Facebook Adds Malicious Link Protection 113
wiredmikey writes "As any IT security department knows, social networks pose a significant threat to users across the board as they blindly click links which often lead to spam or other malicious sites that could result in malware infection. In a move to further protect users of the world's largest social networking site, Facebook is adding a new feature to help protect users from links to these malicious sites. Starting today, when a Facebook user clicks on a link it will be checked against a database from Websense in an attempt to determine if the link is malicious. If the link is determined to be risky, the user will be given the choice to continue at their own risk, return to the previous screen, or get more information on why it was flagged as suspicious."
Facebook vs. others (Score:5, Insightful)
Re: (Score:2, Interesting)
Or, to use a simple comparison to something that both exists NOW and ISN'T a Duke Nukem Forever-like vaporware joke (both in persistent nonexistence AND inevitable lack of impact if/when it finally is released), links to Google+ streams.
Re: (Score:2)
Apparantly Suckerborg himself donated to Diaspora to help fund its development. Would be interesting to see his motivation there. Was he simply donating to a "good cause"?
Re: (Score:3, Insightful)
He was basically laughing at the idea that Diaspora would turn out to be anything but a never-left-the-ground wankfest for the RMS-style dot communists.
G+ probably has him worried. Diaspora is a joke.
Re: (Score:1)
the majority of the population wouldn't be able to type Diaspora when drunk, even if they could remember it, which they won't because it has no meaning to them in the first place like a large number of stupidly named OSS applications.
It's doomed from the start simply due to those factors which is as tragic as it is maddening. It's obvious some people know nothing about 'selling' their product, even when it's a free one.
Re: (Score:2)
Yup. I just took a look at diaspora and the instructions seem barely usable for setting up a server.
I got to about the second line of the install script and it died since it wasn't running as root. If they need some ruby libraries installed they should supply a list so that they can be installed using your package manager, not tell you to use some 3rd-party package manager that will stick who-knows-what in your root filesystem. Or, they should just have it install stuff into their own directory tree.
Gran
Re: (Score:1)
but what about when competing social networks, like Diaspora
Diaspora is a competitor to Facebook like Miss Ruth's Finishing School for Girls is a competitor to the State University of New York. Sure, they occupy the same generic space. Sure, they are both institutions of 'higher learning'. However, they don't attract the same kind or number of people and never will.
I know you people have this dream where every large company goes bankrupt and the underdog wins. When that happens, the underdog becomes the company you want to destroy. You're being anti-success, and t
Re: (Score:3)
I don't know how to break this to you, but there are other social networks. Some of them even existed before Facebook!
Re: (Score:1)
Pfft. Whatever. Soon you'll tell us WoW wasn't the first MMO either.
Re: (Score:2)
Wait, you still think Diaspora is ever going to amount to anything at all?
Re: (Score:2)
Speaking of this, I was on Facebook the other day, and a friend was telling me about Facebook censoring links about Facebook. This particular link was an article about someone trying to put a gay kiss photo on Facebook and them getting all uptight about it (removing it). The weird thing was whenever the guy tried to post the link, it would disappear.
So there seems to be something about it. Makes me a bit uneasy that FB would do something like that. The link to Diaspora worked, however. Not sure what exactly
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
That's quite unlikely. Facebook's biggest threats are as a monopoly or for "unfair business practices." Doing something like you describe would just open them up to tremendous liability. Google is being scrutinized right now for the same behaviors: are they unfairly favoring their own links against competitors. Just b/c they can do something technically doesn't mean they can do it legally. I think it is highly unlikely that FB's spam link protection tech would ever be used for anything other than spam prote
Re: (Score:2)
fighting malware and virii are a lot like fighting real diseases as soon as something is cured some new disease tends to come along. lets put it this way, i once heard of a server being hidden in a wall, just to protect it from accidental resets because it was vital to booting the whole college network. the thing is that admin moved along and the next guy didn't have a clue when the server used up its lifespan, the next guy spent weeks trying to fix it. eventually tracking down the box from its ethernet ca
Re: (Score:2)
Sure, it might be used for blocking malicious links now.. but what about when competing social networks, like Diaspora, emerge? Looking at Facebook's history I'm sure they will use it to block users moving to Diaspora and reading about Diaspora. It will be used as an opinion suppression tool.
I remember a while ago when the lamebook website (posted screencaps from Facebook that were amusing) was in legal arguments with Facebook over trademarks, links to lamebook on Facebook did not auto link properly.
I think they also don't auto link (or hinder posting) any link that has the word "torrent" in it.
Both of these might be out of date now, so I don't know if they still do it.
Hm. (Score:2)
Ignoring potential future abuses, wouldn't it make more sense to disallow the posting of likely-malicious links? The vast majority of users won't read the warning text and will just click through.
