums and found this thread:

      http://forum.piriform.com/index.php?showtopic=29175&st=0&p=174431&hl=cleaning%20adobe%20flash%20LSO&fromsearch=1&#entry174431

      Towards the bottom one of the moderators (DennisD) offers a solution for eliminating LSOs by using the CCleaner “Include” routine. You have to add the specific folders containing the LSOs to the cleaning routine and CCleaner will then (supposedly) remove the Flash cookies. I would have thought that CCleaner would include them automatically without the user having to manually add the folder(s). And the moderator’s instructions apply to XP because that’s what the original question pertained to. I have no idea if there are any other folders involved that the moderator might have missed. So for that reason I decided to bookmark Adobe Settings Manager and run it whenever I shut down my computer.

    • #1237860
    • #1237914

      TOPIC — Getting CCLeaner removing Flash-spawned ‘zombie cookies’ from Vista…

      First, thanks for the link to the Piriform users input.

      I found that FlashCookieCleaner also removed a number of .com files which I suspect are just as (if not more) dangerous than the *.so files

      Using what the Piriform users group said about WinXP, I found that in Vista you’d duplicate the equivalent effect to CCleaner by adding the below line (replace USER NAME with your own) under CCleaner’s “Options/Include” menu. CCleaner quickly removed the offending .sol file I had in that directory.

      At “Directory” input, browse to:
      C:Documents and SettingsUSER NAMEAppDataRoamingMacromediaFlash Playermacromedia.comsupportflashplayersys

      At “File Names” add
      *.sol;*.com

      Tried it out after running Youtube. It added another settings.sol file to that directory AND under that directory the following sub-directory:

      #s.ytimng.com

      …under which ANOTHER settings.sol file was placed.

      Ran CCleaner again. THIS time it not only cleaned the *.sol and *.com files in the location mentioned above, but deleted the sys directory AND found and deleted another *.sol file under the following directories of (note differences!):

      C:Documents and SettingsUSER NAMEApplication DataMacromediaFlash Player#Shared Objects7 LETTERS AND NUMBERS HEREs.ytiming.comvideostats.sol

      and

      C:Documents and SettingsUSER NAMEApplication DataMacromediaFlash Playermacromedia.comsupportflashplayersys#s.ytimng.comsettings.sol

      I like how CCleaner picked those up after only entering the initial directory location and file extensions (*.sol;*.com)

      This still begs the question — what in the heck is the average computer user going to do to protect themselves from stuff like this??? I’m guessing at least 95% of computers are susceptible to this stuff — and it won’t take much for Adobe and/or some hacker to figure out a way to subvert the cleanup techniques submitted here and elsewhere! I realize Adobe has to make some money someway from the free programs they offer — but they are opening users to potentially disasterous privacy violations — AND I think they are opening themselves to liability issues for having done so!

      Mike

    • #1237922

      Under Google Analytics Firefox lists 24 add-ons, which seem to be intended for use my advertisers to obtain more info from their cookies.

      The main exception seems to be Google Analytics Internal traffic Excluder, but the blurb only refers to blocking ‘internal traffic’ – whatever that might be. Is this what Bob primark is refrring to?

    • #1237946

      I tried the Flash Cookie Cleaner 1.2 application, and it found a load of stuff! The weird thing about it though is that it runs off the Internet and doesn’t install as an application on your hard drive. I did find I could Save it to my Downloads folder and then run it from there. Interestingly enough my UAC did not ask me whether I wanted to run this or not but Norton Internet Security 2010 did say the file was safe.

    • #1237980

      @Mike

      Thanks. Curiouser and curiouser….

    • #1238069

      @Mike or any other kind soul:

      Can anyone transpose the 2 adds to CCleaner that were shown for Vista so that they work in
      W7? My understanding is that there is no AppData folder in W7.

      Thanks,
      Dick

      Edit:
      Sorry: Answered my own question. Appdata is hidden in W7, and exists as a junction
      point for backward compatability.

