Last week Facebook made two decisions that could increase security for users of the service, which ends up being a lot of people. How much they will be helped is still hard to measure, but the company made two big changes that should end up benefiting a class of users who may otherwise not protect themselves and their computers enough. The first change is the addition of an Antivirus Marketplace, a page on Facebook where anyone can find a list of antivirus solutions to download, and the second is a change in how its backend URL parsing utility works, in order to scan and eliminate malware threats that are linked from Facebook itself. These two changes are said by the company to improve user safety significantly, and help people protect their computers when using Facebook.
The first addition, the Antivirus Marketplace, is somewhat of a strange move. It’s available from the security portal, but isn’t currently promoted anywhere else. This means very few users are likely to find it. On that page, you can find a list of five popular antivirus solutions from McAfee, Microsoft, Norton, Sophos, and Trend Micro. These are well known solutions, and there’s no indication that the software sold there has been modified in any way to be more Facebook centric. In fact, this really looks more like a marketing effort, although it’s unclear who will see this list and try these out. Also, there’s no special deal either. While they are all free to try, those that cost money after a while, such as McAfee and Norton, still cost money if you get them from Facebook. So really, it’s dubious whether this move will change anything at all. Getting Microsoft Security Essentials directly from Microsoft, or going through the Facebook portal, seems to change very little. A better approach here would be for Facebook to actually ask users directly whether they are protected by an antivirus solution, and then offer them these options. Perhaps this will come in time.
The second measure put in place by Facebook,, however is likely to be far more effective. The company has always scanned URLs put into their system. In fact, that very practice has been criticized in the past, when rumors flared up that Facebook was blacklisting the sites of competitors, along with sites promoting activities like peer to peer file sharing. But now, their blacklisting service will have an additional input source. They will use the information from security companies to scan whether these URLs lead to malware sites. It’s well known that Facebook is a prime target of scams and can be a good infection vector, purely for its huge amount of users, so having the company proactively go out and scan addresses as they are shared is a big plus. This is the type of service that can really help users, because it’s all done on the server side transparently, and doesn’t require any user input.
People who already practice good, safe browsing practices probably don’t need this type of security net from Facebook. But these measures aren’t put in place for those users. They are added for people who don’t know much about computers and don’t want to know. They expect that when they see a link to a kittens video, that’s what’s on the other side of that link. The safer the web can be made for such naïve users, the safer it will be for all of us. Not to mention, providing fewer machines that IT pros have to clean up.