Antivirus Vendors Consider Facebook Activity Protection

Vigilance is important when browsing a bazaar, be it a real-world marketplace or an on-line social network. Antivirus vendors recognize the need to protect their users from malicious and otherwise fraudulent activities on social networking sites. Symantec and BitDefender are starting to experiment with Facebook apps that keep an eye on the user’s Facebook profile and links.

Traditional Browsing Oversight Approaches

Antivirus vendors can review the safety of the users’ web browsing activities at the network’s perimeter, by installing a browser add-on and by tapping into the end-point’s network functions. The technology for accomplishing this is relatively mature. Yet, it has to deal with several challenges:

  • Without actually integrating into the social networking site, the anti-virus tool may encounter difficulties parsing the social networking website’s code and content to identify suspicious elements.
  • Furthermore, the tool will have a hard time reviewing the context of the user’s social activities to determine whether they are risky—a capability that may prove useful in the future.

These are some of the reasons why antivirus vendors are starting to experiment with tools written as applications that use the social networking site’s API. Rather than running on the user’s system, these apps run on the antivirus vendor’s infrastructure. (Dare I say that this is an example of a social networking cloud anti-virus?)

Protecting Facebook Activities

I came across two Facebook apps by reputable companies that are designed to improve security of the user’s Facebook activities: Norton Safe Web and BitDefender Safego. Facebook users can install these apps into their Facebook accounts for free. The apps are designed to flag potentially malicious links shared by the user and his Facebook friends.

When these apps detect a malicious link on the user’s wall, they include the alert in the report. Here’s what the relevant excerpt from a BitDefender safego report:

Norton Safe Web didn’t consider this particular link malicious:

By the way, don’t visit that site. It’s malicious at the moment.

BitDefender Safego also aims at warning the user when his Facebook profile settings present a privacy risk. However, in my limited testing, I was unable to trigger the alert even after making all aspects of the Facebook account visible to everyone:

The tools are testing the waters of social networking capabilities of Facebook, providing features to alert the user’s Facebook friends if the links they shared are malicious. For instance, Bit Defender Safego makes it easy to add a warning in a comment next to the malicious link:

Testing the Waters of Facebook Activity Oversight

My overall impression is that both tools are very early in their product life cycle. For instance, even when they flag a link as malicious, they don’t actually prevent the user from clicking it. Also, their ability to identity the few malicious test URLs I tried was inconsistent.

Overall, the protection these tools offer doesn’t seem to go beyond the web browsing oversight capabilities of mature end-point antivirus software. That might change as the vendors better understand what Facebook app-based tools can do and what the tools’ users want in terms of security. There may be synergy between the Facebook app-based component of the tool and its counterpart running on the endpoint, for instance.

The vendors seem to be using these initial versions of the tools to experiment with Facebook app capabilities and to claim a spot of social networking real estate, which may prove valuable in the future. I’m glad antivirus vendors are starting to explore this way of protecting their users—it may prove useful as the tools mature.

Update: Websense Defensio is another tool that can oversee social network activities for security threats. I took a quick look at Defensio’s Facebook protection capabilities in another post.

Updated

About the Author

Lenny Zeltser is a seasoned business and technology leader with extensive information security experience. He builds creative anti-malware solutions as VP of Products at Minerva. He also trains incident response and digital forensics professionals at SANS Institute. Lenny frequently speaks at industry events, writes articles and has co-authored books. He has earned the prestigious GIAC Security Expert designation, has an MBA from MIT Sloan and a Computer Science degree from the University of Pennsylvania.

Learn more