Antivirus Advice - bits of advice to keep your computer safe

Introduction

Facebook has been one of the Internet’s greatest successes ever. It is reported that there are now more than 400 million user accounts, and Facebook recently overtook Google as the most visited web site.

Lately some interesting news regarding Facebook and Facebook users have emerged on the Internet. We will use this as the basis for a general discussion about Facebook and some of the issues involved in using / depending on Facebook. 

Note that this article has several links to external web sites. These will all open separate browser windows.

The cases

Let us start with looking into some interesting cases, which in different ways involve Facebook and the users of that social networking platform.

The announcement of Facebook Open Graph

Facebook’s Chief Executive Officer announced new details of the Open Graph system on the F8 developer conference in San Francisco 21 April.

Simply put Open Graph is a system to integrate web pages into Facebook and Facebook into web pages. The system uses a set of social plugins that can be implemented on a web site by inserting some simple HTML code into the web pages.

One way to use this system is that when a web site has been “Facebook aware” using the Open Graph technology, information about your Facebook friends’ preferences regarding some objects on the site will appear when you visit the site. You will get information about which of your friends that have clicked the Like button, which is perhaps the most obvious social plugin to implement.

The site owner is also able to stream updates to users who have “Liked” a particular object on the site, as well at user statistics about those users. Information that is publicly available on a user’s Facebook account is also available to the web site that has implemented the Open Graph system.

The advantages of the Open Graph system for the users are quite obvious, as it extends part of Facebook’s functionality – which users enjoy immensely – into another arena. Seen from the web site owner’s point of view of the advantages are also apparent, as it enables more direct communication with the site’s visitors.

Are there any disadvantages?

References:

• Open Graph Protocol (Facebook developers)
• Facebook Announces Open Graph API and 5 New Social Plugins at f8 (Inside Facebook)
• Facebook’s Open Graph Personalizes the Web (Mashable – The Social Media Guide)

One and a half million Facebook accounts for sale

Last week Verisign’s iDefense reported that a hacker was selling 1,5 million Facebook user names and passwords. The selling price was unusually low, only about USD 25 per 1 000 accounts with ten friends or less, and USD 45 per 1 000 accounts for those with more than ten friends.

There is nothing new in selling compromized Facebook accounts. The news aspect of this item is rather the number of allegedly compromised accounts, and the surprisingly low prices. A Google search for facebook account for sale reveals lots of hits to web sites where one can purchase compromised Facebook information. 

The point in mentioning this incident in this context is to show that cyber criminals are focusing on Facebook account as a mean to conduct their criminal business. This can be accomplished either directly by exploiting the owner of the compromised account or indirectly, by using the obtained Facebook identity to frame the account owner’s friends.

References:

• 1.5 Million Facebook Accounts for Sale in Web Forum, Verisign Reports (eWeek)
• 1.5 million stolen Facebook accounts for sale (Techworld)

Microsoft Office integrates with Facebook

FUSE Labs is a Microsoft entity, which

(…) works in partnership with product and research teams to ideate, develop, and deliver new social, real-time, and media-rich experiences for home and work. FUSE Labs experiences give users new ways to create, connect and collaborate with the people, information and ideas that matter to them.

About one week ago FUSE Labs announced a beta version of Docs - a system to discover, create, and share Microsoft Office (Word, PowerPoint, Excel) documents with Facebook friends.

Docs is a system that allows collaboration with Microsoft Office documents - integrated in Facebook. This includes creating, editing, incorporating feedback, and ultimately (potentially) sharing publicly.

References:

• Docs Can Be Friendly Too (FUSE Labs)
• INTRODUCING DOCS… for FACEBOOK (Lili Cheng on Docs.com’s blog)
• Discover. Create. Share. (Docs BETA)
   

Reflections on some potential implications

All eggs in one basket

Facebook is a proprietary system operated by one entity. In general this has advantages as well as disadvantages. One obvious advantage is that it ensures greater flexibility as no coordination with other organizations are required whenever changes are implemented. A similar obvious disadvantage is that one has to rely on one vendor to behave in a manner that fulfills users’ requirements.

