Facebook's Newest Move To Tighten SecurityFacebook's Newest Move To Tighten Security
Facebook enlists the help of Microsoft and four other security vendors as it improves defenses against malware, phishing, and spam. One tactic: Block malicious URLs.
April 25, 2012
6 Social Sites Sitting On The Cutting Edge
6 Social Sites Sitting On The Cutting Edge (click image for larger view and for slideshow)
Facebook on Wednesday said it is working with Microsoft, McAfee, Trend Micro, Sophos, and Symantec to help improve security for its users.
The social networking giant, which plans to go public next month, has become a target for spammers and scammers due to its size. A similar trend happened to Microsoft's Windows in the 90s and has started to happen to Apple's OS X. Any massively popular platform attracts attackers.
To protect its 845 million users, Facebook is integrating malicious URL data provided by its security partners into its URL blacklist system.
[ Is HTC's rumored Facebook phone folly? Read more at Facebook Phone: 4 Reasons Why It's Crazy. ]
"So whenever you click a link on our site, you benefit not just from Facebook's existing protections, but the ongoing vigilance of the world’s leading corporations involved in computer security," the company explains on its security blog.
Keeping its users secure also happens to serve Facebook's best interests, as the site's reason for being involves sharing as a vehicle for advertising. Sharing becomes a lot less appealing when there's a risk of contagion.
Facebook's security partnership isn't just a one-way arrangement. In exchange for access to its partners' valuable security data, Facebook is offering its partners greater visibility through the Facebook AV Marketplace. As its name suggests, AV Marketplace is an online store for downloadable security software from Microsoft, McAfee, Trend Micro, Sophos, and Symantec. And it's not just for Windows users; AV Marketplace also offers security applications for Mac users.
Many Mac users remain skeptical about the need for malware protection, despite the recent Flashback trojan outbreak. Sophos' statistics indicate that one in 36 Macs is infected with OS X malware. The company's data also shows that one in five Macs harbors Windows malware, which could pose a threat to connected Windows machines.
Sophos blogger Carole Theriault celebrates the Facebook partnership while also pointing out that users need to take an active interest in their security. In a blog post, she likened security software to automotive safety features like brakes and seatbelts, noting that if people fail to use them, they're worthless.
"To better safeguard your account, make sure you choose a strong unique password for your Facebook account, and don't tell it to anyone," she wrote. "Look over your privacy settings regularly and carefully choose your configuration. Take care when downloading applications. Only befriend people you know. Report suspicious activity to Facebook."
Sophos's presence among the other security companies is noteworthy because the company has been more than a little bit critical of Facebook security in the past. In a blog post comment, Graham Cluley, senior technology consultant at Sophos, insisted that the beatings will continue.
"We don't have any plans to stop reporting about Facebook security and privacy issues," he wrote.
Perhaps it's too much to hope that Facebook's partnership with five security vendors might mean fewer noteworthy security incidents.
At a time when cybercrime has never been more prolific and sophisticated, budgets are being cut. In response, IT is taking a hard look using third-party services--outsourcing--to meet security challenges. Our Making The Security Outsourcing Decision report outlines the various security outsourcing options available. (Free registration required.)
About the Author(s)
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
Passwords Are Passe: Next Gen Authentication Addresses Today's Threats
How to Deploy Zero Trust for Remote Workforce Security
How to Use Threat Intelligence to Mitigate Third-Party Risk
Everything You Need to Know About DNS Attacks
How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment