Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo

 

Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

A key problem is that it is so difficult for users to know what a social-networking application is actually doing. “You cannot really check what an application is doing, being a user,” says Roel Schouwenberg, a senior antivirus researcher at Kaspersky Lab, in Belgium. “As a security professional, that doesn’t give me nice feelings.”

Social factors also play an important role, Hamiel says, because social networks foster an atmosphere of trust that is easy to exploit. For example, a malicious program recently spread via Facebook in the form of a fake update for Flash that was forwarded from one friend to another. “It was the social aspect that drove them to do something technically stupid,” Hamiel says.

The companies behind social-networking sites are just starting to wake up to the issue of security. Facebook, for example, recently created a security page to educate users about potential risks that they could face. The company adds that its security team “is dedicated to investigating and auditing our own code for holes, as well as reaching out to people in an extended community to let us know if we’ve missed anything.”

Hamiel warns that it may be nearly impossible to eliminate all malicious programs, and he notes that an attacker could build a legitimate application, wait until a large number of users have installed it, then make the application “go bad” by updating it with malicious code.

Limiting all applications’ capabilities does not provide a solution because it would destroy what makes them so attractive to users. “You’re in a tough position because the goal of a social network is to facilitate creativity and communication,” he says. “If you start being too restrictive, you’re basically restricting what the social network is all about. You have a functionality arms race.”

A more effective solution, according to Athanasopoulos, would be to hire programmers to audit the code being used by external applications. But he acknowledges that the expense of this could make it unattractive for most companies.

As social networks become increasingly popular, Hamiel expects to see many more attacks. “People don’t have the same respect for software running in their browser as they do for something they would download and install,” he says. In the future, he adds, that may have to change.

1 comment. Share your thoughts »

Credit: Technology Review

Tagged: Web, security, social networks, malware, Facebook platform, OpenSocial, third-party applications

Reprints and Permissions | Send feedback to the editor

From the Archives

Close

Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me