I think it's self-fulfilling: because AdAware and other spyware scanners identify cookies as "spware" or "adware," people then think cookies are bad.

And, you're right--most non-IE browsers have great cookie control. And if you're really worried about it, even in IE you can delete cookies. Firefox is my favorite because I can have Firefox accept all cookies but automatically delete cookies every time I close Firefox (and I can specify exceptions to the rule for cookies I want to keep). That way things are clean. I don't have to keep cookies I don't want, but I'm not blocking cookies that keep my browser from functioning.

Hi , i just browse through and how do we know we have spyware in linux ? I think we cannot take for granted there is none spyware for linux. Any linux spyware ? As for rootkit, any software can remove it ?

Rgds
Daniel

Hi, doesn't when we compile the source or binary package in linux , does it consider to be executable ? Pls explain how to use mount to secure ?

Rgds
Daniel

No.

No & Yes.

If you use your brain and only visit known and original sites that are known to be safe.

Propriate software is beginning to be booming on linux.
Like Nero, Adobe Reader
People who used pirated software on windows and start using linux and installed nero, and they want the full version and downloaded a keygen are vurnable for rootkits in my eyes.

I only browse sites I trust and are known to be safe, I only download the software from their original developement site/ftp. and always check the md5checksum :D

If use mount your filesystem noexec all the files are non executable and are not allowed to have a executable bit.
If you try to execute a file you get a permission denied warning.
Correct me if I'm wrong.

As mr_demilord said, spyware isn't a big issue in my opinion if you don't screw around downloading crap off the Internet and opening every attachement e-mailed to you. The only Windows machines at work that become infected with virus + spyware turn out to be those popping up in the Internet logs trying to access stuff they shouldn't. In the same way you get virus scanners that sit monitoring mail queues and running alongside Squid or DansGuardian for example to filter out virus coming in over the Internet on Linux boxes, I'd like to see something similar for spyware. Don't know how it work otherwise I'd have a go implementing something myself, but from home a user point of view, spyware shouldn't be an issue if you're sensible, especially under Linux. There will be spyware that becomes targeted at Linux users in the same way Mac users are starting to become targets, simply as the number of users increase, but since most people running Linux + Mac kinda know their thing, it's always going to be difficult and not really worthwhile for writers of such crap to spread it around.

Alternatively, just unplug your box from the net and surround your case in tin foil, especially if you're worried about those yummy cookies with chocolate chips in...

But we cannot presume it is safe everytime even with known website. Just want to be cautious maybe visit to a new site or even installing from trusted site. Any rootkits detectors out there ?

Rgds
Daniel

But then how to install any software on it ?

Rgds
Daniel

One thing, I think they wont do as much as harm as spyware does on windows, because windows executables has more priveledges then executables on a *nix/mac operating system.
I also think that it is easier to track down spyware/chrootkit on *nix/mac then windows...... or am I wrong?

I'd go along with that, although I still see people that appear on IRC logged in as root...

Tracking down infections isn't easier on Linux IMHO, as there are some very good tools for Windows that even my mother can use to find + clean viruses and spyware. Most Linux tools for detecting infiltrations are slightly more complicated, but not beyond the grasp of anyone able to understand the need to run a check!

The privileges point holds true for Windows though - if you have your Windows system setup with normal user privileges, i.e. not logging in as a user with full admin rights, you're not going to have many problems as large parts are protected. Sure, you can go nuts and see how damage you can create, but my first line of the post covers that!

I remember that a few years back spyware on windows machines was unheard of.

I believe you guys when you say there isn't much to worry about...right now. But I would like to take a proactive approach. In my mind it would be much better to aggressively prevent spyware wherever possible than to just assume we are invulnerable.

My totally unsophisticated, but really simple cookie-filtering solution:
Browse regularly used sites, like Linux Questions, with Konquerer. Accept all cookies.
(Make many Linux/technical related bookmarks here also.)
Browse for entertainment, news etc. with a lot of link-following using a different browser (Opera, Firefox).
When finished dump all cookies, or clear the cache. Personally I think Opera makes it easiest to do this--by having "Delete all private data" right on the menu.
Talk about low-tech.

I'm likely less sophisticated when it comes to understanding browsers than most people. One thing I find unnerving is that my internal address can be
retrieved from behind a router as shown here
http://www.auditmypc.com/freescan/scanoptions.asp
Maybe this is a normal situation but I always thought this information was shared only between the computer and the router. I suspect disabling some browser options would prevent this (java possibly ?) but would hate to lose that kind of functionality. It makes me curious what other information my computer is offering up.
The real answer is probably to browse carefully as others have already said.

Remember, that is a link you clicked on. That doesn't me that just anybody out in the wild can find your internal address just by snooping.

What this points out to me more than anything else is that prudent behavior while cruising the web can go a long way toward protecting your system.

The major danger as I see it is proprietary installers. Most likely source packages should be fine (because most likely they don't want everyone to see what they're doing... not like most of us could understand the source code or anything). Also, binary packages from your distribution through known repositories should be fine. However, programs that have built in installers (there are getting to be more and more) could at any time start putting in adware spyware. These could take the forms of add-ins/extensions for firefox or ads showing up in real player for linux at some point. The thing is that when you install something, you install it as root. That means that once you've installed it, it could install a portion of the program in /usr/bin with normal user priveledges (safe) and then another part as a line hidden in one of your start up scripts that points to a program in /usr/sbin so that it runs with full root permissions (VERY VERY bad). This would basically be no different than spyware in Windows in my understanding... The one thing that could be really bad is if someone someday manages to hack some package repositories for a major distribution and throws some really big, bad, and nastys into it...