Facebook the Most Dangerous Social Tool For Businesses

wiredmikey writes "According to a recent study Facebook is by far the most popular and most dangerous social media tool among small-to-medium-sized businesses, with 69 percent of respondents reporting that they have active accounts with this site, followed by Twitter, YouTube, and LinkedIn. Facebook is also the top culprit for malware infections and privacy violations, e.g. the leaking of sensitive company information. YouTube took the second spot for malware infection, while Twitter contributed to a significant number of privacy violations. For companies suffering financial losses from employee privacy violations, Facebook was again cited as the most common social media site where these losses occurred, followed by Twitter, YouTube, and LinkedIn."

"Dangerous" is ambiguous

[iONiUM]

Dangerous in what form? I don't get that.

For malware specficially, well I guess that isn't surprising, I have a facebook account and I always see my friends posting links that are clearly spam. I guess some other people see this and click on it (by accident or not) and then they get infected too, and so it spreads.

Re:"Dangerous" is ambiguous

[camperslo]

Malware is reportedly up about 50% this year. Wondering who the targets are?

GData Software , a German anti-virus firm, details some malware numbers.

Re:"Dangerous" is ambiguous

[freeworldtech]

Strange, facebook always open, people send me lots of garbage, yet my Ubuntu machines with no firewall and now AV seems completely unaffected.

Re:"Dangerous" is ambiguous

[oatworm]

Y'know, they don't call them "rootkits" because they originally came out on Windows...

Re:"Dangerous" is ambiguous

[freeworldtech]

do you have a point

Re:"Dangerous" is ambiguous

[WrongSizeGlass]

Strange, facebook always open, people send me lots of garbage, yet my Ubuntu machines with no firewall and now AV seems completely unaffected.

If I had posted that I'd be sure to blame my computer for the typos, but since it's not the computer it must be something else ... may just the 'U' in Ubuntu? ;-)

Re:"Dangerous" is ambiguous

[93+Escort+Wagon]

Strange, facebook always open, people send me lots of garbage, yet my Ubuntu machines with no firewall and now AV seems completely unaffected.

Darn it, I meant to mod you "funny" but apparently picked "overrated" instead - so now I have to post to erase my mod.

What to say, what to say... Got it!

Hey! I heard with the new IE9 beta, thanks to its hardware acceleration technology, Facebook infections now load 50% faster!

Re:"Dangerous" is ambiguous

Because it's easy to prevent a system administrator's account from modifying the system with magical security voodoo. If you believe that kind of bullshit go buy two copies of Norton AV so you'll be twice as protected. It also whitens your teeth!

Re:"Dangerous" is ambiguous

[FoolishOwl]

You really should have a firewall.

*nix machines are effectively immune to viruses. However, that's not the only security problem to worry about.

Re:"Dangerous" is ambiguous

[mp3LM]

*nix machines are effectively immune to viruses.

Just a note for anyone reading these comments - the parents statement is made up and not true.

Thank you for your time.

Re:"Dangerous" is ambiguous

[sitarlo]

There are 1001 ways a social engineer/criminal/con artist can exploit information found on social networking sites. People who post personal or business information on sites such as Facebook or Twitter are stupid. Want to fight cybercrime? Make the internet anonymous again!

Re:"Dangerous" is ambiguous

[dskzero]

Neither do my Windows machines seem affected. Clearly, this article is a lie.

Re:"Dangerous" is ambiguous

Dangerous in what form? I don't get that.

For malware specficially, well I guess that isn't surprising, I have a facebook account and I always see my friends posting links that are clearly spam. I guess some other people see this and click on it (by accident or not) and then they get infected too, and so it spreads.

Well, last night I was leaving the bar, when Facebook jumped out from behind a dumpster, beat my ass to the ground, and proceeded to rape my anus.

So, it's dangerous in the "it might rape your ass" sense.

Also, I hear if you snort it, you'll get high, but will suffer permanent brain damage. Just Say No.

Re:"Dangerous" is ambiguous

[hesaigo999ca]

>Dangerous in what form?

Stealing is stealing, whether company time spent on the crapper totaling half your day, or sitting at your desk twitting or on facebook, it is still a loss to your company that a) you are responsible for and b) can cost many man hours when you consider how many people have accounts.

The average person spends 50 minutes of WORK time surfing the net (all time high) when they should be working, this is I am sure because of elevated networking and social sites available, multiply this by how many employees, this calculates to almost 100 hours a day spent doing nothing in a company of 100 employees...that's a lot of money to waste on something that is not even productive...or generating revenue for your company

Re:"Dangerous" is ambiguous

[Machtyn]

But information wants to be free!

/laugh, it's good for the body.

Re:"Dangerous" is ambiguous

[FoolishOwl]

The number of viruses that have ever directly affected *nix systems is very small. This is directly due to the model of authentication and limited privileges that has been present in Unix and its derivatives from the beginning.

When I said "effectively immune," I did not mean completely immune. I meant, the odds of infection are negligible, as there have been very few *nix viruses, and those have exploited security holes which have been patched.

Also, I was distinguishing between viruses and other forms of malware, specifically for making the point that one should have a firewall in operation for Linux servers.

Would you care to tender an explanation why it's almost unheard of for Linux boxes to become infected by viruses, given that the world's Internet traffic flows through Linux servers, including countless billions of dollars in financial transactions, making them incredibly valuable targets?

Slashdot in 2010

[bonch]

Almost all of the last 20 or so stories have been about either social networking sites or Google and its products. Man, I remember when programming topics actually used to make it to the front page. You know, news for nerds.

Re:Slashdot in 2010

[geekoid]

welcome to being a market demographic.

Re:Slashdot in 2010

[DragonWriter]

Almost all of the last 20 or so stories have been about either social networking sites or Google and its products. Man, I remember when programming topics actually used to make it to the front page. You know, news for nerds.