In particular if users make Facebook a part of their crucial systems for performing work tasks and personal communication, dependency on one vendor may be dangerous.

Over the years there have been several examples that Facebook has been unreachable (for whatever reasons) – see f.ex. this message on Facebook’s own Wall as recent as 29 April 2010. If someone relies on that channel as the only mean of communication, this obviously represents a problem.

Relying on Facebook as the all-important tool for document handling – which might be tempting in view of the Docs technology described above - meets the same potential problems.

We are not saying that this will necessarily be an issue. The point here is rather to stress that one should be careful to set up critical work-flow systems that are dependent on a single point-of-failure.

The privacy issue – part I

Privacy issues and Facebook have always been discussed. As a user you (often) reveal personal information – some of which is mandatory when registering.

The way Facebook is used, revealing quite extensive personal information is (implicitly) encouraged, as this helps potential friends and acquaintances finding and befriending you. Sharing personal information however - particularly globally - always has its considerations, as this may make you a target for identity theft, as well as burglary. This has been discussed in previous security articles, see f.ex. HELLO! My house is ready for burglars.

The privacy issue – part II 

In recent years we have seen a tendency for people to disclose information about themselves indiscriminately. At the same time, the public seems to be interested in lots of information about completely unknown persons. One example of this is the boost of reality series on TV stations all around the world.

Another example is the way some use Facebook, Twitter and other social media - as a vehicle to inform their friends, and in some cases the world’s population, about absolutely each and every trivial task performed. Even more amazing - at least to the bystanders to this behavior - is that this information is perceived as interesting.

Unfortunately not only trivial information is published. Some often publish information of a private, and even an intimate character. This may be information that a person regrets having released into the public domain at a later point in time. Retracting such information, however, is no trivial task, which have been the topic for several interesting articles and discussions. 

The privacy issue – part III

Information may be seen as a commodity. Information can be sold. Precise information is more valuable than imprecise.

Information about a group of people’s preferences is valuable for vendors of all types of products, as it enables marketing campaigns to be targeted. And – one should not conceal the fact that it may be perceived as an advantage to the target group as well. Most people prefer to be exposed to marketing campaigns about merchandise they are interested in, rather than totally random marketing campaigns. One typical example of a successful implementation of targeted marketing is Amazon.com’s system for recommending books and other stuff based on the type of material you previously purchased, and the purchases of other persons with similar preferences as you.

The problem that many privacy oriented groups see with this, is that assembling information from different sources may be abused, both by authorities and commercial parties. This is a discussion that in itself may merit a separate article.

The Open Graph initiative outlined above does indeed support collection and manipulation of data – for good or bad, depending on your point of view!

Safety or insecurity in big numbers

Malware writers with criminal intent may use two different approaches to trick their potential victims:

• The targeted approach, which relies heavily on social engineering and enables tricking the victim in a convincing, personalized manner.
  Only a limited number of potential victims are targeted, and the potential for success is quite good in percent of the total number of victims approached.
• The widespread approach,  where the malware is spread indiscriminately to a huge number of potential victims.
  The theory behind this is that even though a small percentage is successfully tricked, the resulting total number is good enough for the malware author.

In order to use the widespread approach, the malicious person must be able to reach a population that has a certain size. Utilizing a vulnerability in an obscure application does not suffice, which is the reason why wide-spread programs like operating systems, browsers and popular free programs are targeted.

If one views Facebook as an application, it is used by so many that it obviously qualifies for targeting by the widespread approach. The increasing number of malware that target Facebook users is yet another proof that the malware writers agree with this view. Still another proof is the case mentioned above with the Facebook accounts for sale. The market for acquiring illegitmate accounts is viewed as interesting because the accounts can be sold at a (reasonable) profit and thereby generate income for criminals.

On the other hand, it may be comforting to think that of all the millions using that system, any single individual should be quite unlucky to be one of the relatively few to be hit by such malware. There is a certain degree of security in big numbers as well.

Summing up

Facebook is a tool that may provide pleasure as well as improved working conditions.

However, as with most tools it should be used with caution, as there are pitfalls that the inattentive user may fall into.