Wednesday, July 8, 2015

Facebook offers to scan users computer using Kaspersky (ESET, Trend Micro, F-Secure).

I read on the internet one user got a block from Facebook when they went to share photographs from a their photography site to their profile. I'd not heard of this before so decided to investigate.

From what I can see, on the 24th of June 2015 Facebook announced an arrangement with Kaspersky to add Kaspersky to their existing list of anti-malware companies (ESET in December 2014, Trend Micro and F-Secure in May 2014).

According to the information provided Facebook, is identifying suspicious behaviour from a computer and is then suggesting the download and running of an anti-malware scanner. Exactly what that suspicious behaviour is, isn't stated. However it does appear that some people may not be able to use Facebook until they perform the download.

Exactly what the deal is between the software firms and Facebook isn't stated. This could simply be free promotion for the companies. It may also be some form of commission on sales arrangement, or straight payment to Facebook. Of course it may also be a payment from Facebook to the software companies. It would be good to know the arrangement as that helps to determine the motivation for the arrangement.

I've tested all of the currently suggested anti-malware software except for F-Secure, and feel this software often doesn't detect malware. If you do get a signal from Facebook, and assuming it is legitimate, it may be worthwhile to perform a full scan of your computer using additional products, or have a computer support person with the appropriate skills check your computer.

The one question on my mind is what are the signals that Facebook is receiving. Facebook state if "even if the malware isn't actively spreading spam or harmful links.", which to me may mean they aren't detecting that type of malware activity. From the posts I've read some activity may be normal activity of users. It may also be possible people are linking to sites that Facebook has identified as infected, but the example which started this investigation was from a person's computer (which the scan showed as clean) with photos from their site that didn't appear to be infected. If may be the headers in the browser agent shows the browser is, or has been hijacked and Facebook could detect that signal.

In the end this could just as easily be a Facebook upsell. Without further information on what the suspicious signals are, it is not possible to determine. I did read one person on scanning their computer found malware, but from my experience, in some cases, up to one in ten people have malware of some type on their computer even though they have anti-malware software installed.  This experience is from migrating people from one anti-malware software package to another across multiple companies.

If you do get this message from Facebook, perform the scan, but then do additional scans.

Also be careful. Since Facebook is now know to do these scans, it is possible the scammers may use this as an attack vector to trick people to install malware. Make sure you're 100% confident the software you are installing is from Facebook.

Kelvin Eldridge
Call 0415 910 703 for IT support. 

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.