Easy money for hackers, big headaches for IT

There's been a huge increase of malware attached to social networking sites and loosely regulated app stores. Should you lock up your users?

1 2 Page 2
Page 2 of 2

That particular scam worked especially well in February, when users were hungry for videos of the Winter Olympics. Similarly, visitors to Foxnews.com who wanted to watch certain video clips last year were tricked into installing a tainted codec. Still, it's difficult to zero in on why Facebook has been hit so much harder this year than last.

To be fair to users, it's worth noting that some of the traditional advice they get from IT or popular publications is no longer adequate. IT tells people to go to only trusted sites. Unfortunately, by the beginning of 2009, the majority of infectious sites were mainstream, says Roger Grimes, a security professional and InfoWorld's Security Adviser blogger.

Facebook says it has not noticed a spike in rogue software. "People have a number of options for controlling the information they share with applications. We also have a dedicated enforcement team that conducts spot reviews of top applications and of many other applications, including looking at the data they need to run the application versus the data they gather," says Facebook spokesman Simon Axten.

Axten points out that apps are subject to privacy settings. "That is, you can configure what your friends' apps can and can't access." (Here's how to configure those settings.)

Which is worse: Email or Web 2.0?
AVG isn't the only security company pointing the finger at threats related to Web 2.0 and social networking. Four in five IT professionals polled recently by Webroot said Web 2.0-based malware will pose the biggest security threat this year.

Seventy-three percent said Web-based threats are more difficult to manage than email-based threats, and 23 percent said their company was vulnerable to attacks on Web 2.0 applications, including social networks such as Facebook and Twitter.

No one likes to be hated, but sometimes you have to take security measures that will make your users really angry. You might even have to (gasp) pull some PCs off the Internet and treat some employees like children, suggests David Perry, global director of education for Trend Micro, whose global array of sensors (and information exchanges with other security vendors and customers) now detects an astonishing 100,000 samples of new malware a day.

You know the drill: Tell them going to porn and gambling sites and so on will get them in serious trouble. Because they are adults, you might set up a PC in the break room that has Web access but is not on your network. They may waste time on it, but it won't endanger enterprise security.

I don't mean to pick on Facebook. But I do think that Web 2.0 mavens have to think harder about the problems -- indeed, crimes -- that holes in their sites create for IT.

I welcome your comments, tips, and suggestions. Post them here so all our readers can share them, or reach me at bill.snyder@sbcglobal.net.

This article, "Easy money for hackers, big headaches for IT," originally was published at InfoWorld.com. Read more of Bill Snyder's Tech's Bottom Line blog at InfoWorld.com.

Related:

Copyright © 2010 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
How to choose a low-code development platform