Facebook should learn a security lesson from Apple, Sophos poll confirms

Sophos Press Release

"Walled garden" would reduce prevalence of malicious apps

A Sophos poll of over 1000 people has revealed that more than 95% believe that Facebook should follow Apple's example and security-check all third party apps running on the site.

Sophos's survey follows a summer of malicious apps, causing havoc on Facebook, compromising hundreds of thousands of users' profiles and spreading virally across the network.

"Facebook is much more than a social networking website, it's a platform with over half a million active applications running upon it," explained Graham Cluley, senior technology consultant at Sophos. "Inevitably some of these applications are written with malicious intent - designed to steal information, spread virally, or spam unsuspecting Facebook users. Anyone can write a Facebook application, and it can be made available to the site's over 500+ million users without vetting. It's no wonder we see so many malicious attacks by rogue Facebook apps every day."

Facebook verify apps survey results, October 2010

"Apple has successfully run a 'walled garden' on its iPhone App Store, meaning that only approved apps are allowed to be run on the iPhone, iPad and iPod Touch," continued Cluley. "Although some people may not appreciate the level of control that Apple has over what apps you can run on your device, it certainly has been instrumental in keeping malicious hackers and malware off the platform."

Rogue Facebook application attack

Every day, Sophos sees new malicious apps on Facebook, that are happily spreading on the social network, compromising users' profiles and stealing information. Clearly Sophos's poll respondents feel it's time that Facebook put in place compulsory verification systems for third-party applications, to help prevent security threats.

More information about the threat posed by rogue Facebook applications can be found on Graham Cluley's blog.

Source: Sophos online survey, 1025 respondents, October 2010.

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at www.sophos.com/company.