Being generous and counting Android (even though it was only briefly owned by Google between the time Google bought it and the time Google transferred it to the Open Handset Alliance) as a "Google product", and going further with that generosity and counting a story about HTC Android phones as being about Android rather than the specific phones and thus a "Google product", I count 7 of the 18 current front-page stories that are either about social networking sites or Google and its product (one of which is about a forthcoming Google social networking product.)

Being even more generous and assuming that the two next most recent stories were also about social networking sites or Google and its products, that's still less than half of the last 20 stories.

Aren't "nerds" generally supposed to be detail-oriented and numerate?

 

Re:Slashdot in 2010

[vux984]

Man, I remember when programming topics actually used to make it to the front page. You know, news for nerds.

Meh, the daily astroturf about Ruby On Rails a year or so back weren't any better. ;)

Re:Slashdot in 2010

[MobileTatsu-NJG]

Almost all of the last 20 or so stories have been about either social networking sites or Google and its products. Man, I remember when programming topics actually used to make it to the front page. You know, news for nerds.

What's especially amazing is that Slashdot covers so many stories about popular sites that require having friends!

Re:Slashdot in 2010

[syousef]

Being even more generous and assuming that the two next most recent stories were also about social networking sites or Google and its products, that's still less than half of the last 20 stories.

Aren't "nerds" generally supposed to be detail-oriented and numerate?

Yes but even if there was an exaggeration here, do we really need half our "stories" to be shilling for Google and social networking sites? If you add Apple products to the mix, you quickly see that this place has gone downhill. I use to read EVERY story on the front page at one point. Now I'm lucky if I care about 2 a day.

Re:Slashdot in 2010

[Bing+Tsher+E]

I remember when Slashdot wasn't assumed to be an 'IT' and 'programming' site. Chips, and Dips, even somtimes chips in DIP packages.

I can go elsewhere for 'IT' news and discussion.

Re:Slashdot in 2010

[Bing+Tsher+E]

Not really 'friends' in the sense we learned of as children. Not even 'friends' in the sense of running into the same guy selling cool test equipment at the swapmeet each year. More the all Zucked up kind of faux-friends.

Re:Slashdot in 2010

[hany]

Did we get there by getting older?

Re:Slashdot in 2010

[DragonWriter]

Yes but even if there was an exaggeration here, do we really need half our "stories" to be shilling for Google and social networking sites?

Even counted generously, less than half the stories were about those topics, and not all of those were positive stories. Negative stories about something are hardly "shilling" for the subject of the story.

If you add Apple products to the mix, you quickly see that this place has gone downhill.

If you want a consistent mix of subjects, got to an outlet that has a narrow, specific, charter applied top-down by an authoritative dictator or small body with stable interests.

Expecting that a site whose content is community driven that features open membership is going to have a stable content mix is...well, its something that could happen, especially in a basically stagnant community, but its not particularly something you'd expect in an active, live one.

I use to read EVERY story on the front page at one point. Now I'm lucky if I care about 2 a day.

Yeah, look, I've been reading Slashdot a lot longer than my ID would suggest. I get that its become less focussed, with more non-tech and much of the tech coverage from more drawn from industry analysis, CIO-oriented sources than developer oriented sources. And its not something I'm particularly fond of myself.

But I'm pretty sure that whining about it in comments isn't useful for much, especially when the specific complaints made are ludicrously hyperbolic.

Re:Slashdot in 2010

[Hognoxious]

Lebbo attempts to cast blockquote. Oh noes!!!! critical fumble!

In other news...

Normal uneducated people post whatever comes to their mind on Facebook.

Film at 11.

Hmm..

Oh my lord... there's MALWARE on Facebook?? I thought all those links for free iPads were real! Noooooo!!!

This shouldn't surprise anyone, really.

Re:Hmm..

[mmaniaci]

Anecdotal proofs don't hold much weight in the real world. Science on the other hand does.

Re:Hmm..

[Bryansix]

Actually I highly doubt facebook.com is serving up malware. However they may be enabling it through their API and third party application support.

Re:Hmm..

[WrongSizeGlass]

Anecdotal proofs don't hold much weight in the real world. Science on the other hand does.

Well, your post doesn't get 'Funny' in the /. world but "there's MALWARE on Facebook??" on the other hand does. Gotta know your audience.

The point is...

[RJHelms]

Don't be dumb on the internet. Got it, thanks.

Never would have figured that out on my own.

Re:The point is...

[geekoid]

IT's bigger then that. Human behavior is evolved to a social paradigm. With that certain expectation have become intrinsic to human interaction.

Not the internet has made it easy for a few jackasses to violate those rules of behavior in a massive and automated way.

This means people need to learn to ignore and change certain expectation. Not something that comes easy.

Re:The point is...

[froggymana]

I thought the point of this article was to switch to Linux which will be free of all of those windoz viruses. Or to perhaps not click on links that you don't trust.

Re:The point is...

IMO one of the worst ones is that the illusion that celebrities are perfect. In reality they are only human.

Re:The point is...

[monkyyy]

not clicking on the free ipads is to hard, linux it is

People think its ok to use facebook at work?

[maliqua]

Companies should simply block social networking sites or have policies against there use. In my office the average user spends 135% of there work hours logged into facebook 135%?! most of them leave it logged in when they go home

Re:People think its ok to use facebook at work?

[turbidostato]

"Companies should simply block social networking sites or have policies against there use."

How this can be offtopic about a news telling that social networking sites pose a financial danger for companies?

It might be "-1 idiotic" but never off topic.

Re:People think its ok to use facebook at work?

[maliqua]

idiotic? Is it not the simplest solution, also one that will make your employees work rather than dick around on each others walls all day? Companies need to stop blaming these 3rd party sites as security breaches and start blaming the people who are in charge of securing there network and work stations. Facebook is a SOCIAL media tool employees in most businesses should have no reason to use it during work hours or on work owned computers.

