Facebook adds Antivirus Marketplace: Security or marketing?

Patrick Lambert looks at the additional security measures that Facebook put in place for its users, including free antivirus options.

Last week Facebook made two decisions that could increase security for users of the service, which ends up being a lot of people. How much they will be helped is still hard to measure, but the company made two big changes that should end up benefiting a class of users who may otherwise not protect themselves and their computers enough. The first change is the addition of an Antivirus Marketplace, a page on Facebook where anyone can find a list of antivirus solutions to download, and the second is a change in how its backend URL parsing utility works, in order to scan and eliminate malware threats that are linked from Facebook itself. These two changes are said by the company to improve user safety significantly, and help people protect their computers when using Facebook.

The first addition, the Antivirus Marketplace, is somewhat of a strange move. It's available from the security portal, but isn't currently promoted anywhere else. This means very few users are likely to find it. On that page, you can find a list of five popular antivirus solutions from McAfee, Microsoft, Norton, Sophos, and Trend Micro. These are well known solutions, and there's no indication that the software sold there has been modified in any way to be more Facebook centric. In fact, this really looks more like a marketing effort, although it's unclear who will see this list and try these out. Also, there's no special deal either. While they are all free to try, those that cost money after a while, such as McAfee and Norton, still cost money if you get them from Facebook. So really, it's dubious whether this move will change anything at all. Getting Microsoft Security Essentials directly from Microsoft, or going through the Facebook portal, seems to change very little. A better approach here would be for Facebook to actually ask users directly whether they are protected by an antivirus solution, and then offer them these options. Perhaps this will come in time.

The second measure put in place by Facebook,, however is likely to be far more effective. The company has always scanned URLs put into their system. In fact, that very practice has been criticized in the past, when rumors flared up that Facebook was blacklisting the sites of competitors, along with sites promoting activities like peer to peer file sharing. But now, their blacklisting service will have an additional input source. They will use the information from security companies to scan whether these URLs lead to malware sites. It's well known that Facebook is a prime target of scams and can be a good infection vector, purely for its huge amount of users, so having the company proactively go out and scan addresses as they are shared is a big plus. This is the type of service that can really help users, because it's all done on the server side transparently, and doesn't require any user input.

A lot has been said about the perceived value of antivirus in the past. There's no question that the bad guys are still out there, preying on users who may not be savvy enough to protect themselves, but their methods and vectors of attack have changed. Email used to be a prime target, mainly because email clients were weak and did stupid things like run JavaScript or allow binary files to be executed. As these have been hardened, the web quickly became the new prime target. The ironic thing is how the fake antivirus, malware that poses as an antivirus solution and incites you to download it, has been one of the most devastating types of malware out there. Now, any good antivirus solution includes web scanning, where it works alongside your browser to see if a page you load or a file you download contains a known virus.

People who already practice good, safe browsing practices probably don't need this type of security net from Facebook. But these measures aren't put in place for those users. They are added for people who don't know much about computers and don't want to know. They expect that when they see a link to a kittens video, that's what's on the other side of that link. The safer the web can be made for such naïve users, the safer it will be for all of us. Not to mention, providing fewer machines that IT pros have to clean up.

By Patrick Lambert

Patrick Lambert has been working in the tech industry for over 15 years, both as an online freelancer and in companies around Montreal, Canada. A fan of Star Wars, gaming, technology, and art, he writes for several sites including the art news commun...