News > Security

By Eileen Yu, ZDNet Asia
Tuesday, January 08, 2008 07:23 PM

Facebook users are advised to exercise caution before downloading applications on the social networking site, after an application has been identified to download adware into a user's PC.

According to IT security vendor Sophos, the discovery of the Secret Crush application underscores the need for Facebook users to be careful about the kinds of third-party applications they install.

Secret Crush application

The application invites unsuspecting Facebook users to find out which of their friends have a secret crush on them. After installing the application, however, users are instead directed to an external Web site inviting them to download applications such as MyWebSearch, which allows for pop-up advertising.

Facebook has since removed Secret Crush from its database.

Graham Cluley, Sophos' senior technology consultant, however, is calling for caution.

"Facebook users must show greater discretion about how they use the site, and which applications they install," Cluley said. "These third-party widgets are not written by Facebook, and can mean that you are carelessly sharing your personal information with strangers or risking your computer's security."

He noted that "thousands" of third-party applications have been developed and made available for Facebook users, and it is "obviously proving impossible" for the social networking site to police them.

"The message from Facebook to its users appears to be, 'add third-party applications at your own risk," he said.

On its site, the social networking site outlined that it will not be held responsible for any loss or damage incurred by its users through "any user content or third-party applications".

In a statement released Monday, Facebook said it is committed to ensuring user security but asked for its users to "employ the same precautions" while downloading applications from the site, as they would when downloading software on their PCs.

A Sophos study last year found that 41 percent of Facebook users were willing to reveal their personal information to a complete stranger, and 84 percent divulged their full date of birth.

Cluley urged companies to establish proper user policies if they do decide to allow their employees to access social networking sites during office hours.

"It's vital that they do not put their personal and corporate data at risk... If your users are installing third-party Facebook applications in the office, they could potentially be bringing adware, spyware and malware into your organization at the same time," he said.

Talkback 0 comments

• Great China Compliance Manager Leading US IT Enterprise
• Senior Business Analyst Compliance and Risk Financial Services
• Operational Risk and Compliance Associate
• Compliance Risk & Operations Manager, Hong Kong
• Risk and Compliance Manager / CBD / Great

Search for your ideal tech job:

TechGuides

Fix numbers that deviate from your numbered list format

Here's how you can eliminate the paragraph formatting to make the number match the others.

Read more »

Latest from Blog Central

Objectivity and the rise of online forums

Read more »

What's important from our sponsors

Webcast:

Enabling Telecom 2.0 with the next generation Service Delivery Platform

Register now to attend this live webcast where the featured speakers address current trends of service delivery and share a case study on how a leading SEA Telco Operator enhanced speed to market.

Cutting-edge technology from premium sponsors

Oracle Technology Solutions for Midsize Businesses

Oracle's Vision for an Enterprise Performance Management System

Improve employee productivity with an out-of-the-box employee portal