Re:People think its ok to use facebook at work?

[Culture20]

There are people whose job title is Facebook Liaison. I knew someone a few years back whose whole job was building a Second Life presence. Marketing folk in every company are extremely hot for Facebook for obvious reasons.

Re:People think its ok to use facebook at work?

[tomhudson]

! most of them leave it logged in when they go home

And why are you not helping them by updating their status with all sorts of "interesting" posts and links, and sending out a bazillion "friend" requests on their behalf?

It's the only way they'll learn.

Re:People think its ok to use facebook at work?

Even the article don't suggest it. Read the end of TFA.

Re:People think its ok to use facebook at work?

[cynyr]

then unblock facebook on that one persons or groups computers, not site wide. should be easy to implement.

Re:People think its ok to use facebook at work?

[maliqua]

yes some people do have a valid use for facebook, those people aren't just dicking around they're actually working and the nice things about firewalls is they have rules, and exceptions \o/

Re:People think its ok to use facebook at work?

[houghi]

Just use white lists on all PCs and place some 'general access' in the food area.

All the proxy server needs to do is provide the user a page where his username is confirmed and a field as to why he would need access. Access is then automagically granted for that site and the site placed in a grey list.
Once in a while somebody will check the grey list and add the sites in either black or white list.

If a site is on the black list, a more 'official' request could place it on the white list.

This all would have the advantage that users are very aware of the fact that they will be logged if they go to a strange site. That means that if there is a question, people will have most likely a trace as of why they thought it was a good idea to go to goatse. So there already is a sort of social control.

Re:People think its ok to use facebook at work?

[Bryansix]

Not this generation. I don't care how scarce jobs are. If you block Facebook, they will quit.

Re:People think its ok to use facebook at work?

[WrongSizeGlass]

One of my clients has around 50 workstations that are used only for season/temporary employees. None of the seasonal employees gives a crap about company policies - they just try to get away with whatever they can and still collect a check at the end of the week. Their workstations are configured to redirect to a php script on the server whenever they try to connect to a site other than those on their 'approved list' (they use a web-based app for customer service and shipping). They always deny they did anything but hardcoded IP's don't lie ;-)

Re:People think its ok to use facebook at work?

[WrongSizeGlass]

The users who have a valid reason for visiting those site are the users I have to 'delouse' more often than anyone else.

Re:People think its ok to use facebook at work?

[blai]

That's cool. I leave facebook on at the other end of ssh.

Re:People think its ok to use facebook at work?

[blai]

Facebook for iphones...

Re:People think its ok to use facebook at work?

This is old firewall-ish security mentality. Most people do not realize this but with end-point security, the horse has bolted, left the barn, gone AWOL etc etc. Why? Mobile devices!! That employee you are trying to control now has an internet connected mobile device. They can facebook all day with that even if you block internet access via PC and company network. They can turn their phone into a WiFi hotspot and connect their PC to the internet via the phone. Endpoint security is an arms-race that is not winnable by Corp Security. The sooner IT departments accept it and devise other strategies, the better it is.

Re:People think its ok to use facebook at work?

..one that will make your employees work

Making your employees work is about motivating them to do something rather than stopping them from doing something. The unmotivated employee can spend time making ASCII art with notepad, but an employee who is educated to be safe and is demonstrably motivated should be able to relax in any way that is not actually detrimental to the company.

I had a manager approach me for information to try to show that an employee was "spending too much time on the internet" very recently. When I asked if it would be a problem if that same employee was doing three times the work of any co-worker even if their internet browsing was the same, the manager had to admit that it wasn't the internet browsing which was the real problem. That same manager was also very uninterested in having their own internet logs provided for comparison when I offered.

...blaming the people who are in charge of securing there network and work stations.

People who do harm because of lack of education will not stop doing harm until educated.

We do a (provably) good job of protecting our network. We use a perimeter firewall and filtering proxy with a default deny policy and we lock down users to unprivileged accounts, even executive staff (even me; I have a normal account and a domain admin account, but I don't use admin except to escalate priviliges or do administrative tasks when necessary.)

With that as background, I can state with absolute certainty, there is no monkey proof network security.

Posting anonymously because I don't have a modpoint for "-3 completely wrongheaded". Also, though I don't have proof, I do recognize the tone and I'll thank you to please stop talking to my boss. (Humor flag: No real relationship is suspected, I am simply pointing out the reason this particular thought process irritates me.)

Re:People think its ok to use facebook at work?

[Jaysyn]

They did this at my office last year. While the admins weren't too happy about it, I'm pretty sure their productivity went up.

No one quit over it though.

Crap, I keep forgetting I'm not in "this generation" anymore.

Re:People think its ok to use facebook at work?

[monkyyy]

a wall repair man(or something) has to move every stone back to its exact place a rat has to find one flaw

Re:People think its ok to use facebook at work?

[stephanruby]

most of them leave it logged in when they go home

If your coworker leaves his computer logged in and his facebook open, it's your obligation to start modifying his profile and posting cool updates.

Re:People think its ok to use facebook at work?

[abhi86]

"Even i think that facebook has been growing day by day. Comanies should take necessary care about social networking sites. They should clearly mention their staff that limited use of these sites is not bad but if it exceeds too much then it becomes embarrassing. So people should be aware of using these sites at offices.

Re:People think its ok to use facebook at work?

[L4t3r4lu5]

So what? If they spend all day on Facebook, they aren't working and shouldn't be paid. The logical conclusion is to sift off the cruft by letting them quit; Saves paying a severance package, should they have one. In this time, there are plenty of people who need jobs. Everyone is replaceable.

I know a local Uni which uses a time-based approach to this for their office staff. Social Networking and personal email is blocked outside of the Lunch period, and lunch is assigned to half our slots between 12 and 2pm. Your account is linked to one of these half hour slots, and you get access during that time. Attempting to access these sites outside of your lunch gets you nowhere.

People do need "microbreaks" to keep them alert, but you don't do that on Facebook. You check profiles, updates, you comment, like, accept / deny friend requests, play Mafia Farm, whatever, and half an hour is gone.

Ultimately, the peons can't be trusted, and they earned the contempt employers have by taking the piss and spending all day posting on websites only tenuously related...

Ah.

Re:People think its ok to use facebook at work?

Nowadays a whole lot of tech products are 'Facebook-enabled', which means the employees who don't need to see it in action in one way or another are the exception rather than the rule.

Besides, blocking Facebook would make sense now, but not forever. When you know how to use it, it is as useful a tool as messengers, emails, phones...

Re:People think its ok to use facebook at work?

[bsaxberg]

I am the IT guy at my company. I'm not one to just willy nilly block things (ie taking time to block things proactively vs making the next set of tools for my company which is a better use of my time), give people enough rope to hang themselves is what I have learned. That being said, someone hung themselves by using this a wee bit much (lack of discretion much?) and I was told to block it (facebook). No biggie, I don't use the site anyway, but have not heard a peep from the person who hung themselves with it.

Re:People think its ok to use facebook at work?

[Bryansix]

See the problem here is not the employees. It is your managerial style. Saying that "Everyone is replacable" only breeds contempt for management. Sure if reality everyone has to be able to be replaced. But that means cross training, documentation, and communication. It DOES NOT mean you should be making an example out of every little thing. Moreover you have to look at employees as an investment and as the managers as enablers. If an employee is unproductive most often it is because of a lack of communication from above as to what their job should be and HOW to do it and that they are not provided with the required tools and training to succeed.

The Most Dangerous Tool

[StikyPad]

"Oooh! A talking moose wants my credit card number. That seems fair!"

The most dangerous tool is the one sitting in the chair.

Re:The Most Dangerous Tool

[Anachragnome]

"The most dangerous tool is the one sitting in the chair."

Back in my auto shop days, we had a term for a certain diagnosis--The Loose Nut Behind the Wheel.

It referred to either the driver/owner being the source of the mechanical problem (such as pulling the parking brake out to hang ones purse on, then merrily driving away), or the driver/owner was simply insane (we had our share, and oddly enough, sanity is not a requirement for a drivers license).

Of course, this was a diagnosis we kept to ourselves. Explaining such a diagnosis to the driver/owner was usually awkward--"Sir, the reason your Ford Escort is never going to go straight again is because you weigh 600lbs. An alignment isn't going to fix anything. You just need to switch to low-octane fuel".

Re:The Most Dangerous Tool

[houghi]

Here it is called PEBCAK

Re:The Most Dangerous Tool

[antdude]

Is the talking moose's name, Bullwinkle?

Re:The Most Dangerous Tool

[mirix]

'I D 10 T' error.

Re:The Most Dangerous Tool

[syousef]

Explaining such a diagnosis to the driver/owner was usually awkward--"Sir, the reason your Ford Escort is never going to go straight again is because you weigh 600lbs. An alignment isn't going to fix anything. You just need to switch to low-octane fuel".

"Good news sir. We have a fix for you and you don't have to pay us a cent. Now to the fix: How much does your wife weigh?"

Re:The Most Dangerous Tool

[Jaysyn]

Or an ID10T error.

Re:The Most Dangerous Tool

I prefer the term PICNIC (Problem In Chair Not In Computer) because people recognize the word and it has a comforting "sounds easy" connotation. Also as a bonus, somebody unfortunately inquisitive can be told how it is spelled (like it sounds) and won't immediately find a google term explaining it as they do for PEBCAK, or worse realize that their sticky note is calling them a name (ID 10t) and complain to the boss or HR.

This is handy when noting help desk tickets because other savy IT staff will recognize the reference if called on for a repetition of the same error, even if the notes don't dare describe the real problem. Example: User could not find Excel file after saving from email, browsing from inside Open dialog in Excel. Demonstrated saving with extension as defaulted rather than renaming without an extension. Should be a picnic to resolve from now on.

Re:The Most Dangerous Tool

[rolando2424]

You can also use Layer 8.

Wikipedia has a couple more terms that you can use.

Is it Facebook or Windows which is dangerous?

[knarf]

Facebook and similar sites attract a lot of malware, true. How about not using a platform known to be hypersensitive to this malware when accessing these sites? Why is this simple and effective solution never proposed?

Why oh why oh why does the average IT person not contemplate this effective, cheap - yes cheap - and sensible solution? It is almost as if there is a religious dogma against pointing a finger at Windows. Even the most die-hard Windows fanatic surely should see the sense in this approach? If you want to navigate the high seas you'd use something which withstands salty water and is known not to leak. It would be... wise... to use something which withstands malware and is known to survive network contact when navigating the cesspool called social networking.

I am truely flabbergasted by this resistance to change. If you stand to lose ${many} by allowing Windows on the 'net... why not prevent that loss?

Re:Is it Facebook or Windows which is dangerous?

If everyone switched away from windows then people would simply write malware for whatever arbitrary OS became the new popular alternative...

Re:Is it Facebook or Windows which is dangerous?

[knarf]

If everyone switched away from windows then people would simply write malware for whatever arbitrary OS became the new popular alternative...

Why does there have to be one popular alternative? Why not loads of alternatives? The web is - or should be - OS agnostic so it should not matter one bit which OS you happen to use. Divide and conquer!

Apart from that it remains to be seen whether the contenders to Windows' crown are as susceptible to malware.

My previous message got moderated as 'Offtopic' by someone who obviously had not read it very well. The whole point of the message is that the question it poses is very much on topic when it comes to avoiding malware-related problems even though there does seem to be a dogma to keep this issue under the floorboards.

Re:Is it Facebook or Windows which is dangerous?

A lot of people seem to push this notion that non-Microsoft OSes are in principle vulnerable to malware.
So where's the malware? Nobody cares enough to prove the point? I call BS.

Re:Is it Facebook or Windows which is dangerous?

A lot of people seem to push this notion that Microsoft OSes are in principle vulnerable to malware. So where's the malware? Vista/7 + IE8 or Chrome reportedly haven't been affected by _any_ drive-by host affecting malware. All examples are plugin related, i.e. compromised Adobe products. Adobe is synonymous with backdoor these days. I call BS.

fyi, the iPhone PDF exploit affected Linux, too. But with Linux, no one is stupid enough to load PDFs from the web without user request.

Re:Is it Facebook or Windows which is dangerous?

[war4peace]

Do I have the impression you propose that people use one OS for their daily work and another OS for Facebook and the like?
Now I might be considered a troll, but why oh why does the average Linux person (see, I can generalize as well!) always try to fix the tool but NOT the user?
Irony apart, the issue with getting "infected" doesn't get solved by switching the Operating System. It might get partially solved or it might help somehow, but it's not a solution. There's no permanent solution, there's just common sense and its lack thereof.
I am a Windows user. I don't get infected with malware. Last time there was a virus on my machine, it came via a "brand new" external hard drive which apparently was used by the company that sold it to me. The antivirus yelled when I opened the folder containing the infected files (my intention was to delete everything in there). Last time my machine was infected by anything else... well, there isn't one.
It's all about being informed and having some common sense. People who don't have the former will still be okay, but they need extra care in checking what they're about to click on. People who don't have the latter... they will likely get infected. Those who don't have either... why on Earth would you assume they would know how to use Linux? Come on :)
Saying Windows is dangerous is like saying a gun is dangerous. A gun ain't dangerous, not unless some moron holds it. Only then things begin to become interesting. Is Windows prone to being infected? Certainly! Is this mainly generated by dumb people who click stupid links? Oh yeah!
Repeat after me: NOT the tool, but the person. NOT the tool, but the person. NOT the tool...

Re:Is it Facebook or Windows which is dangerous?

[oatworm]

Ahem. Rootkit. It's not called that because Windows got 'em first.

Heck, there are even tools that deal with *NIX rootkits and the like. Several of them, in fact.

Re:Is it Facebook or Windows which is dangerous?

[DogDude]

"I am truely flabbergasted by this resistance to change. If you stand to lose ${many} by allowing Windows on the 'net... why not prevent that loss"

Because the potential loss from NOT using Windows would be even greater. You can't run a small-medium sized retail business without Windows... there's no robust small to mid-sized point of sale system that's not Windows based. There's no functional accounting software that's not Windows based. There are simply not enough applications for most businesses to use anything BUT Windows. Even if there were enough applications for Mac's to run a particular basis, you're looking at double to quadruple hardware costs for plain ol' workstations.

Re:Is it Facebook or Windows which is dangerous?

[Anachragnome]

"I am truely flabbergasted by this resistance to change."

Why?

The AV industry would be doomed if everyone applied your fancy-schmancy "wisdom". Think of the jobs(and billions of dollars!!) lost.

Facetiousness aside, it wouldn't surprise me in the slightest if companies like McAfee and Symantec were covertly behind some of the malware/virus releases. We already know as fact that some unscrupulous individuals will infect machines just to sell a fix (often bogus itself). Is it really that hard to believe, in this age of Enron and other "Responsible Corporations", that the resistance of which you speak might be on the part of the industry and not the end-users?

As far as navigating that cesspool called "social-networking" is concerned, Confucius once said, "If you don't like swimming with shit and used condoms, stay out of the cesspool."

Re:Is it Facebook or Windows which is dangerous?

[Bryansix]

To be fair IE8 on Windows 7 with MS Security Essentials (all free with Win7 license) is actually a decently secure solution assuming it is set up that way from day one.

Re:Is it Facebook or Windows which is dangerous?

[Bryansix]

It would have to be standards compliant which would re-unify the attack vectors. Everybody needs access to the same apps.

Re:Is it Facebook or Windows which is dangerous?

[knarf]

Repeat after me: NOT the tool, but the person. NOT the tool, but the person. NOT the tool...

Why would I repeat something which is false? Repeating it does not make it true.

If you want the truth and nothing but the truth you should realise that it is a combination of the tools used and the people who get to use them. If you still have any doubt about which of these tools is more susceptible to malware, well... good luck to you.

About those people... what, in your opinion, is easier to change: habits, or tools? If you say 'habits'... good luck to you again.

Re:Is it Facebook or Windows which is dangerous?

[TheRaven64]

People push the idea because it's true. Take a look at the list of security vulnerabilities for almost any other platform, and you'll see several that could be exploited for distributing malware. Hell, the last iPhone 'jailbreak' was enough to get root access to the phone as a result of visiting a web page. From there, you could easily scan the person's inbox for 'sent from my iPhone' and send a mail to everyone who has that inane footer on their mails a link to the exploit and install something nefarious that runs in the background (maybe something that dials a premium rate phone number periodically). The Linux kernel has had at least one root exploit that I've noticed pop up in security advisories this year, and several more in the past.

Exploiting this stuff is not hard, but there's no point unless you can profit from it in some way. If Macs suddenly had 90% market share, OS X's poor security would be quite apparent. The same with pretty much any Linux distribution.

Writing cross-platform malware, however, is hard. If you don't have a monoculture, it's much harder for malware to gain a foothold.

Re:Is it Facebook or Windows which is dangerous?

[Sloppy]

If everyone switched away from windows then people would simply write malware for whatever arbitrary OS became the new popular alternative...

Sure, they could write the malware, but they would also have to walk users through apt-get installing it. "Ok, add this line to your /etc/apt/sources.list and then save. You remembered to type sudo before you started your editor, right? Good, you're one step closer to GETTING YOUR FREE IPAD!"

Re:Is it Facebook or Windows which is dangerous?

The iPhone "jailbreak" was actually a FreeType exploit delivered in a PDF container. By reports it affected Debian, Gentoo, SUSE, and probably every other platform that supported FreeType. This meant that Linux PDF renderers, like Okular, were crashed by the exploit.

The difference with Linux and Windows is that (AFAIK) Adobe would be crucified if they installed Reader into Firefox, for example. On Windows, Adobe gets away with it no questions asked.

Re:Is it Facebook or Windows which is dangerous?

[Barny]

So is firefox with no-script, and it will stop the latest 0-day exploits too :)

Re:Is it Facebook or Windows which is dangerous?

[AHuxley]

If a Windows developer can write the tools, a Linux user given time and the accounting insight could clone them.
Find an accountant interested in computing. Get info from the tax department. Find the 30 or 500 pages that need to be sent in. Learn about the front end of raw data, see what the Windows app does and how it formats the end product. Talk to the front end hardware scanners/data entry/input makers and ask for details.
If some Windows developer can work it out, so can a Linux user. At some point real numbers have to be entered. Windows apps might format, encode ect, just keep digging.
There are no secrets in hardware, only lazy developers

Re:Is it Facebook or Windows which is dangerous?

[AHuxley]

The fancy-schmancy "wisdom" of Windows reminds me of the early post ww2 years.
NATO needed encryption, but the ~NSA/GCHQ where not going to allow any real encryption to be exported around the world.
So they gifted safe networks but their units where unsafe on site. They leaked plain text near the unit.
Poor tempest allowed the ~NSA/GCHQ to read all and the units where gifted to NATO.
Windows seems to be the same leaky software solution that was gifted to the world.

Re:Is it Facebook or Windows which is dangerous?

[war4peace]

About those people... what, in your opinion, is easier to change: habits, or tools? If you say 'habits'... good luck to you again.

Um, isn't that YOU are trying to do? Change the habit of using Windows? Don't say it's not a habit. Yes, sir, it is.
Clicking on a link out of misinformation or not having common sense is something that can be changed through education. Altering a tool so it becomes 100% foolproof is impossible. Now I don't want to get into the whole "Windows vs Linux" retarded discussion, I've had enough of it :) - but let me point out that there are people who use "susceptible" tools and are fine, and people who use "better" (in your view) tools and manage to mess them up pretty good. Or if not, cry like babies and ask for help whenever they need to, um, I don't know... find a document? If you are willing to go to that length and babysit users all day, well then what can I say :)
Oh and one more thing, I don't think your above post is "troll". It contains an idea (to which I don't agree, hence the conversation) but definitely NOT troll.

Re:Is it Facebook or Windows which is dangerous?

[monkyyy]

no they would "for ur free ipad choose ur disto " "download" "open" "enter ur password" "ingore the file name of files being installed and warning from the package manager "this IS MALWARE U IDIOT, countinue?"

Re:Is it Facebook or Windows which is dangerous?

[Bing+Tsher+E]

If a Windows developer can write the tools, a Linux user given time and the accounting insight could clone them

Get back to us when it's happened, not while it's wishful thinking.

I've run Linux off and on since 1993, though I went BSD for my freenix needs for the most part before the Millenium.

People don't care about holy wars and crusades. Also the most important data on a PC, the part that can't be reinstalled off read-only media, is a user's home directory. Which is just as vulnerable on any system where users are allowed to make productive use of a desktop system.

Re:Is it Facebook or Windows which is dangerous?

[Bing+Tsher+E]

Sure, they could write the malware, but they would also have to walk users through apt-get installing it.

Is file execution turned off in all user-writable directories on the various Linux-based OSes these days? How do people run the ls command??

Re:Is it Facebook or Windows which is dangerous?

[Overzeetop]

But can the linux user do it for less than $2000 (the high end of a small accounting software package) and support it and all bug fixes and patches for less than $500/yr (the high end of a maintenance contract)? Can you update the tax rates and schedules in all fifty states for $200 every single year?

Remember, the opportunity cost to a company is about $75-$100/hr on a typical employee. At this scale, writing custom apps is not cost effective.

Re:Is it Facebook or Windows which is dangerous?

[Hognoxious]

there's no robust small to mid-sized point of sale system that's not Windows based.

My local minimart runs s/370.

There's no functional accounting software that's not Windows based.

Well, apart from SAP, Oracle Financials, Compiere, LegderSMB...

Re:Is it Facebook or Windows which is dangerous?

[Sloppy]

How do people run the ls command?

That's /bin/ls in most (all?) distros. /bin isn't normally user-writable.

Is file execution turned off in all user-writable directories on the various Linux-based OSes these days?

I don't know, but mounting /home with noexec by default wouldn't be very wacked. I have most of my filesystems mounted noexec (hmm.. though /home isn't one of them, I'll admit). Most users don't need executables under /home, though some do.

Youtube?

[Scrameustache]

How do you get infected with malware from youtube?

Re:Youtube?

How do you get infected with malware from youtube?

I'm thinking 2 ways: links in video descriptions/comments/etc and there was the recent XSS flaw.

Re:Youtube?

[Zero__Kelvin]

"How do you get infected with malware from youtube?"

You start by running Windows ;-)

Re:Youtube?

[RichM]

How do you get infected with malware from youtube?

When somebody figures out how to abuse the HTML5 H.264 format.

Re:Youtube?

[ceejayoz]

Doesn't it require Flash?

Re:Youtube?

No. As written by a Chromium dev:

@hadessuk: the general approach when you want to sandbox a piece of software is to
split it in two parts, the one inside the sandbox touches the bits delivered by the
network and decodes + validates the complex format, then the data is converted in the
simplest format it can be used. This format is send over shared memory to the trusted
piece which operates on this format and can touch the hardware.

If the case of video, a good candidate for the shared format is unscaled YUV, then
the trusted piece will use the GPU to do the scaling + toRGB + present part.

I know that is not the ideal workload split bettween CPU and GPU but it is a solid
start, works for many platforms and gives you a good deal of acceleration.

Exploiting H264 rendering code isn't that easy. In Chrome the immediate format parsing code does not have access to the OS at all. IE8 does the same thing with its processes -- dubbed protected mode -- but I don't know how it handles video internally. Right now the great weaknesses are with unsecured plugins, i.e. Adobe Reader and Flash. Truth be told, the days of browser-host malware exploitation are all but over.

Re:Youtube?

D'oh, fixed link.

Re:Youtube?

[TheRaven64]

By reading the comments - they can cause permanent brain damage, unless you have a proper firewall.

Re:Youtube?

[juventasone]

Mod parent up. I don't understand this either. Sure there are Flash exploits, but they're not hosted by YouTube.

If you were infected with certain variants of Koobface, it would direct you to fake YouTube sites. The real YouTube had nothing to do with it.

In July there was an XSS exploit in some of YouTube's comments. There was no malware/infection, the page itself would generate popups or redirect you. It lasted all of 2 hours.

Re:Youtube?

[L4t3r4lu5]

Here's the one I use

Re:Youtube?

[Scrameustache]

Doesn't it require Flash?

Sorta, they're migrating to HTML5, but that would be "getting infected from flash", wouldn't it?

Re:Youtube?

[Scrameustache]

How do you get infected with malware from youtube?

When somebody figures out how to abuse the HTML5 H.264 format.

You're talking about the future, they're talking about the past.

Re:Youtube?

[ceejayoz]

No, that'd be getting infected with the Flash malware.

Oh well

[Locke2005]

Sadly, slashdot remains last on both the list of sites from which to contract malware infections and the list of sites on which to meet people from which to contract an STD.

Re:Oh well

Windows - Maximum malware
Windows users - Get STDs

Mac - Immune to malware
Mac user - Super AIDS in the bum hole

Linux - Immune to malware
Linux users - Immune to STDs

Re:Oh well

[drcheap]

Linux users - Immune to STDs

Immune, or just avoided by the attack vectors?

Re:Oh well

[Bryansix]

Who the hell modded this flamebait?

Re:Oh well

Dude. Quit trying to explain OP's joke. You're killing it!

Re:Oh well

[wzzzzrd]

Dude, quite explaining what it means, just say it: WOOOOOSH

This is silly.

[pspahn]

I thought they might actually talk about something meaningful. With businesses using facebook and its ilk for conducting business, I thought TFA might talk about how small businesses are using it incorrectly and turning off customers or something.

It seems a lot more pertinent, as people tend to think that it is either a great tool for communication, both positive AND negative.

I'm a Mac user - this is news to me

[xwizbt]

Okay, I'm no troll, but this is news to me. How does this happen? You all run antivirus software, and yet somehow actually *visiting* a site can infect you. So how does this work? Can you visit a site wearing a 'condom', or do you know, somehow, that you shouldn't click on something.

No trolling, but as a Mac user I click what I like. How do you know what to click or not click?

Re:I'm a Mac user - this is news to me

[sakdoctor]

To get the malware you have to right click on ... oh wait.

Re:I'm a Mac user - this is news to me

[war4peace]

Because neither of those 7 websites that would properly get rendered on your Mac are infected with Malware.

Re:I'm a Mac user - this is news to me

[fluch]

So how does this work? Can you visit a site wearing a 'condom', or do you know, somehow, that you shouldn't click on something.

You know, even a condom does not prevent pregnacy 100%. Neither does the pill. (My neighbors half year young daughter is a perfect example of the latter; which does not mean she is not loved by her parents, quite the contrary!) Same with anty virus programs. Of course you CAN get infected dispite running them. It is just less likely...

Re:I'm a Mac user - this is news to me

[Bryansix]

the magic mouse looks like one giant button but actually, it has two buttons and a track pad built in.

Re:I'm a Mac user - this is news to me

[Bryansix]

Good point unless the install FireFox. Safari support sucks balls.

Re:I'm a Mac user - this is news to me

It doesn't happen, to be honest. If you see malware that infects the OS or user account today, chances are that:

A) the machine is using XP / browser without process sandboxing (this requires Vista/7)
B) the browser has admin privs (XP, or UAC disabled)
C) browser plugins are exploited / plugins can run without request

C is the default configuration for the three browsers but it can be changed. As a result, 99% of malware today is taking advantage of a plugin.

Re:I'm a Mac user - this is news to me

[YoshiDan]

What is this, the 90's? The one button mouse jokes are really old. Try something a bit more fresh and original.

Re:I'm a Mac user - this is news to me

[war4peace]

Well I was just ironic. I tried to somehow point out that a Mac has its own incontestable advantages whereas on the same note it has big disadvantages. Just like any other product really. If there would be an "omniproduct", Slashdot wouldn't even exist :)

135% ?

When are we going to stop this nonsense! the maximum is 100%...Even in cases of engines where they say that they are going over 100%, they are not. In this case, when they say 100% they actually mean some value below the actual 100% which it is safe to operate continuously.

Re:135% ?

[FrostDust]

That's why the qualify it, like in that statistic, "135% of their work hours". If you have a six hour shift, and your work computer is logged into Facebook for 8 hours, that's a totally valid way to describe it.

Securityweek is pants

[Jonboy+X]

To summarize: Alarmist e-zine for PHB's confirms their suspicions that Facebook and YouTube are, in fact, the devil. Why is this on Slashd...oh, it's samzenpus. Never mind...

Re:Securityweek is pants

[L4t3r4lu5]

I think my sig needs updating to include another name.

Depends on what sections he reads

[Moraelin]

Actually, I guess it depends on what sections he reads, since Slashdot does offer some customizability in what you see on the front page. Someone who isn't interested in idle, games, etc, and reads the IT and/or technology sections, or even only reads one of the Slashdot sub-sites, might see a different set of stories than you do.

Re:Depends on what sections he reads

[DragonWriter]

Actually, I guess it depends on what sections he reads,

I don't think there is any combination of Slashdot sections for which the almost all of the most recent 20 stories (either now or when the post making the claim was posted) would concern either Social networking sites or Google products, though I will admit I haven't actually checked every possible combination of sections to see if there is any way to make the claim remotely approach the truth.

If I would have to make decisons...

[fluch]

If I would have to make decisions in a company, I would block Facebook, Twitter, Youtube and a few other sites which are popular but not necessary for company life. I am aware that a certain amount of private activity is fine in corporate environment, but certain sites draw just far too much time on them on a regular basis.

I for myself do not have a Facebook nor a Twitter account. And I use the Leechblock extension on Firefox to keep me of unnecessary sites during work hours which I otherwise would visit far too often. I know my weaknesses and from some of them I have to protect me myself...

Who are the survey respondents?

[yuna49]

Once again we have another poll which is somehow supposed to represent actual facts.

This is a "study" by a company that sells computer security "solutions" to small and medium-sized businesses. Haven't we all learned by now that these reports are largely designed to scare PHBs into buying the products and services these companies peddle? There's absolutely nothing in TFA that enables us to determine how the firms were chosen, who was interviewed, how they were selected, and whether they have even a clue about how sites like Facebook and YouTube might be the culprits.

Enough breathless reporting of stupid press releases, Slashdot editors. Just because SecurityWeek has no editorial scruples doesn't mean you shouldn't have them.

wow

[Charliemopps]

Who would have ever thought the most popular website in the world, that users can post links on, would have the most links to malware and spam. Oh wait, that just common fucking sense isn't it?

I believe this claim about Facebook's "danger"

[93+Escort+Wagon]

I've seen people do some really dumb stuff on Facebook that they almost certainly wouldn't do elsewhere.

A few weeks ago, there was a viral (in the true sense of the word) page that got popular really fast - I think it claimed to let you see who'd un-friended you, but I might have that bit wrong. Anyway, after an acquaintance got hit by this, I went to check it out. Basically this page said "here's how you do it - just copy and paste the following into your browser's address bar". This was followed by what was pretty obviously a bunch of hex instructions (likely obfuscated javascript, but maybe vbscript) that apparently downloaded harmful code to the user's computer - and since the code was entered by the user, it didn't raise any red flags (maybe only by IE, maybe by other browsers as well - I didn't take it any further).

I can't imagine anyone in this day and age going to a random website and following these instructions - but on Facebook they were happy to! It was so breathtakingly stupid I had a hard time believing people fell for it; but they obviously did.

Re:I believe this claim about Facebook's "danger"

[monkyyy]

u befriend dumb people....... ask them if i can have all their info pin numbers, passwords, ect

Re:I believe this claim about Facebook's "danger"

[L4t3r4lu5]

... they were happy to! They were so breathtakingly stupid...

FTFY.

PEBKAC.

But how many companies are using facebook

[pgmrdlm]

for postings about upcoming events.
- New products.
- New discounts
- New prices
Remember FTA, business's have accounts on facebook. Not that workers are posting to facebook. Your only addressing part of the article.

"Dangerous" in the hands of HR

[dbIII]

Also dangerous in that your HR staff are mucking about on facebook all day instead of working using the excuse that they are getting background information on potential staff. That's a horrible excuse because hiring or firing decisions should not be made on the basis of the trivia that ends up on facebook pages. You get idiots hired because they look good in a photo or have the same hobby as the HR person. Within the normal bounds of mental health and with competant management personality should be irrelevant to most jobs anyway. Profiling beyond competance for the job is almost a complete waste of time.
We take things like facebook too seriously. Nobody in the workplace should care about a teachers "drunken pirate" costume party photo for example, let alone the teacher losing their job over it.

Re:"Dangerous" in the hands of HR

[drinkypoo]

the real problem is that most HR people are not worth the CHON they're made of. Unfortunately this is a real side-effect of our willing to leave people issues to others who we feel will do them better. well they might be more comfortable making decisions with the lives of others, but that's usually because they're a sociopath.

Can official Company pages be in danger as well?

[ramchandani.dheeraj]

This is an interesting point of debate, as it questions a company's internal control vs external gain. Since the point here you are addressing is the unintentional irresponsible use of Facebook et al, it calls for stricter organisational policies (rather rules) to restrict employees the access to their private profiles while using the company's internet network. Since almost every small & medium scaled organisation has 'promotion using social media' on their strategic e-marketing campaign list, is it possible for information on official company fb/twitter pages to be misused as well? If yes, this would pose a bigger threat. Any viewpoints?

Here you go

[Leuf]

You use a Facebook page to interact with customers but it is impossible to setup your business fan page to notify you when someone makes a comment, unless you personally "like" everything you post, making you look like a total jackass either way. Either to get around this or because Facebook makes setting up a fan page as difficult as possible and people can't even figure out where to get started, people use a personal account which is against the TOS and then after getting hundreds or thousands of people connected Facebook deletes the account. I find it to be a complete and utter waste of time.

Re:Loose Nut

[TaoPhoenix]

I want to repurpose your term! I never knew so many people can't spell "lose"!
Thanks for reminding me of a Sig I wanted for a couple of weeks.
Lose : Goats :: Loose : Goatse