We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Facebook expands blacklist of malicious URLs

Facebook has added seven more antivirus vendors to its AV Marketplace, a move that gives the social network a total of a dozen companies whose databases it can tap to identify malicious website links on the site.

Facebook identified the additional partners Tuesday. They include avast!, AVG, Avira, Kaspersky Lab, Panda, Total Defense and Webroot. The companies join Microsoft, McAfee, Norton, TrendMicro and Sophos in selling or offering for free antivirus products for PCs, Macs and mobile phones.

In expanding the choices on its antivirus marketplace, Facebook is expanding its blacklisting reach with more databases it can use to check that may have been placed there by a hacker. Legitimate links on Facebook are sometimes hijacked by criminalsto direct someone to a website where malware can be automatically downloaded.

In 2008, Facebook launched a security system called "the link shim" that checks the URL whenever a link is clicked to check the destination. If it is on a blacklist, then a warning pops up notifying the user he could be headed to a malicious website.Ã'Â

Bolstering the tool is expected to help businesses, as well as consumers. Many companies have built what Facebook calls Pages on the site for marketing products and building a fan base. Having a better mechanism for catching hijacked links prevents embarrassment.

"If I was Facebook, I would do whatever I could to publicize [link shim] and to push it to whatever extent I possibly could," said Dan Olds, and analyst for the Gabriel Consulting Group. "It's features like that that will make businesses more confident in giving greater freedom to Facebook users within a company."

The effectiveness of Facebook security has been questioned in the past. In August, the company revealed that it found 14 million user accounts it considered "undesirable," meaning they are likely spewing spam or deploying malicious links and content.

While the number was a small percentage of the 955 million users of the site at the time, it was still large enough to worry security experts Some recommended better user-verification tools to help combat problems associated with bogus accounts.

[See also: 10 security reasons to quit Facebook]

Facebook has added security features over time to improve user safety. On Monday, the company stopped letting people find others by using the mobile phone number used for two-factor authentication. The move came less than two weeks after a security researcher disclosed that someone could match randomly generated phone numbers with Facebook users.

If businesses using Facebook follow best practices, such as keeping applications and antivirus software up to date, then they are likely to avoid many of the risks on the site, Olds said. Businesses should also educate employees on Facebook how to avoid scams that try to trick them into giving out user IDs, passwords and other personal information.

"It's hard to believe that there are still people out there that will give up personal information on these kinds of scams," he said. "But if people wouldn't give up information, then hackers wouldn't keep doing it."

Read more about social networking security in CSOonline's Social Networking Security section.


IDG UK Sites

Best Christmas 2014 UK tech deals, Boxing Day 2014 UK tech deals & January sales 2015 UK tech...

IDG UK Sites

LED vs Halogen: Why now could be the right time to invest in LED bulbs

IDG UK Sites

Christmas' best ads: See great festive spots studios have created to promote themselves and clients

IDG UK Sites

Why Apple shouldn't be blamed for exploitation in China and Indonesia