Facebook alliance with Websense not enough, experts say

Facebook has taken a step in the right direction, but it still has work to do in cleaning its house, according to two experts

Facebook just got safer, according to a press release last week from the social networking giant and the Internet security firm Websense.

But safer does not mean safe, according to other web security experts, who say that while Websense technology will bring a measure of security to the site's 700 million members against the dangers that lurk outside Facebook, the company still has a lot to do to clean its own house.

[More details on malicious links in 5 Facebook, Twitter scams to avoid]

The Websense technology is aimed at malicious links -- helping Facebook users avoid falling for common scams that seek to trick them into clicking through to sites where their information could be stolen or their device infected.

If users click on a suspicious link, they will be warned on a page that will let them continue at their own risk, return to the previous screen or get more information on why the site was flagged.

But it does not address malicious applications found on the site itself, which could lead to malware being downloaded to their computers.

"Oddly, they seem to be looking outward, as if everything is lily white on the inside," says Toronto-based independent security consultant James Arlen. "To be blunt, until you've cleaned up your own house, you should shut up (about security)."

[ Read our guide to social media risks]

And Arlen says Facebook has a lot of cleaning up to do.

"When you say the outside is bad, you're saying the inside is good, which is ('1984') Ministry of Information stuff," he says, adding that he doesn't think the risks have changed for the average user.

"They've made it easier for people to find you, which means it is easier for people to stalk you. They don't provide parental controls. They're not dealing with the fact that if you want to see a 16-year-old with her top off, go to Facebook. And the ease with which common accounts are violated is kind of shocking."

Rafal Los, enterprise and cloud security strategist for Hewlett-Packard, says the collaboration with Websense is "addressing the symptoms and not the root cause" of risks to Facebook users. The company, he says, needs to "fix the API, more or less. They need to review all the applications that go into their ecosystem. But, anytime something grows that large, the ability to control the content gets more difficult."

Los says part of the problem is that for Facebook to remain competitive, "they have to continue to have the latest and greatest (apps)," and the company apparently does not have the means or the will to review them all.

"It's throwing a Band-Aid on the problem," he says, "where the new cool is winning over safety and security.

The new collaboration is better than nothing, Arlen says. "But barely good enough is not good enough. It's like living in a house that barely meets code. I don't want to live in a place that's going to fall down in 10 years."

Join the CSO newsletter!

Error: Please check your email address.

Tags Internet-based applications and servicessecuritysocial networkinginternetwebsenseFacebook

More about FacebookHewlett-Packard AustraliaWebsense

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Taylor Armerding

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts