Slashdot Mirror
Facebook's Mandatory Anti-Malware Scan Is Invasive and Lacks Transparency (wired.com)
Louise Matsakis, writing for Wired: The internet is full of Facebook users frustrated with how the company handles malware threats. For nearly four years, people have complained about Facebook's anti-malware scan on forums, Twitter, Reddit, and on personal blogs. The problems appear to have gotten worse recently. While the service used to be optional, Facebook now requires it if it flags your device for malware. And according to screenshots reviewed by WIRED from people recently prompted to run the scan, Facebook also no longer allows every user to select what type of device they're on. The malware scans likely only impact a relatively small population of Facebook's billions of users, some of whose computers may genuinely be infected. But even a fraction of Facebook's users still potentially means millions of impacted people.
The mandatory scan has caused widespread confusion and frustration; WIRED spoke to people who had been locked out of their accounts by the scan, or simply baffled by it, on four different continents. The mandatory malware scan has downsides beyond losing account access. Facebook users also frequently report that the feature is poorly designed, and inconsistently implemented. In some cases, if a different user logs onto Facebook from the same device, they sometimes won't be greeted with the malware message. Similarly, if the "infected" user simply switches browsers, the message also appears to occasionally go away.
The mandatory scan has caused widespread confusion and frustration; WIRED spoke to people who had been locked out of their accounts by the scan, or simply baffled by it, on four different continents. The mandatory malware scan has downsides beyond losing account access. Facebook users also frequently report that the feature is poorly designed, and inconsistently implemented. In some cases, if a different user logs onto Facebook from the same device, they sometimes won't be greeted with the malware message. Similarly, if the "infected" user simply switches browsers, the message also appears to occasionally go away.
The article is unfortunately lacking in details. From what I can tell, the malware scan is triggered when Facebook believes the account is posting spam. In fairness, there is a lot of malware-related spam that gets posted on Facebook and they have a legitimate reason to keep it off their site.
The problem is the complete lack of transparency and that the antivirus products can remove and share information about files in your computer. There has to be a much better way to do this. For example, Facebook could explain the actual reason for flagging the account as potentially spreading malware. The user could be faced with a temporary ban on posting that gets longer if they continue to allow malware to make spam posts. The ban will be lifted as well by running a malware scan that validates the system is clean. Give the user a choice to wait out a temporary posting ban and clean their system, or run the tool. That seems like a fairer way to prevent malware from spreading.
As for when Facebook locks users out of their accounts, it seems like contacting the Better Business Bureau is a good way to force the issue to be resolved: https://community.norton.com/en/forums/i-have-been-blocked-logging-facebook-it-claims-i-have-malware-and-must-add-eset-program-scan. At least one user suggested that they are responsive to such complaints.