Re: (Score:1)
If they did that, they would have no excuse for intercepting and tracking the links you click.
Link is broken (Score:4, Informative)
Re:Link is broken (Score:5, Funny)
Re: (Score:2)
Re: (Score:2)
I was just thinking, it would be nice if Slashdot had some anti-malicious link tech blocking their advertisers. Swear to god, last drive-by spyware attempt I intercepted was from clicking on some dumb ad (some curiosity, but more to give /. a little click-through love).
What about bad apps? (Score:3)
I've yet to have a relative's computer contract a virus because of a Facebook link, but it seems that every other day they've got some Facebook app spamming everyone on their friends list because of the promise of free online poker or whatever. When does Facebook intend to do something about that? Ever?
I think that is the aim of this initiative. (Score:2)
Re: (Score:2)
I'm talking about malicious links inside Facebook; Websense identifies malicious links outside facebook.
Re: (Score:2)
Re: (Score:2)
Editors (Score:2)
Guys, come on!
In all seriousness, this'll be helpful for home users much more than it will in the office. I'm just surprised they've taken this long to do it; they've MITM'd every link for at least a year and a half.
Google+ (Score:3, Informative)
Let me guess... Google+ is listed as a malicious website.
Re: (Score:2)
Facebook IS the malicious link! (Score:2)
And people will go anyway (Score:1)
Danger-Well (Score:1)
checking or tracking? (Score:2)
Am I the only one that think it is a little fishy that they are not checking the links when they are published, but only when user are clicking on them. So instead of doing one check per link they think it is better to do million checks... or this is just another excuse to track which user are clicking which links... but I guess that is just me being paranoid.
Re: (Score:2)
First, it's better to check each time -- because a link that was just dandy when published could become malicious over a few days' time. If it only checked once, that'd be an easy way to circumvent the system.
Secondly, of course Facebook is tracking who clicks on what. And if you don't think any other major site is doing the same, including every search engine result on Google (not just G+), then you are in for a shock.
wrong.. wrong.. wrong.. (Score:1)
This has been occurring on the mobile version app for at least a week now, and it doesn't check.. every damn link you hit does the "this is an external site.. do you want to continue" crap. Its annoying. *IF* it only did it with suspect links like Google does with its search results or chrome does when it detects something, that'd be ok... but its done it for every damn link so far.
Not to mention I can't stand websenses listings (old employer used them and stuff was incorrectly classified all the time)
Wait... (Score:2)
Chrome already does this (Score:3)
This sounds a lot like the 'Safe Browsing' feature already built into Chrome. It provides a warning screen on a suspicious page, and then allows the user to continue, or to go back.
As long as there is an opt-out setting, I really don't see what the big deal is. Am I missing something?
Opera does too, via "Haute Secure" (Score:1)
is the service they use for similar features for security online!
I supplement BOTH of those browsers "built-in features for security" (Opera also has a urlfilter.ini/filter.ini file for this locally also) with HOSTS files (vs. host-domain name based threats, which can & DO get "recycled" by malware makers), + firewall rules tables (for IP address based known online threats (these don't last that long usually & cannot be recycled/reused by malware makers as easily)).
* I do this, for BOTH better onlin
Well that's clever (Score:2)
For your safety.
In this case, I applaud Facebook (Score:2)
This is actually an issue they should have addressed a long time ago. Lots of people have their accounts hijacked and then they start sending out malicious links. And the bots are getting better at faking normal people.
I like saying "Boo Facebook" as much as anyone, but they need to do this. I don't believe this particular initiative is meant for political censorship. They already have those capabilities. I think the only thing they really gain from this partnering is the ability to block malicious lin
Click Tracking (Score:1)
Of course this tells them which links you click on. And if Chrome does this, too, then google is not only aware of your searches but also the links you click on outside their domain.
Neat.
Re: (Score:2)
Exactly. The content containing the link is already on their servers. The could check it there and annotate. What they want is to know if you've clicked it.
It will work fine... (Score:2)
If visiting a site can result in malware infection (Score:2)
then you have much bigger problems than Facebook.
even better protection from Facebook links: (Score:1)
DON'T USE FACEBOOK
So which comes first? (Score:2)
Quote from article: "Starting today, when a Facebook user clicks on a link it will be checked against the Websense database in an attempt to determine if the link is malicious."
So... Do the malicious links people post always end up in the WebSense malDB before anyone views them?
Or... Does the hosting provider of said malicious link take the "site" down first?
All I read is another FUD-calming act. Read: "Look what we've done to make our site better for you to belong to today!"
Facebook blocking malicious links... (Score:1)
So Facebook is going to block links to sites that are full of spam, or attempt to take all of your personal information in order to make money from it...
So, as best I can tell, Facebook has deemed Facebook.com to be a malicious link...
Link protection easily broken (Score:1)