> I meant that cookies come unsolicited and end up god knows where.

RG> Yes, god, and everyone else on the planet except you
RG> apparently. The fact is, cookies aren't stored just 'anywhere'
RG> - they are all stored in the same place (as defined by whatever
RG> browser you are using). It's not as though the sender of a
RG> cookie can tell it to save anywhere else other than the
RG> designated cookie folder.

 How many in your folder, Rod? A thousand? Which one is the trojan?
The *one* person who knows (besides God) is the guy who sent it. That
worries me.

> To me, it seems rather simple to write a false "cookie" that runs
> automatically.

RG> If it were that simple, don't you think there'd be hundreds of
RG> virus's already out there taking advantage of what you percieve
RG> to be a major secruity risk?

 What's this "major?" I consider it a source of concern. In order, I
would rate Windows itself (I'm sure it has a back door), Explorer,
Word (and Excel), Java, and anything that downloaded files are able to
call apparently harmlessly (like cookies).

 It seems to me, that if I sent you a cookie that was actually an
executable named wrongly, you'd never find it. It also seems to me
that if I am able to *name* the cookie on you machine that I might be
able to re-name it and then by opening it, Windows would run it, but
I can get at it in other ways. I can send you a "harmless" readme.doc
that WORD woudl open with an Autoexec macro that opened the "cookie."

 The fact that no one has done it yet doesn't faze me.

 But what worries me most about cookies is that big companies like M$
(or the CIA) might decide to shut us down for the "best" of reasons,
without consulting us. In fact, I'm sure that Windows has such a
capability built in. They'd be crazy not to.

RG> I don't trust ANYTHING written by Microsoft.

 Me either... in fact, I expect them to actively work against me.

> Good luck... I was talking about the nice-lady spinmeister from
> Microsoft who admited a few weeks ago that a bug still exists in
> WinXP.

RG> Just one bug? Heck, I'm sure it has a lot more than that.

 She called it a back door.

> By JAVA, I meant that you have JAVA loaded on *your* machine
> which will then run java beans as they arrive.

RG> I trust that you DO know the difference between Java (a virtual
RG> machine) and javascript (a script file coding language)? They
RG> are NOT the same thing, they are NOT related, and JAVA
RG> files/programs are not run by explorer, OE, or the like.

 The Java machine is invoked automatically if you've got it loaded,
but VB is almost as bad.

> Any self-loading program is susceptible.

RG> Yes it is, and that's why the smart people simply disable this
RG> capability. I always thought you were smart.

 I *am* smart, and what you think about it is of no consequence. I do
you the courtesy of not talking down to you, I expect you to do the
same for me.

No Regards,
Bob



--- BQWK Alpha 0.5