Facebook Enlists InfoSec Mavens for Big Malware Vaccination
Apr 25, 2012 2:51 PM PT
Constant hammering by hackers and mutilation by malware have motivated Facebook to enact new security measures.
The social networking giant has also launched an antivirus marketplace from which users can download full versions of these companies' AV offerings at no charge.
"The vendors mentioned represent a substantial portion of the installed antimalware base," Aryeh Goretsky, a Distinguished Researcher at ESET, told TechNewsWorld.
"We are actively looking for new partners and are continually looking to expand our URL database," Facebook spokesperson Johanna Peace told TechNewsWorld.
What the URL Database Will Do
Facebook will check links users click from its site.
Further, Facebook's AV partners will post information and updates on the company's security blog.
"Overall, it's a good move that Facebook is taking its responsibility as an unwilling carrier of malicious traffic seriously and taking steps to prevent people who use its services from becoming infected," ESET's Goretsky commented.
Limits to URL Database Protection
URL blacklisting "is largely a reactive technology ... so attacks against users are not going to disappear overnight," Goretsky pointed out. "They are just going to focus more on bypassing the promoted products and use social engineering."
That might mean an increase in phishing attacks, where hackers send out targeted emails to potential victims to get them to click on a link or visit a Web page loaded with malware.
Further, the malicious URL databases won't be able to protect users against zero-day attacks or against new modifications of old or existing malware until a signature is detected. While new variants are sometimes spotted in the wild by AV researchers, sometimes signatures aren't detected until at least some computers are infected, which is why zero-day attacks still make the news.
"We are working with McAfee and Microsoft to provide scan-and-repair systems for users we identify as affected by malware," Facebook's Peace said. "Malicious URL databases exist to prevent users from visiting a site with known issues."
Free AV Lunch?
Users who download any of the AV packages listed on Facebook's AV page will get a license to use them free for six months.
However, they may have to pay for the packages after that.
Perhaps the only truly free products are Microsoft Security Essentials and the AV product from Sophos. Microsoft Security Essentials is available free "for genuine Windows customers," Microsoft spokesperson Lacretia Taylor said.
Protection? What Protection?
Most new PCs come preloaded with software from one of the several AV vendors in the market. Installing a different antimalware package on top of one already being used on a user's PC "could lead to conflicts," ESET's Goretsky warned.
One result of AV software conflicts could be that the user's PC may not be able to connect to the Internet, according to Windowsfixup. The site recommends that users install only one strong antivirus package and make sure it's kept up to date.
Why Facebook Needs More Protection
Facebook has been a prime target for hackers and malware authors over the years.
In April researchers at Trusteer discovered a new configuration of the Ice IX malware that steals credit card and other personal information from Facebook users who have logged into their account.
At one point last year, images of porn and violence were flooding Facebook's pages.
Facebook has worked with McAfee to protect users for some time now, and it signed up Websense as a security partner in October.