Facebook Requires McAfee Scan If There's A Security Breach? Is This Security Or A Marketing Program?

from the marketing-as-security?-security-as-marketing dept

sinsi was the first of a few to send in the news that Facebook has new rules if your account is suspended due to a security breach. You will now be required to use McAfee’s security software to scan your computer. Have perfectly good security software from Symantec? Too bad. Use Linux? Not sure what you do. While McAfee is offering a free tool for scanning, it’s only free for six months and then you have to pay — meaning that this is really an upsell plan. Facebook claims it chose McAfee after a “competitive review process,” but that makes no sense. Why not offer up a list of ways that you can prove your computer is safe that is vendor neutral?

Filed Under: , ,
Companies: facebook, mcafee

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Facebook Requires McAfee Scan If There's A Security Breach? Is This Security Or A Marketing Program?”

Subscribe: RSS Leave a comment
Avatar28 (profile) says:

marketing, pure and simple

There is no way in HELL any reasonable review could choose McAfee as the most effective. I imagine the review went something like this:

Exec 1: We have to do something about all of these people getting their accounts stolen by this malware stuff.

Exec 2: We should give them a deal to protect themselves. Who has the best security software?

Exec 3: Well these two over here are rated as really good.

Exec 1: Well McAfee says that they’ll pay us for every time somebody downloads their software through us and they’ll pay us MORE if they actually buy it!

Exec 2: Great! McAfee it is then.

Exec 1: Should I fire up the phishing emails?

Exec 2+3: Go for it!

Jake S. (profile) says:

how is business deals wrong?

So is it now wrong for a business to shoot them self in the foot? how is it wrong for them to require one piece of crappy software over another?

Facebook and any company for that matter has the right to make deals with other company’s. They are stupid for requiring mcafee as this will cause others to leave/ignore account…but it is their right.

Mike Masnick (profile) says:

Re: how is business deals wrong?

Facebook and any company for that matter has the right to make deals with other company’s. They are stupid for requiring mcafee as this will cause others to leave/ignore account…but it is their right.

Can you point to where I said that it was “wrong”? All I said is the same thing you said: that it’s a questionable move. I did not question whether or not they have the right to do so. Of course they do, but as you said, it appears to be a bad move. I expressed my opinion on that, as did you. I’m not sure what you’re complaining about.

G Thompson (profile) says:

Re: how is business deals wrong?

Actually it’s interesting that you asked this since in actuality what facebook are requiring is technically illegal in Australia.

The article in question was published by an Australian newspaper, in this way it is stating that any Australian who has a contractual basis with facebook via their Terms of Service (TOS) ie: a User with an account, whether paid or unpaid, is required by said TOS to ONLY use Mcafee Antivurus products.

Requiring a specific third party product only and since it is NOT free and only available for certain OS’s falls under a certain requirement in Australian Consumer Trade laws.

This section (section 47(6) of the TPA [http://www.austlii.edu.au/au/legis/cth/consol_act/tpa1974149/s47.html]) PROHIBITS OUTRIGHT the supply of goods or services on the condition that the purchaser buys (or uses) goods or services from a particular third party, [in this case McAfee] or a refusal to supply because the purchaser will not agree to that condition.

This test is also not subjected to the standard Competitors test either, which means McAfee does NOT have to be a competitor to Facebook as per other Anti-Competitive frameworks.

So in actual fact it IS wrong and strictly unlawful for Facebook to require this. Though most likely only when dealing with Australian users (and that doesn’t mean the users have to be within Australia at the time of use either).

telnetdoogie (profile) says:

Re: Re: how is business deals wrong?

> (and that doesn’t mean the users have to be within Australia at the time of use either)

Yeah because whichever nationality you are, your own country’s laws protect you and surround you like a bubble, making you immune to local laws. Try it out, in Thailand! It’ll be a fun ‘in your face’ for those locals!

Anonymous Coward says:

Tonight... on Secuuuuurity Theatre

It creates the appearance of “doing something” that all the kids love so much, and it’s true that Facebook is frequently used as a means for spreading malware (it has a huge user base, makes social connections searchable, runs scripts, has an uncomplicated design on its login page–phish phriendly!–it’s a gold mine). But lots of users already have AV protection, and it’s important to have, but it’s not enough. Most of the well-made malware is rigorously tested against AV scan engines before deployment and will, upon successful installation/system compromise just disable or make itself invisible to AV scanners anyway.

The major downside is that the best way to tell if your computer has FB-spamming malware on it is to see if your account is spamming Facebook. Which it can’t do if it gets disabled. And considering that users tend to go to FB more frequently than they do higher risk stuff like banking or shopping, they won’t have the early warning that would be provided by all their friends telling them to stop with the spam or the other telltale sign of having to solve a CAPTCHA at every login. This puts them in more danger because when they do put more sensitive information (like bank or credit card details) into a website, it will get stolen.

Also, going with a single product means there’s only one look and feel that the fake AV writers will have to duplicate on Facebook.

So it’s a bit short-sighted, I guess is what I’m saying.

Anonymous Coward says:

Re: Re:

I’m with you. Installing anything McAffee is like rolling out a red carpet for even the most amateur designed viruses. If Facebook really cared about security and their users instead of money, they wouldn’t choose McAffee for this asshole idea of theirs, and they wouldn’t back it up and lie by implying this AV actually WON their “competitive review process”

Frank J. Mattia says:

Statistically speaking

(and these statistics are pulled straight out from my behind so take them with plenty of salt)

99.9% of the facebook “security breaches” happen on windows machines anyway.

In fact – I think we’d all be hard pressed to find a case of one on Linux or a fully updated OS X installation.

So, I guess the bottom line is that if you’re using windows and you’re not secured then this will temporarily remedy that. If you’re using windows and you are secured – then this event is fairly unlikely. And lastly, if you’re not using windows and this happens – then you must be fairly incompetent…

The only downside is if you’re logging into facebook via a friends pc which is already infected.

As for the idea that facebook uses are less intelligent – consider this, at least they have a leg up on myspace users and for that fact alone should be given a little credit.

Don’t get me wrong – I hate McAffe as much as the next guy. I’ve uninstalled their Security Center (from infected customer pc’s) more times than I want to even remember. But it is better than nothing for someone computer illiterate enough to be in this situation.

Just my 0.02$

R. Miles (profile) says:

The ad CPM model failed, so on to innovation!

When I read this news, I laughed and laughed. First at the people who still use Facebook, then at this stupid decision.

I could definitely see the abuse just waiting to happen. How long will it be before Techdirt articles news about an “explosive” growth in security breaches on Facebook?

I’m giving it a week, and not a day more.

To the executives at Facebook: McAfee? Are you stupid? Even Microsoft’s new Security Essentials has been given a better rating and it’s free… forever.

I guess it could be worse. McAfee could hire the ex-CEO of RealNetworks.

Anonymous Coward says:

Actually (and I'm not shilling here)

McAfee’s not a bad AV product at all as long as people keep it updated and don’t stop their running scans before they finish. The problem–and this is a problem for all AV vendors–is that it’s best suited to removing malware that already exists on the local machine, and can only really do that if it’s got a signature for it. They (and all other vendors) are working on improving heuristic detection, and they offer a bit of web-based protection, but they’re pretty far behind the writers of malware.

That’s a big part of the issue with this move. Even if it was vendor neutral it still wouldn’t actually solve the problem. Facebook can’t make you patch your OS and applications because if it wanted to do that it would have to look at everything in your OS and your installed software, find what you’re missing, and tell you to install that before reactivation. Obviously it can’t do that (and you wouldn’t want it to anyway, I hope). It also can’t make you not follow bad links, or even give you the tools you need to determine which ones are bad.

Well, basically it’s not within Facebook’s capacity whatsoever to stop bots and spam. It’s probably not within the AV vendors’ capacity either. Their analysis and signature development is pretty good, but they’re up against sophisticated and untouchable criminal enterprises on the one hand, and a user base of people who can’t possibly keep up with all of the developments in malware (and don’t want to) who are on machines that aren’t up to date on the other. The only reasonable conclusion is that this is, in fact, marketing. One of them “synergies” they like so much in the suit world.

Might as well, though. Folks by and large aren’t going to pay for the license when the trial ends, and if people don’t use FB, they don’t get their marketing data. So it’ll undo itself pretty quickly and none of this will change anything about botnets or spam or user awareness, and then the experiment will end and things will be back to normal. No big deal.

ComputerAddict (profile) says:

Re: Actually (and I'm not shilling here)

Actually McAfee’s one of the worst products from my experiece.

Even Nortons does a better job at scanning, let alone all the others. McAfee uses the most system resources of the major AV software packages out there. Its hard to uninstall.. There isn’t a positive feature about it.

Facebook could if it wanted to make you patch your system. They could use software like Cisco’s Clean Access Agent (Which I hate with a passion, but it would work) which checks for a list of approved anti-virus, makes sure its enabled, your system is patched. The facebook just blocks all traffic from non-clean access agents and redirects them to a site saying to download Clean Access Agent. So yes, its possible for them to do whatever the want…. just not advised.

In Short…Wheres the delete account button? Facebook isn’t worth this much trouble

Ragaboo (user link) says:

Who cares if they're providing the software?

I was told by a source that Facebook provides the scan. They aren’t making you buy McAfee, they’re making you allow them to use McAfee — a company it is presumed they trust — to scan your computer *for free*. Of course, my source may be wrong, but if true … what’s the big deal? Who cares?

Almost Anonymous (profile) says:

Re: Who cares if they're providing the software?

They aren’t making you buy McAfee, they’re making you allow them to use McAfee — a company it is presumed they trust — to scan your computer *for free*. Of course, my source may be wrong, but if true … what’s the big deal? Who cares?

Actually, if that is true, that is even worse. You’re cool with letting some nebulous server scan your computer remotely? I’ve got some swampland in Florida that you may want to buy…

Kevin Carson (user link) says:

They're all like that.

Avatar28: They selected McAffee the same way the IT people at every big corporation in America selects desktop operating systems and “productivity software.” Namely, they did it the same way an old grandma makes purchases for her college granddaughter: “I heard Microsoft Vista is the latest thing, so I figured it must be good!”

Seriously. I told the IT person at the local public library how much worse Word 2007 is than the Word 2003 they replaced with it, and how much crappier their computer are since the latest OS upgrade. Her response: “It’s the productivity software choice of libraries and other organizations across the country.” I suggested the fact that the “productivity software choice” of pointy-haired bosses everywhere actually made things WORSE should, just maybe, tell her something about the comparative virtues of “industry best practices” set by pointy-haired bosses, vs. user community feedback. I might as well have been speaking Esperanto.

telnetdoogie (profile) says:

Oh God!

I’m glad I know about this because now I’ll be ESPECIALLY vigilant when protecting my facebook account. The threat of having to install…. McAfee products on my computer is incentive enough to never, ever give away my facebook password!

…While I’m at it, is there any d**k I need to suck too? I’ll do ANYTHING to not have to install THAT!!

Burgos says:

Use Linux? Not sure what you do.

If you lose control of an account while you’re on Linux (*NIX), it would have to be due to something else that no Windows anti-malware can detect and clean.

If your account was phished/socially-engineered, no software protection could have prevented it from happening. Therefore, using anti-malware to address this vector won’t work.

If your account was brute-forced, Facebook should probably look into limiting failed login attempts. Obviously, this is their problem and not yours. More so, if your account was compromised because of an SQL injection instead of a brute-force.

