Facebook implements malicious link-scanning serviceby Steve Ragan - Oct 3 2011, 15:36
Websense, along with social networking giant Facebook, announced a plan on Monday that will protect users from malicious links posted to their walls and news feeds. The new security feature is part of an integration partnership that relies on Websense’s cloud-based classification engine.
Starting today, Facebook users might notice the warning pictured below as they follow links posted to their news feeds. If a link is known to Websense as malicious, the warning will alert the user and advise them to skip it. Moreover, this same warning also offers a chance to continue and assume associated risk, return to the previous place on the news feed, or obtain additional information.
Implementing Websense’s ACE (Advanced Classification Engine) on the backend, Facebook is looking to alert users to potentially harmful destinations.
ACE is a real-time analysis engine that lives in the ThreatSeeker Cloud. Over the years, Websense has refined its detection and mitigation abilities, which are leveraged by this technology. It’s the same SaaS (Software as a Service) offering that powers the TRITON security platform used by several enterprises across the globe.
The image below shows how ACE works, as it sits on Facebook's backend.
The move is sure to cut down on some of the more obvious problems related to Web-based attacks, such as links pointing to known exploit sites. Still, it is unknown if this new step will protect users from falling victim to scams, like the ones looking for survey participants with catchy and often hyped headlines or content.
Example: "You won’t believe what this woman did to her baby! She should be arrested. Video here: hxxp://www.[redacted].com"
This is because such sites have to be classified by ACE before they are blocked. While ACE is quick on the uptake, we here at The Tech Herald don't think this will end the world of Facebook scams any time soon.
However, it will help some corporate users when it comes to mixing business with social pleasure. According to a study from Ponemon, 63 percent of organizations surveyed agreed that social media use by employees places the business at risk of infection and other security-related issues. Oddly enough, only 30 percent had some sort of AUP or other controls in place to address such factors.
Automatic notifications, combined with a policy or general rule to skip links that are flagged, could go a long way to offering some basic protection to business users. Yet, this line of thought can only be tested over time.
Home users are better off avoiding the flagged links, unless they are willing to assume the risk or are positive the link is legitimate. In many cases, and we know we're stating the obvious, it is better to be safe than sorry.