    • #1238121

      I have Win 7 Pro 32 bit. After reading the newsetter article I got the Flash Cookie Cleaner tool from http://www.hotcleaner.com and it certainly cleans them out. Of course they keep coming back. A bit like herpes. So I went to the Adobe Flash Cookie tool at http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager03.html and ran that. I made all settings to exclude, prevent and storage to zero but the settings dont hold. I set Global Storage Settings to zero but when I exit the browser (IE8) and come back the setting is back to 100KB again. I have a test site for the Flash cookies here http://www.afl.com.au/ and there is no stopping them. Why is it that the Flash Manager settings dont stick? Does anyone else have this trouble?

    • #1238183

      First, let me say that I was wrong about CCleaner being any good in its default settings at removing Flash Cookies, no matter what you check off. Same for Silverlight Cookies.

      In Firefox, I use the Better Privacy add-on and set it to run every time I close Firefox. This does the job, and I have checked to make sure on my Windows XP Pro SP3 laptop.

      Google Chrome has a cleanup Extension called Click&Clean, which also will remove Flash Cookies once you set it up to do so. Read about the Click&Clean Extension for Chrome here. Problem solved.

      A lot of Loungers know about the Firefox Better Privacy Extension, but I don’t think every Chrome user in here knows about the Click&Clean Extension for Chrome. On my 64-bit Windows 7 Home Premium laptop, this is what I use, and it does the job. I’ve checked.

      I use Chrome in my new laptop because I like its independent tabs processes better than I like Firefox in the 64-bit Windows 7 operating environment. No better reason.

      As for internet Explorer, I don’t use it on either machine. So I don’t care what can be done for IE Flash Cookies.

      -- rc primak

    • #1238184

      @Bob

      That’s a serious problem. What browser are you using? (It shouldn’t matter, but it may.)

      P.S. It’s more like shingles. Verrrry painful.

      • #1238185

        @Bob

        That’s a serious problem. What browser are you using? (It shouldn’t matter, but it may.)

        P.S. It’s more like shingles. Verrrry painful.

        Woody
        I know all about shingles. I got a dose of it a week and a half ago. It’s nearly gone but it was certainly painful. First and last I hope. BTW shingles is herpes zoster.

        The browser is IE8 on Win 7 Pro. All hotfixes and patches, available thru MS update, have been applied.
        In IE8 I have First Party cookies set to PROMPT, Session cookies to ALWAYS ALLOW and third party cookies to BLOCK.
        I run my UAC at the top of the slider (above the default). Other security related items are Avira AV Pro (fully updated) and Zone Alarm FW free 9.2.057 (the latest)
        Bob
        edit: I just noticed that Gmail web adds Flash cookies.

    • #1238189

      1) Download and install voidtools’ Everything.–
      http://www.voidtools.com/download.php
      2) Invoke Everything.exe.–
      3) On the menu bar, click on Search, then click on Enable Regex to turn it OFF (no tick mark).–
      —FOR .SOL FILES.–
      4) Enter .sol in box.–
      You will now see any .sol files you have, and will see new ones as they appear.
      5) To delete all .sol files, do a cntl-A, then hold a shift down, hit delete and then enter. Zap, they’re all gone! You may also delete individual files.–
      —FOR .COM FILES.–
      6) Click on File, then click on New Search Window.–
      7) Enter .com in box.–
      You will now see all your .com files. IT IS NOW TIME TO SIT UP, PAY ATTENTION, AND USE COMMON SENSE!
      8) Click on Path to order the folders. Paths with …MacromediaFlash Player… are your delete candidates. BUT USE COMMON SENSE AND BE SURE! There are MANY legitimate .com files. You of course do have backups, don’t you?–

      I’ve done this now for about six months, with no problems. I have multiple monitors and put both everything windows and a firefox cookie window on one monitor, all about two inches wide.

      It ain’t automatic, but it do work.

      Happy Hunting!
      ===
      btw, for file name searching, you may find you like Everything better, a lot better, than Microsoft.

    • #1238235

      @lesle —

      I prefer to Keep It Simple, Stupid (KISS). Click&Clean and Better Privacy add-ons fit that description. No manual “hunt and peck” with these browser tools. I don’t know of anything similar for Internet Explorer, but there are add-ons for that browser as well.

      -- rc primak

    • #1239595

      Click and clean has a windows version. I just downloaded it but haven’t tried it out yet. The everything tools also look interesting.

      Added info:
      I also downloaded everything which looks like a very useful program. Searching for .sol files, it found the following:
      (apparently I can’t paste from my computer to this forum) Anyhoo it found three .sol files labled settings and dated today.
      These have the right time stamp to be the settings that I installed on the flash player site.
      If I run click and clean it should eliminate these. yep they’re gone. So I don’t have the settings that I placed on the flash player site.
      This would certainly explain why the things keep reappearing and settings disappear.
      I am going to try getting some more .sol files – an easy thing to do – and then redoing the settings and visiting the same sites.

      • #1239786

        Click and clean has a windows version. I just downloaded it but haven’t tried it out yet. The everything tools also look interesting.

        Added info:
        I also downloaded everything which looks like a very useful program. Searching for .sol files, it found the following:
        (apparently I can’t paste from my computer to this forum) Anyhoo it found three .sol files labled settings and dated today.
        These have the right time stamp to be the settings that I installed on the flash player site.
        If I run click and clean it should eliminate these. yep they’re gone. So I don’t have the settings that I placed on the flash player site.
        This would certainly explain why the things keep reappearing and settings disappear.
        I am going to try getting some more .sol files – an easy thing to do – and then redoing the settings and visiting the same sites.

        All of the stuff you found will go away with the right settings in Click&Clean. I haven’t looked deeply into the Click&Clean options, but there may be a place where you could exclude the local preferences “.sol” file from the cleanup. This would preserve your Flash Player privacy settings. Or, you could just set C&C to Clean Everything every time your browser closes, and all the privacy-related concerns would also be cleared. This cleanup can also be done on-demand any time you wish, without closing the browser, by clicking on the C&C little broom icon on your browser’s toolbar. If you like to save log-in cookies, you would also have to find a setting in C&C to exclude these special cookies from the cleanup routine.

        Glad you found an IE8 version of Click&Clean, if that’s what you mean by “Windows”.

        And yes, you can get security programs, or set your Flash Player Preferences Page settings, to prevent these Flash Cookies from ever getting onto your computer in the first place. But the down side to blocking them is that some web sites will not work (especially those featuring Flash Videos) with the Privacy Settings set to disallow these Flash Cookies.

        -- rc primak

    • #1239616

      I could NOT get any zombie cookies on my computer running windows 7 and using Zone alarm extreme after I reset the options on the Adobe site. I do find a bunch of FOLDERS with the .com extension.Only one of which (labled security)had any content. I found these by searching on #*.* I aalso note I have a folder called “Buisness Objects” with a subfolder called, “Crystal Reports” that contains 150 MB of something. From what is on the net this is used by a slew of sites to generate reports. REPORTS OF WHAT???. If you trhink I’m paranoid you’re right – Paronia on the net is HEALTHY.

      • #1239667

        I also note I have a folder called “Buisness Objects” with a subfolder called, “Crystal Reports” that contains 150 MB of something.

        Business Objects is a data analysis and reporting tool that enables users to set up queries against complex databases. It is a powerful and expensive piece of software generally used in large enterprises. Crystal Reports is a report writer that can generate reports from various data sources from Excel files to data extracts from Business Objects. It sounds like someone has used your machine for data analysis. Neither are likely to have been downloaded from the internet without your knowledge. Crystal Reports can come bundled with other software, such as Microsoft Visual Studio.

    • #1240275

      Thanks for the info about Microsoft installing crystal reports etc with visual studio etc. I was wondering if I should delete it. Certainly it is nothing that was downloaded with my knowledge or specific consent.
      I also wish to thank lesle for pointing me at Everything. I think it is great.

      Using it, I note the following behavior. I hope someone repeats my experiment.
      I am using windows 7, and IE8 on 64bit dualcore setup. I ran sandboxed using Zone Alarm Extreme Private browser under Sandboxie supervision. Deleted the sandbox content without opening it at the end of the session. I had gone to a couple of porn sites looking for trouble. There were a few .sol files listed in everything. One of the nice features of the everything search tool is that it updates in real time with the window open and is fast.

