Anti-Spyware Programs Snare Ad Cookies, Google Cookies Evade All

Cookie deletion has long been a bÊte noire of the online ad industry. A soon-to-be released report from independent spyware researcher Ben Edelman, however, highlights the degree to which spyware detection software employed by users may be contributing to the cookie crushing phenomenon. Perhaps his most intriguing finding: Yahoo’s pay-per-click ad conversion tracking cookies were ensnared by six spyware programs, while none of Google’s conversion cookies were caught.

Edelman studied which of 11 spyware detection programs tracked cookies from a range of 50 ad systems, including ad networks, affiliate networks and Yahoo’s and Google’s pay-per-click ad systems.

Among the detection programs analyzed were well known applications McAfee Internet Security Suite, Symantec’s Norton Internet Security and Microsoft Windows Defender. Others including LavaSoft’s Ad-Aware, PC Tools’s Spybot Search and Destroy, Webroot’s Spy Sweeper, and ZoneAlarm Internet Security Suite were also tested.

Only ZoneAlarm automatically removed all cookies it detected, according to Edelman’s analysis.

Rather than surveying users about whether or not they employ anti-spyware applications to delete cookies, Edelman chose to take a more scientific approach. “The idea here was to do this pretty straightforward testing method,” he told ClickZ News. “I wanted to see how much of this was really going on.” His report, entitled “Cookies Detected by Anti-Spyware Programs: The Current Status,” was sponsored by Cape Town, South Africa-based search marketing outfit Clicks2Customers.

While Yahoo’s pay-per-click ad conversion tracking cookies were detected by six of the anti-spyware programs tested, Google’s were not found by any. According to the report, “Google’s conversion-tracking cookies offer an unusual model of cookie implementation. Google creates a separate cookie for each advertiser… to insist that each advertiser’s tracking data be stored separately and retrieved only when specifically requested by Google.” Google’s cookies consist primarily of number strings, Edelman explained. “They’ve placed each advertiser’s tracking cookies into a different cookie file in the user’s disc,” he said.

On the other hand, Yahoo’s conversion tracking cookies are more readily recognizable as such because they include Yahoo’s Overture domain. As Edelman surmises in the report, “Perhaps anti-spyware programs regard Google’s system as more privacy-protective — since Google cannot easily read all these distinct cookies en masse. Or perhaps anti-spyware programs have no easy way to detect these arbitrarily-named numeric files without a risk of random false positives.” Yahoo did not respond to inquiries from ClickZ News by the time this story was filed.

Other results are not entirely surprising. In most cases, the wider the reach of the ad network, affiliate network or ad management system, the more readily it was tracked. For instance, the affiliate networks whose cookies were caught in spyware detection webs most often were the bigger ones: Linkshare and ValueClick’s BeFree were both snagged by seven of 11 programs. ValueClick’s Commission Junction and Tradedoubler, a European pay-per-performance service, were both nabbed by six. In comparison, affiliate networks like AffiliateFuel, DoubleClick’s Performics and AzoogleAds were found by only one or two spyware detection applications.

The same was true of ad networks Advertising.com, Casale Media and ValueClick’s FastClick, each of which had its cookies discovered by eight of the 11 spyware-tracking systems tested. Cookies from aQuantive’s Atlas ad management platform were found by eight programs, while DoubleClick’s and Zedo’s ad platform cookies were detected by seven programs. Cookies served by SEM management platform MatchCraft and behavioral targeting system Revenue Science were each tracked by only one spyware detector.

“This totally makes sense,” affirmed Eric Eller, senior director of products and marketing at the huge ad network Advertising.com; in particular, he believes the network’s cookies were tracked at a high rate because there are so many of them being served. “It might just be proportionate to the amount of people we reach on the Internet,” he concluded. Ad networks and platforms like Advertising.com employ cookies to enable ad targeting, message sequencing, frequency-capping and to track when ads lead to purchases or other ad conversions.

Spyware-sweeping software programs including PC Tools’s Spybot Search and Destroy, Trend Micro’s Anti-Spyware, LavaSoft’s Ad-Aware and Webroot’s Spy Sweeper each found more than 45 percent of cookies distributed by the ad systems analyzed. Yet, more widely-recognized programs such as Symantec’s Norton Internet Security, McAfee Internet Security Suite and Microsoft Windows Defender detected absolutely zero of the 50 ad systems tested for the study.

Some users and anti-cookie watchdogs may be dismayed by the discovery that widely-used spyware detectors are not tracking ad-related cookies. But Jeff Molander, CEO of affiliate marketing consulting firm Molander and Associates, is heartened by it. “This demonstrates that [large affiliate networks] have done a good job to make sure they’re not being targeted” by the anti-spyware programs, he suggested.

“I do think that if privacy concerns continue to escalate, and users respond by choosing [lesser-used] applications over the larger anti-virus players, the affiliate networks will need to figure out a way to get ‘un-targeted’ by the smaller, niche anti-spyware and adware firms,” Molander added.