Have you ever gotten a weird message from your Facebook friend asking you to view their cool new video? Then once you click on it you are directed to one of those File>run screens? If you proceeded with those directions, there is a good chance that you were exposed to the Koobface worm. This is a virus that has the ability to access Facebook log-in credentials in order to assume the identity of a Facebook user. It then sends a message to all of the users’ friends asking them to click a link leading to their new video which in actuality a link to download malicious software to your computer.
Facebook CEO reported in March of 2009 that only a small number of users have been affected by this virus but it is not the first of its kind to infiltrate the site. Therefore Facebook has taken new security precautions in the last year to better screen invalid users and applications. They also implemented a way for users to verify Facebook approved applications by looking for the Facebook validation badge [seen below.] Facebook says that many of the applications are not intentionally vicious but were improperly setup by the application creator.
This leads me to the central problem which is Facebook’s blanket acceptance of Facebook applications with not enough attention given to the intentions or abilities of the creator to form a secure product. Facebook concedes that they “err on the side of permissiveness” in order to promote growth of the site but this is at the risk of the users and their personal information. Many viruses target such social-networking sites due to this same fact of popularity that Facebook strives for. For this reason, Facebook must establish a list of priorities in that the safety and security of their users comes before marketing and site expansion.
Facebook should be more critical when deciding which application is able to be circulated on the site and should also test these applications before exposing them to the users. In turn, users [such as ourselves] should be more mindful of the possible threat that applications may carry and always check for the new Facebook validation badge before allowing an application access to your profile and its contents. These measures may not eliminate the possibility of exposure to malicious material, but it may reduce Facebook’s attractiveness and popularity in the world of viruses; and send worms like “Koobface” somewhere else.
Sources:
Posts
I don't think facebook should be the blame for this. Even though you pick up the virus through their website. I say this because facebook doesn't force anyone to download any extra applications, it's all on the individual who chooses to. It's a very easy thing to avoid, simply just don't download extra applications. It would seem to me that facebook as a company doesn't have enough time to worry about little applications that they didn't create. Again, no one forces anyone to download any extra applications so just don't do it and everything will be fine.
ReplyDeleteI would have to disagree with the above statement. I believe Facebook is to blame. Although we volunteer to put our information up on the site, Facebook as site should protect the integrity of our information. Also even though we are not forced to download the applications on Facebook, they have become an integral part of the site. How hard is it for a company worth as much as Facebook to screen applications and protect their users?
ReplyDeleteWell, maybe I'm wrong, but wouldn't this type of problem be of a more "local" origin, as opposed to it being an external attack, per se? I guess what I mean is that wouldn't this kind of attack be initiated by a fellow Facebook user (who maybe goes my the name of 'John Doe', and has malicious intent)? If this is the case, then I think that it would be difficult for Facebook to keep tabs on and keep up with these sorts of attacks. I don't think that the site necessarily filters the content that goes into these messages that are sent from user to user, which makes these kinds of viral attacks so dangerous. There are similar computer worms and attacks that are passed via Instant Messaging services, such as MSN Messenger; they are still having trouble controlling this, too. I think that users of these social networking sites share a great deal of the responsibility to try and prevent these kind of attacks from spreading. If the message does look suspicious, don't download the app. There are hundred of apps from hundreds of perfectly good-intending users being created all the time, and I think that it would be difficult to try to screen them all in an effort to find those well disguised attackers.
ReplyDeleteI feel like facebook could do a better job of checking out these applications, but overall, I think it is the users responsibility to be wary of applications. Facebook does give a warning every time you add an application saying it is from an outside source and you give it permission to access your account. With the ridiculous number of applications that currently exist, I think that facebook would either have to completely get rid of applications or keep it how it is because there are simply too many to monitor.
ReplyDeleteAs far as the malicious links, it would seem like another common sense thing to not press run, but as we have seen before, common sense is not always so wide spread in the internet using community.
It seems to me that this is an example of the inherent dangers that come with internet use. It's not necessarily anyone's fault except for the individual who designed and used the malicious virus attack. Certainly, Facebook could implement stricter application checks and users could be more suspicious of things like this. However, at the end of the day, new forms of these problems will always arise and, unfortunately, test the security of these venues.
ReplyDeleteI believe Facebook is to blame for this. Although the user is responsible for the applications in which he or she downloads, I believe it is Facebook's responsibility to make sure the applications on the site are safe and virus free. As TMGP already said, Facebook does warn the user before accepting an application; however, I do not think they give enough of a warning. To my knowledge, there is no mention of the possibility of faulty sites, viruses, etc. Personally, I believe Facebook, being the popular site that it is, should take more action and try to fix these problems. If Facebook does not, they will begin to lose users to other social networking sites.
ReplyDeleteI agree with KAK. It's not the greatest analogy, but it's like when you find out that McDonald's salads are about twice as bad for your heart as a normal hamburger - you would think that getting a salad would be better for your heart and McDonald's is exploiting the common conception that salads are better for you than hamburgers. When users log into Facebook they expect that to a certain extent they are protected from hackers. Facebook shouldn't be expected to block every attack, but they shouldn't allow applications from unknown sources to run on their site when they know that, in general, users think they are safe because those applications fall under the Facebook umbrella.
ReplyDeleteAfter reading the comments to the article I get that people are trying to say that both sides should take responsibility. The users shouldn’t think that Facebook has everything protected and that they can click wherever they want. They have to be smart and look into what they really are clicking for. Also Facebook shouldn’t just ignore and say that the users should be more care. As Llontop said, people attack instant messaging and MSN is still trying to fight it. Facebook needs to look into possible solutions to help secure its user and prevent these attacks. The one think that I have realize after our discussions in class is that now I am much more aware of what I am clicking and am more careful on where I go on the internet.
ReplyDelete