Why Facebook's partnership with Websense falls short on protecting users.

circuit_board_keyholeEarlier this week Facebook announced a partnership with Websense to help keep users safe from outgoing malicious links. Security experts have weighed in on the issue, and while a step in the right direction, this will not be enough to secure the platform.

The Websense collaboration will provide users with great protection on what lies outside the realm of Facebook by scanning links to external sites. The problem is what goes on internally on Facebook. According Network World, “Facebook still has a lot to do to clean its own house.”

As we have warned several times in the past, Facebook is rife with rogue applications that can be used to spam and scam users. We have seen these applications work all sorts of mayhem on Facebook. The more innocent ones lead to annoying survey scams and marketing gimmicks, while others are used to deliver malware to unsuspecting users. There is very little oversight on Facebook’s part on third party application developers. There is no formal application review process like there is on Apple’s App Store. The problem is so rampant that one of our most popular security articles is:

How to protect your Facebook account from Rogue Applications

James Arlen, an independent security consultant from Toronto sums it up like this, “Oddly, they [Facebook] seem to be looking outward, as if everything is lily white on the inside. To be blunt, until you’ve cleaned up your own house, you should shut up (about security).”

Rafal Los, an enterprise and cloud security strategist for HP states that the partnership with Websense is “addressing the symptoms and not the root cause.” “It’s throwing a Band-Aid on the problem.”

Facebook Timeline: Open Graph Apps to be Reviewed before Publication Previous post Facebook Timeline: Open Graph Apps to be Reviewed before Publication 30% of teens and young adults have had their Facebook hacked by a 'Friend' Next post 30% of teens and young adults have had their Facebook hacked by a 'Friend'