Facebook deal with Websense doesn't solve security woes, say experts
Facebook has a lot of work to do to protect 700 million users
By Taylor Armerding | CSO | Published: 11:12, 07 October 2011
Facebook just got safer, according to a press release last week from the social networking giant and the Internet security firm Websense.
But safer does not mean safe, according to other web security experts, who say that while Websense technology will bring a measure of security to the site's 700 million members against the dangers that lurk outside Facebook, the company still has a lot to do to clean its own house.
The Websense technology is aimed at malicious links, helping Facebook users avoid falling for common scams that seek to trick them into clicking through to sites where their information could be stolen or their device infected.
Related Articles on Techworld
If users click on a suspicious link, they will be warned on a page that will let them continue at their own risk, return to the previous screen or get more information on why the site was flagged. But it does not address malicious applications found on the site itself, which could lead to malware being downloaded to their computers.
"Oddly, they seem to be looking outward, as if everything is lily white on the inside," says independent security consultant James Arlen. "To be blunt, until you've cleaned up your own house, you should shut up (about security)."
And Arlen says Facebook has a lot of cleaning up to do.
"When you say the outside is bad, you're saying the inside is good, which is Ministry of Information stuff," he says, adding that he doesn't think the risks have changed for the average user.
"They've made it easier for people to find you, which means it is easier for people to stalk you. They don't provide parental controls. They're not dealing with the fact that if you want to see a 16 year old with her top off, go to Facebook. And the ease with which common accounts are violated is kind of shocking."
Rafal Los, enterprise and cloud security strategist for HP, says the collaboration with Websense is "addressing the symptoms and not the root cause" of risks to Facebook users. The company, he says, needs to "fix the API, more or less. They need to review all the applications that go into their ecosystem. But, anytime something grows that large, the ability to control the content gets more difficult."
Los says part of the problem is that for Facebook to remain competitive, "they have to continue to have the latest and greatest (apps)," and the company apparently does not have the means or the will to review them all.
"It's throwing a Band-Aid on the problem," he says, "where the new cool is winning over safety and security.
The new collaboration is better than nothing, Arlen says. "But barely good enough is not good enough. It's like living in a house that barely meets code. I don't want to live in a place that's going to fall down in 10 years."