If the people behind Facebook are really as smart as we’re told they are, they should know this.

bobwyzguy (profile) says:

McAfee - So Bad It's Free

Where I live Comcast gives McAfee away free with your cable Internet subscription. I work on PCs for a living, and this is the worst POS, and has been for a long time. It has not made the top 10 in any independent review for ages.

I get deals from Buy.com and the like all the time selling McAfee 3 user licenses for under $10. If this stuff is so great why are they giving it away? This is the Yugo of security software.

Facebook can have my forking account, ain’t no way I’m putting that crap on my PC.

Marius says:

I think there is a typo in this article. You said they went with McAfee after a competitive review process. I think you meant to say competitive BIDDING process.. Honestly, does anyone think that Facebbok did not cash a check in this deal Every security software company in the world would have killed to be the one that Facebook recommends for this, there is little chance the winner was chosen merely on merit. That would be simply way too fair and honest a way to choose.

David Clark (profile) says:

McAfee Facebook app

Skip the whine…I think Facebook and McAfee did the right thing. I took a hit and when I tried to logon to Facebook I got a Facebook security which advised me of the virus, then gave me a quick and simple means to remediate the situation in about 3 min. Works for me and I haven’t heard a word from McAfee.
I’d like to see McAfee develop a tool which would do a quick scan when a use attempts a logon to a URL or share and upon detecting a virus or malware, cleans it up. The Cloud offers real opportunities such as this, but all in all, I think FB & McAfee took the high ground.

Jeff Crenshaw says:

Facebook requiring a McAfee Scan.

I couldn’t log into my Facebook account because they determined my computer is infected with malware. If I download McAfee “For Free” it will scan my computer and remove any viruses.

This is a blatant scheme to help McAfee gain market share through millions of Facebook users.

Another note: I was using Google Chrome when this happened. When I logged in again using Internet Explorer I was able to log in as usual. Hmmmmm. Is this an attack on Google?

Linda Lou Netherland (profile) says:

Facebook forcing all users to McAfee

I have been a member of facebook since 2008 but have recently had difficulty logging in. I have my own virus protection which I am paying for and my computer is under warranty so the manufacturers website is wonderful to assist me with any problems. However, Facebook is still forcing me to use McAfee to get back into my account. I tried this in the past and had files deleted so the manufacturer had to help me recover those files. Thank goodness my computer is still under warranty. I have used McAfee in the past and had no problems but I do not want them interfering and deleting files from my computer. Shouldn’t someone be liable if they are requiring you to use a certain program. I guess that is my question–I am a retired teacher and counselor and don’t frequent the social media as often as I use to. However, I still have a right to certain freedoms in this country and don’t like anyone stepping on those. The enforcement has just begun–I suppose it will depend on the character of the younger generation and what they expect as a US citizen. They may not anticipate as much from their country nor may they demand the independence and respect that we babyboomers have. Sometimes I think we are witnessing the decline of America and all our rights just as the Roman Empire declined so may we. Sunshine in Texas

daniboi_0022 says:

I think...guess what.

We only have 1 solution to this. Stop using facebook, delete your account and shut up.

Just have 1 big question though. Can you afford to do it? If so, do it now:D If not, keep on blaming Facebook or McAfee, anyway, they’re earning bigtime while we’re loosing. It’s your right.

Atleast some people know the difference of “you’re” and “your” :D)

Misty says:

This should be illegal

Facebook locked me out of my account yesterday while I was pming with a friend… and of course FORCED me to DL that stupid Mcaffee in order to unlock my account… If you don’t do it your account stays locked… seriously??? NO ONE has the right to make you download ANY program and run it on YOUR system. And like the rest of you… Mcaffee found NOTHING… and also like all of you I do have AV that I choose and like. If there is ever a class action suit against FB for this forced download I want in on it!

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...