Earlier this week, Facebook and security company McAfee announced a partnership which offers Facebook’s 350 million users a free six-month subscription to McAfee’s security software. Interested parties can visit the Protect Your PC tab on the McAfee Page on Facebook to sign up for the deal. However, the most interesting part of this new partnership isn’t the online coupon, it’s the drastic change Facebook is taking to protect its network involving required virus scanning of user PCs. As of now, users whose accounts have been compromised won’t be permitted to log back into Facebook until their PC is scanned for malware and the infections are removed. Is Facebook overstepping its role by getting into the virus-scanning game? Or is this new move a brilliant strategy that will help make Facebook a safer place?
Virus Scanning Now Required Prior to Login for Infected Computers
In a related blog post, Facebook’s Jake Brill notes that one of the company’s biggest challenges is helping people whose accounts have been compromised by spammers. Users who have had their accounts hijacked are now being identified and are temporarily locked out from logging into the social network until they complete a verification process. Facebook sends the affected user an email to verify that they are the legitimate owner of the account. Unfortunately, most hackers are savvy enough to change the email address and security question after compromising your account, which means many users will still have to contact Facebook support.
A better solution, as it turns out, is to make sure that users’ PCs are protected before they ever log in to the site. This way, Facebook can be sure that there isn’t any malicious software running on the user’s computer. Since many hackers are able to spread their malware on Facebook by way of an infected user’s computer, this new process assures that only clean, uncompromised computers are able to access Facebook.
While Facebook isn’t running a scan on all PCs (yet!), the idea to run scans prior to granting access is one that comes from the world of business networks. Most companies that allow remote access to their internal systems either by way of a VPN, Wi-Fi, or an intranet site often also have security measures in place to verify that users accessing their network have malware-free computers. It’s not unusual for companies to run a scan as part of the user-account-verification process prior to login to check the computer for viruses and other malware, and to make sure that the computer is running the appropriate version of the company’s security software.
Thanks to Facebook’s new partnership with McAfee, the company is basically doing the same thing businesses have done for years. However, unlike corporate networks, only Facebook accounts that have been compromised will be subjected to a scan prior to login.
Is Virus Scanning Facebook’s Job?
Obviously, the goal with this new policy is to protect Facebook users. Even one infected machine can have a ripple affect on the network as the hacker or spammer spreads their malware across the site through the compromised account. Still, some people may feel that Facebook is overstepping its role by requiring users to grant the company (by way of McAfee) the ability to download and run code on their machine which scans all the files stored on their hard drive. We would argue that those backing this argument may be just a little too sensitive to privacy concerns, but that’s a matter of personal opinion.
A more valid point may be the fact that users are required to use McAfee software as opposed to their own already installed and configured security suite. (In truth, McAfee runs a web scan on your machine but like any web-based virus scan, code is downloaded and installed on your machine.) Unfortunately, current anti-malware programs have no mechanisms that can report to a website about the status of a user’s machine – that is, whether or not it’s infected or clean. Maybe it’s time that they should?
A third opinion (and frankly, the one this author can get behind) is that this policy change is, in fact, a brilliant move by the company. No other social-networking service goes so far as to verify its users are entering their site with clean, virus-free PCs. And since Facebook is only scanning previously compromised computers, one could argue that it’s actually doing these users a favor. Despite years of warnings, a surprising number of Windows users still don’t run anti-virus programs on their computers. (Macs and Linux have less issues with malware – whether that has more to do with their inherently more secure nature or the unappealing small size of their install base is constantly debated). The problem has become so bad over the years that Microsoft finally released a free anti-virus program called Security Essentials which is available to anyone running a legal copy of Windows.
Requiring this subset of uninformed users to shape up or stay out will certainly help the social network stay safer for the rest of its users. Nevertheless, cynics may wonder how much of Facebook’s decision was truly done in the name of security and how much was simply a desire to take part in what’s likely a very lucrative deal with McAfee. The security company is the other big winner here – it now gets its name in front of hundreds of millions of Facebook users, specifically the ones who need their help the most. Talk about targeted advertising!
It should be interesting to see how big of an impact this policy change has on the safety and security of the social network over time. Assuming it has a notable impact, we may even see other social networks and online communities take the same measures in the future. Whether that would a good thing for the Internet as a whole is still open for debate.