      Step 1. Each time I deleted one of the .sol files. I noticed that TWO new .sol files $xxxx.sol were created in a folder linked to the recylebin. These files had names that were a mix of capital letters and numbers.

      Step 2. I deleted these files. No new sol files.

      Step 3. I checked .com files and found folders linked to the recycle bin with similar LOOONG names. I deleted these folders.

      Step 4. I rescanned the list of .com files and folders. Found NEW macromedia or flash file folders. Deleted these

      SOMETIMES BUT NOT ALWAYS. On checking the .sol list again I found new .sol files linked to the recyclebin.

      I note that if the warning on the delete box says “Are you sure you want to permantly delete …?” there is USUALLY no new files created.

      I think I may be wrong about the role of the settings.sol files. I have to experiment further, but as of this writing at least some of the files so labled are NOT related to the preferences I entered on the Flash Player site.

      • #1318373

        @dolmanpete, #26
        Step 1. Each time I deleted one of the .sol files. I noticed that TWO new .sol files $xxxx.sol were created in a folder linked to the recylebin. These files had names that were a mix of capital letters and numbers.
        ===
        -Hold the shift key down when you delete. That’s a permanent delete, they never go to the recycle bin.

        -Everything uses the MFT–Master File Table–, that’s why it’s almost instantaneous.

    • #1245595

      There is an extension for Google Chrome called FlashControl which will give you control over Flash. I also use CCleaner.

    • #1268988

      Hello, I’ve signed up specifically because of this thread and this is my first post.

      There seems to be some misunderstanding here. Flash cookies are cross browser, if you get one when using Chrome it will be readable to that site even if you use Firefox for instance.

      There has been no mention of the Adobe folder in your user profile (something like C:Users[user]Application DataAdobe) which is also used to store data, I think it is the Third Party Accessible stuff. If you open this it will have a sub-folder C:UsersuserApplication DataAdobeFlash PlayerAssetCachexxxxxxxx [where xxxxxxxx are capital letters]. This contains the file cacheSize.txt which by default is (I think) 1024. Change this in Notepad to 0 [zero]. All other files in the folder should be deleted. This value is not altered by the Flashplayer Settings Manager. It is a dirty great security hole which I’ve not seen mentioned anywhere. You can change the eight random letter to eight zeros if you are particularly paranoid.

      If you delete the Macromedia folder (C:Users[user]Application DataMacromedia) the next time you visit a site with Flash on it the folder will be recreated. The sub-folder (C:Users[user]Application DataMacromediaFlash Player#SharedObjectsxxxxxxxx) will have a different xxxxxxxx of capital letters. I have a suspicion that this string is also used as persoally identifiable information so it is possibly a good idea to delete it on occasion.
      The subfolder (C:Users[user]Application DataMacromediaFlash Playermacromedia.comsupportflashplayersys) contains the file settings.sol This is the location of the settings you make with the online Flash Player Settings Manager. It is dynamic and every time a new #xxxx.com sub-folder is created that location is stored in settings.sol You can open (but not edit it) this file with Notepad++, the changes are immediately obvious. These locations are NOT deleted by most Flash Cookie Managers.
      What I have done is visit the online Manager and created a secure profile that still allows sites to function. I have then made a copy of the settings.sol file which I simply use as a replacement periodically.

      One other point, if you play Flash games and want to save you scores or progress then you need to save the relevant cookie before you dou anything as drastic as deletin the folders.

      I hope this makes sense.

    • #1268993

      I have a particular dislike of Google’s use of these. They can be installed from pages with no visible Flash content, even with Flashblock installed there is no indication that Flash is being used although if you delete all the browser cookies from Google, Flashblock will prevent the Flash cookies from reappearing.

      Other sites may be doing exactly the same thing so it may be a good idea to delete all browser cookies from any site that saves a Flash cookie when you are clearing these out.

    Viewing 24 reply threads
    Reply To: Eliminate Flash-spawned 'zombie' cookies

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: