Facebook Requires McAfee Scan If There's A Security Breach? Is This Security Or A Marketing Program?
from the marketing-as-security?-security-as-marketing dept
sinsi was the first of a few to send in the news that Facebook has new rules if your account is suspended due to a security breach. You will now be required to use McAfee's security software to scan your computer. Have perfectly good security software from Symantec? Too bad. Use Linux? Not sure what you do. While McAfee is offering a free tool for scanning, it's only free for six months and then you have to pay -- meaning that this is really an upsell plan. Facebook claims it chose McAfee after a "competitive review process," but that makes no sense. Why not offer up a list of ways that you can prove your computer is safe that is vendor neutral?Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: marketing, security, social networks
Companies: facebook, mcafee
Reader Comments
Subscribe: RSS
View by: Time | Thread
Because Vendor Neutral doesn't pay
[ link to this | view in chronology ]
Wow.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
marketing, pure and simple
Exec 1: We have to do something about all of these people getting their accounts stolen by this malware stuff.
Exec 2: We should give them a deal to protect themselves. Who has the best security software?
Exec 3: Well these two over here are rated as really good.
Exec 1: Well McAfee says that they'll pay us for every time somebody downloads their software through us and they'll pay us MORE if they actually buy it!
Exec 2: Great! McAfee it is then.
Exec 1: Should I fire up the phishing emails?
Exec 2+3: Go for it!
[ link to this | view in chronology ]
Re: marketing, pure and simple
Exec 1: We're getting a lot of crap about viruses on our site.
Exec 2: Hrm. How do we make this not our problem?
etc.
[ link to this | view in chronology ]
how is business deals wrong?
Facebook and any company for that matter has the right to make deals with other company's. They are stupid for requiring mcafee as this will cause others to leave/ignore account...but it is their right.
[ link to this | view in chronology ]
Re: how is business deals wrong?
Unfortunately, I don't have the right to not have to acknowledge the existence of people who can't read.
[ link to this | view in chronology ]
Re: how is business deals wrong?
Can you point to where I said that it was "wrong"? All I said is the same thing you said: that it's a questionable move. I did not question whether or not they have the right to do so. Of course they do, but as you said, it appears to be a bad move. I expressed my opinion on that, as did you. I'm not sure what you're complaining about.
[ link to this | view in chronology ]
Re: Re: how is business deals wrong?
Have you ever tried to de-install McAfee? It is a virus!
[ link to this | view in chronology ]
Re: how is business deals wrong?
The article in question was published by an Australian newspaper, in this way it is stating that any Australian who has a contractual basis with facebook via their Terms of Service (TOS) ie: a User with an account, whether paid or unpaid, is required by said TOS to ONLY use Mcafee Antivurus products.
Requiring a specific third party product only and since it is NOT free and only available for certain OS's falls under a certain requirement in Australian Consumer Trade laws.
This section (section 47(6) of the TPA [http://www.austlii.edu.au/au/legis/cth/consol_act/tpa1974149/s47.html]) PROHIBITS OUTRIGHT the supply of goods or services on the condition that the purchaser buys (or uses) goods or services from a particular third party, [in this case McAfee] or a refusal to supply because the purchaser will not agree to that condition.
This test is also not subjected to the standard Competitors test either, which means McAfee does NOT have to be a competitor to Facebook as per other Anti-Competitive frameworks.
So in actual fact it IS wrong and strictly unlawful for Facebook to require this. Though most likely only when dealing with Australian users (and that doesn't mean the users have to be within Australia at the time of use either).
[ link to this | view in chronology ]
Re: Re: how is business deals wrong?
Yeah because whichever nationality you are, your own country's laws protect you and surround you like a bubble, making you immune to local laws. Try it out, in Thailand! It'll be a fun 'in your face' for those locals!
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Typo
[ link to this | view in chronology ]
Re: Typo
[ link to this | view in chronology ]
Re: Re: Typo
[ link to this | view in chronology ]
Re: Re: Typo
[ link to this | view in chronology ]
Re: Typo
[ link to this | view in chronology ]
Re: Re: Typo
[ link to this | view in chronology ]
Re: Typo
[ link to this | view in chronology ]
Re: Typo
your = possession
you're = you are
[ link to this | view in chronology ]
Pure co-marketing...
[ link to this | view in chronology ]
Re: Pure co-marketing...
I'd still like to know what you're expected to do if your account gets compromised when you're using Linux or an iPhone, though... (I do both)
[ link to this | view in chronology ]
Tonight... on Secuuuuurity Theatre
The major downside is that the best way to tell if your computer has FB-spamming malware on it is to see if your account is spamming Facebook. Which it can't do if it gets disabled. And considering that users tend to go to FB more frequently than they do higher risk stuff like banking or shopping, they won't have the early warning that would be provided by all their friends telling them to stop with the spam or the other telltale sign of having to solve a CAPTCHA at every login. This puts them in more danger because when they do put more sensitive information (like bank or credit card details) into a website, it will get stolen.
Also, going with a single product means there's only one look and feel that the fake AV writers will have to duplicate on Facebook.
So it's a bit short-sighted, I guess is what I'm saying.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
stupid is as stupid does
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re: Microsoft's free Anti-Virus tool
http://www.microsoft.com/Security_Essentials/
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Statistically speaking
99.9% of the facebook "security breaches" happen on windows machines anyway.
In fact - I think we'd all be hard pressed to find a case of one on Linux or a fully updated OS X installation.
So, I guess the bottom line is that if you're using windows and you're not secured then this will temporarily remedy that. If you're using windows and you are secured - then this event is fairly unlikely. And lastly, if you're not using windows and this happens - then you must be fairly incompetent...
The only downside is if you're logging into facebook via a friends pc which is already infected.
As for the idea that facebook uses are less intelligent - consider this, at least they have a leg up on myspace users and for that fact alone should be given a little credit.
Don't get me wrong - I hate McAffe as much as the next guy. I've uninstalled their Security Center (from infected customer pc's) more times than I want to even remember. But it is better than nothing for someone computer illiterate enough to be in this situation.
Just my 0.02$
- FJM
[ link to this | view in chronology ]
[ link to this | view in chronology ]
The ad CPM model failed, so on to innovation!
I could definitely see the abuse just waiting to happen. How long will it be before Techdirt articles news about an "explosive" growth in security breaches on Facebook?
I'm giving it a week, and not a day more.
To the executives at Facebook: McAfee? Are you stupid? Even Microsoft's new Security Essentials has been given a better rating and it's free... forever.
I guess it could be worse. McAfee could hire the ex-CEO of RealNetworks.
[ link to this | view in chronology ]
Actually (and I'm not shilling here)
That's a big part of the issue with this move. Even if it was vendor neutral it still wouldn't actually solve the problem. Facebook can't make you patch your OS and applications because if it wanted to do that it would have to look at everything in your OS and your installed software, find what you're missing, and tell you to install that before reactivation. Obviously it can't do that (and you wouldn't want it to anyway, I hope). It also can't make you not follow bad links, or even give you the tools you need to determine which ones are bad.
Well, basically it's not within Facebook's capacity whatsoever to stop bots and spam. It's probably not within the AV vendors' capacity either. Their analysis and signature development is pretty good, but they're up against sophisticated and untouchable criminal enterprises on the one hand, and a user base of people who can't possibly keep up with all of the developments in malware (and don't want to) who are on machines that aren't up to date on the other. The only reasonable conclusion is that this is, in fact, marketing. One of them "synergies" they like so much in the suit world.
Might as well, though. Folks by and large aren't going to pay for the license when the trial ends, and if people don't use FB, they don't get their marketing data. So it'll undo itself pretty quickly and none of this will change anything about botnets or spam or user awareness, and then the experiment will end and things will be back to normal. No big deal.
[ link to this | view in chronology ]
Re: Actually (and I'm not shilling here)
Even Nortons does a better job at scanning, let alone all the others. McAfee uses the most system resources of the major AV software packages out there. Its hard to uninstall.. There isn't a positive feature about it.
Facebook could if it wanted to make you patch your system. They could use software like Cisco's Clean Access Agent (Which I hate with a passion, but it would work) which checks for a list of approved anti-virus, makes sure its enabled, your system is patched. The facebook just blocks all traffic from non-clean access agents and redirects them to a site saying to download Clean Access Agent. So yes, its possible for them to do whatever the want.... just not advised.
In Short...Wheres the delete account button? Facebook isn't worth this much trouble
[ link to this | view in chronology ]
Who cares if they're providing the software?
[ link to this | view in chronology ]
Re: Who cares if they're providing the software?
They aren't making you buy McAfee, they're making you allow them to use McAfee -- a company it is presumed they trust -- to scan your computer *for free*. Of course, my source may be wrong, but if true ... what's the big deal? Who cares?
"""
Actually, if that is true, that is even worse. You're cool with letting some nebulous server scan your computer remotely? I've got some swampland in Florida that you may want to buy...
[ link to this | view in chronology ]
They're all like that.
Seriously. I told the IT person at the local public library how much worse Word 2007 is than the Word 2003 they replaced with it, and how much crappier their computer are since the latest OS upgrade. Her response: "It's the productivity software choice of libraries and other organizations across the country." I suggested the fact that the "productivity software choice" of pointy-haired bosses everywhere actually made things WORSE should, just maybe, tell her something about the comparative virtues of "industry best practices" set by pointy-haired bosses, vs. user community feedback. I might as well have been speaking Esperanto.
[ link to this | view in chronology ]
Hot reps?
[ link to this | view in chronology ]
I'm glad I know about this because now I'll be ESPECIALLY vigilant when protecting my facebook account. The threat of having to install.... McAfee products on my computer is incentive enough to never, ever give away my facebook password!
...While I'm at it, is there any d**k I need to suck too? I'll do ANYTHING to not have to install THAT!!
[ link to this | view in chronology ]
Started a FB cause
Prevent Facebook from requiring McAfee Anti-Virus software
http://apps.facebook.com/causes/432982/87214516
[ link to this | view in chronology ]
If you lose control of an account while you're on Linux (*NIX), it would have to be due to something else that no Windows anti-malware can detect and clean.
If your account was phished/socially-engineered, no software protection could have prevented it from happening. Therefore, using anti-malware to address this vector won't work.
If your account was brute-forced, Facebook should probably look into limiting failed login attempts. Obviously, this is their problem and not yours. More so, if your account was compromised because of an SQL injection instead of a brute-force.
If the people behind Facebook are really as smart as we're told they are, they should know this.
[ link to this | view in chronology ]
McAfee - So Bad It's Free
I get deals from Buy.com and the like all the time selling McAfee 3 user licenses for under $10. If this stuff is so great why are they giving it away? This is the Yugo of security software.
Facebook can have my forking account, ain't no way I'm putting that crap on my PC.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Useful OCR tool
[ link to this | view in chronology ]
McAfee Facebook app
I'd like to see McAfee develop a tool which would do a quick scan when a use attempts a logon to a URL or share and upon detecting a virus or malware, cleans it up. The Cloud offers real opportunities such as this, but all in all, I think FB & McAfee took the high ground.
[ link to this | view in chronology ]
Facebook requiring a McAfee Scan.
This is a blatant scheme to help McAfee gain market share through millions of Facebook users.
Another note: I was using Google Chrome when this happened. When I logged in again using Internet Explorer I was able to log in as usual. Hmmmmm. Is this an attack on Google?
[ link to this | view in chronology ]
Re: Facebook requiring a McAfee Scan.
[ link to this | view in chronology ]
Facebook forcing all users to McAfee
[ link to this | view in chronology ]
I think this is a scam
Guess what "NO VIRUS'S were detected" then the next screen is an OFFER for McAfee.
Bull is what this is.
[ link to this | view in chronology ]
I think this is a scam
Guess what "NO VIRUS'S were detected" then the next screen is an OFFER for McAfee.
Bull is what this is.
[ link to this | view in chronology ]
http://arstechnica.com/security/2013/02/facebook-computers-compromised-by-zero-day-java-expl oit/
But, nah, just necro-posting...
[ link to this | view in chronology ]
I think...guess what.
Just have 1 big question though. Can you afford to do it? If so, do it now:D If not, keep on blaming Facebook or McAfee, anyway, they're earning bigtime while we're loosing. It's your right.
Atleast some people know the difference of "you're" and "your" :D)
[ link to this | view in chronology ]
This should be illegal
[ link to this | view in chronology ]