Facebook did a little sneaky last week, much like Politicians release bad news when a World Disaster hits so it doesn’t get the coverage it deserves! When Facebook launched Facebook Places last week they also launched their new Developers Roadmap for the months ahead…
I’ve been talking to Matt Masiak from Intellectual Property Online and we have been discussing the potential security disaster looming with the new move planned by Facebook. At the end of the year Facebook plans to move from FBML to iFrames (whilst still supporting existing FBML apps) all new apps will have to be created in iFrames. You can read more about this on InsideFacebook.com
Here are Matt’s thoughts on the new move:
From what has been explained, facebook are reducing their involvement in the loading of the applications. Your computer will be talking directly to the apps server, not via facebook anymore. This removes a key line of defence if the apps server should ever be infected or malicious.
Currently the FB app would have to pass it’s code through FB servers to your computer. If there were any malicious coding it would get stripped out by the FB proxy (like a firewall) before it reaches your computer. This means the malicious coding from the app server won’t be able to reach you.
Now, with FB not monitoring this coding, this will give a free reign for the FB App server to run any script it likes to your computer. That’s a whole line of defence now removed from the playing field.
Once the changes go live, I’ll give it less than a week before people start to get infected by drive by download Trojans from an infected FB app server. If this picks up in the underworld then FB themselves will be fighting a losing battle to ban these servers/applications. If one can get through that will open the doors to thousands every day (literally as it will most probably be run by botnets).
The only protection you will now have against corrupted or malicious FB app servers would be a GOOD up to date antivirus and perhaps the firewall that goes with them. – Good generally means, not free or cracked no matter how you look at it.
I personally recommend ESET and F-secure although there are many other good ones, personal and professional experience says the ones to stay away from would be MacAfee, Symantec and AVG.
Although my subscription has run out to the industry AV comparison company, you can easily and freely learn a lot about online threats there and through their news section.
www.vb100.net
The last acknowledged test I’ve seen was by av-test.org. These tests are mainly for malware infections and how the products stood up against them. Find the details here;
http://www.av-test.org/certifications
Matt works as a Programmer for Intellectual Property Online and previously worked in IT Security at Infologic Solutions Ltd www.infologic.uk.com
So are we now looking at Speed and Convenience for Facebook versus the little people with Free Antivirus software? Is Facebook about to face one of it’s biggest tests as an online Social Media giant? What do you think?