Monday, May 31, 2010

Facebook Worms and some small steps to protect yourself

This morning I was answering some messages from some folks that I know and care about in other parts of the country.  While doing this I was staring at my lap and wondering what sort of pseudo-intellectual blather I'd write about and it presented itself to me.

Facebook has some well known privacy flaws.   I have my own account's privacy settings turned so tightly that the only thing you'd be able to tell about me is my picture, my name, and what city I live in.   I've given that much away here on this blog, and more. 

The problem is that most people sign on and think that it is this warm and fuzzy place to chat with friends near and far and everything is safe.  Links that people post to You Tube about dogs that make demented sounds like this one, links to NPR quizzes about whether you could pass the citizenship test (I got 100%), and links to this blog amongst others.  Those are safe. 

The question is how would you know if they are?

The answer to the question is that you never can be 100% certain.  There are people out there that get their "jollies" at causing others pain.  In the gaming world they're called "griefers".  In psychology there are many names for them, psychotics, sociopaths and deviants come to mind but I am sure you can find other names as well. 

There are some steps you can take though. 

First, I use Firefox.  Others use Internet Explorer which I personally find slow and lumbering.  Both of those browsers have a strip at the bottom of the window (caught you looking, didn't I?) that is called a Status Bar.  The Status Bar is well named since it gives you information on what is happening to the browser at this moment.  See, it tells you about the status.  Well named, right?  Ok, I'll tone down the chirpyness since I have only had one mug of coffee at this point this morning. 

You can check in Firefox to make sure it is turned on by these simple steps:

Click View, and the words "Status Bar" should have a check mark to the left of it.  
If not, click on it.

The Status bar will tell you when you hover over a link what that link points to.  It is up to you to look at that link and decide whether it is safe and that is a judgment call.   If the link is supposed to be to the rather excellent organization that will help deserving dogs and cats and other animals find a way out of a shelter to a forever home called Petfinder and you hover over the link you will see the following text in your status bar:

It is a reasonable link.  However if you find a link to a Russian Site or to something that simply doesn't fit - DO NOT CLICK!

Second you have to be informed.   This is not a "Gas and Go" culture.  This is a computer.  Yes, you can go your entire life and never get hit by one of the nasties out there, but people are looking for you.  The nasties could be as simple as being Rick Rolled and getting to see a video from Rick Astley here.

Go ahead, you can click on those two links and see a discussion on the phenomenon and internet meme as well as the song itself.

The idea is that forewarned is forearmed.   Why it is important to be informed is that this culture offers many benefits to those who are connected.   You can be anywhere in the world, connected on any sort of link or any sort of computer and order something from your favorite store, get a discount over the corner shop usually, and have it waiting for you when you get home from your Holiday in Ibiza if the trip is long enough.  You can transact banking business with your Tennessee based bank from the beach in Key West on your laptop.  This is all well and good, it makes business more efficient and lowers costs and creates savings that are supposed to be passed onto the consumer and usually aren't but it also creates a problem.

The problem is that if you are a "gas and go" computer user you most likely already have a virus or a trojan.  If you have a trojan that reports back to the host your user name and password you have lost your banking security.  Imagine taking your ATM Bank Card and writing your PIN on it in ink so that it may be read.  That is what happens when your details are stolen online and they happen frequently.

A possible solution is to never use a computer for anything but banking and perhaps shopping at "valid" sites, but we're back to that judgment call thing. 

I found another option.   On Facebook I "like"d Sophos.  Sophos has been reporting back to me virus information so I can be informed.  Now you can too.  This link is to their Facebook page.  If you are on Facebook, I suggest you add them and you will get a message or three a day.  I am sure there are others and as I find them I'll add them too.  Their page is also open and visible to the outside world so if you check them periodically and do not have Facebook, you can be informed as one of the many sites that have this sort of information.

These sort of evils on Facebook are all browser based viruses.  You can get them on any modern browser, and the Facebook exploits actually change Facebook to add an application that you do not want so that it can spam everyone and get more widely spread.   If you are on Windows, you can go to  and run a free virus scan but I really recommend getting to Microsoft and installing Microsoft Security Essentials.  I did that when I worked as an IT Manager and since it is free to windows users, you don't have to pay Mc Afee or anyone else and remain protected.

Since it is browser based, you can also get this on a Mac or Linux.  You are less likely to get them there for various reasons, but it is up to you to make sure that you don't have the problem.  I don't run either operating system as much as I could or should, and I have both, but they also get effected.

Good luck.  If you need help, my billable rate for this sort of thing is negotiable.

No comments:

Post a Comment