Sophos recommends ‘walled garden’ to Facebook


Facebook has defended its security efforts after a report suggested it should follow Apple's "walled garden" approach to apps.

Security firm Sophos said the closed Apple approach "has proven effective in protecting users from maliciously crafted applications."

A Sophos poll carried out amongst Facebook users found 95.51 per cent of users agreed the Apple approach would be better for security.

Facebook said it has extensive controls so when a users wants to add an application it only gets access to "very limited data" and the user needs to approve each additional type of data.

"We have a dedicated team that does robust review of all third-party applications, using a risk-based approach," a spokesperson for the social networking giant said.

"So, that means that we first look at velocity/number of users/types of data shared, and prioritise. This ensures that the team is focused on addressing the biggest risks, rather than just doing a cursory review at the time that an app is first launched."

Facebook said it acts fast to remove or sanction any potentially malicious applications before they gain access to user data. In some cases the company said it will go as far as to bring in law enforcement.

The Sophos report also indicated security threats had risen across social networks, including Facebook.

"Rogue applications, clickjacking, survey scams all unheard of just a couple of years ago, are now popping up on a daily basis on social networks such as Facebook," said Graham Cluley, senior technology consultant at Sophos.

"Why aren't Faceboook and other social networks doing more to prevent spam and scams in the first place?"

The survey showed two-fifths of respondents had been sent malware over social networking sites, representing a 90 per cent increase since summer 2009.

Eight in 10 respondents said Facebook posed the biggest risk to the security of their systems.

Facebook again defended its record in securing users from the likes of spam and malicious software.

"As a result of our efforts, the data we have on interactions of more than 500 million people using Facebook shows that spam, malware and other attacks have decreased in their effectiveness - the opposite conclusion reached by a security vendor," the Facebook spokesperson said.

"It's much more important to measure effectiveness than it is to measure volume. If your spam filter catches all the spam, does it matter that your filter caught 10 per cent more?"

Facebook was involved in another privacy debate this week, as users and security professionals complained about a feature allowing developers to access user phone numbers and addresses.

Facebook removed the feature, saying it wanted to ensure users were only giving away data they wanted to hand over to third parties.

An updated version of the feature is expected to appear in the coming weeks.

IT PRO, meanwhile, has discovered photos with privacy restrictions on them could easily be spread across the internet without users' knowledge.

By simply right clicking and selecting copy image location' on a photo, anyone can then paste the URL to share it with unauthorised users, even those not on Facebook.

Tom Brewster

Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.

He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.