The mess with Facebook’s ‘malware protection’

[German]Just a brief view of  Facebook’s approach of securing users with malware protection. The ‘Malware protection’ attempt of the social network causes some Facebook users a lot of trouble and prevents them from logging in.


Some background information

Facebook tries to protect its users from malware infections, affecting the social network. The company uses its own approach to detect infected user systems. If Facebook’s internal check algorithms conclude that something isn’t proper with the user’s device, which he uses to access the social network, a malware alert is triggered 

Facebook Malicious Software Warnung

The user receives a notification (see screenshot above) that his or her client may be infected. The person’s Facebook account will then be set to read-only. This means that this person cannot post anything on his/her Facebook account anymore.

Facebook Virenscanner Download

But the user is offered (from Facebook) to download a ESET-Online-Scanner (see screenshot above). The online scanner can be run after downloading. After a successful scan, the Facebook account will be completely reactivated. I had covered this topic in more detail within my German blog post Facebook Security mit eigenem Virenscanner.


Allegation: Not transparent nor helpful

Wired just has publihed the article Facebook’s mandatory malware scan is an intrusive mess, addressing this topic. The user cannot escape the malware scan if Facebook believes that the client is infected. The criteria according to which this decision will be made by Facebook remain in the dark. It is particularly foolish if the user isn’t able to run the ESET online scanner, so he/she remains locked out from active Facebook use.

The wired article outlined a case where a science fiction writer from the USA suddenly received a Facebook notification. Authors often use Facebook to communicate with readers. Facebook thought that this user’s client might be infected with malware. So the user was forced to download and run the ESET online scanner.

The foolish thing about this story: The ESET online scanner is for Windows, but the user in question was using a Mac and macOS. So the ESET online scanner was useless and so the user remained blocked by Facebook for days with regard to account activity. 

And it got even better: The user writes that Facebook apparently (and that’s finally a good thing, because it means, they don’t have the possibility to check your client’s internals) has no way of recognizing that a client is infected with malware. Because Facebook’s warning message was displayed on all devices used by the user to log in.

It seems that this isn’t a single incident, because forums (Norton), Twitter, Reddit and personal blogs are full of posts from frustrated Facebook users reporting such experiences. In brief: Facebook’s malware detection is probably related to activities in the Facebook account itself. But Facebook does not have the ability to detect the client’s infection, nor is Facebook able to provide appropriate malware scanners for these clients – unless you use Windows. How cool is that? Has anyone of you had such an experience with Facebook?

This entry was posted in Security and tagged , . Bookmark the permalink.

3 Responses to The mess with Facebook’s ‘malware protection’

  1. Jack Yan says:

    Thank you for your link.

    I can add a few notes: many users report that they can simply wait three days, not download the so-called scanner, and everything is fine. Which points to something very wrong with Facebook’s databases, except to cover themselves, they blame the user. I believe it’s a cover-up, because if word got out just how fragile Facebook’s databases are, their share price would tumble. None of Facebook’s official responses to Louise Matsakis at Wired make any real sense, especially the falsehood explaining why a Mac user is offered a Windows scanner.

    We also know that someone else can use the allegedly infected device and have no problems with Facebook access, again pointing at database problems affecting certain users. You are right that this is account-specific.

    The scanner itself winds up in a hidden directory. It never appears in your installed programs’ list.

    Facebook needs to come clean about what it is doing, but I doubt that it is legit, otherwise they wouldn’t have tried to obfuscate with their replies to Ms Matsakis.

  2. jesarat says:

    Facebook needs to come clean about what it is doing, but I doubt that it is legit, otherwise they wouldn’t have tried to obfuscate with their replies to Ms Matsakis.
    I totally agree with this statement

    • guenni says:

      I’ve removed the link to your page, because SEO Spam in Comments or links to sites not in English are not allowed. Users will be banned, if further violations are detected. Thanks for your understanding.

Leave a Reply

Your email address will not be published. Required fields are marked *