Tuesday, August 12, 2014

How does Facebook protect its users from malicious URLs?

The following post gives a good overview of the various techniques (such as link shim) used by Facebook to protect its users from malicious websites - whose links would be embedded in posts.

https://www.facebook.com/notes/facebook-security/link-shim-protecting-the-people-who-use-facebook-from-malicious-urls/10150492832835766

Facebook has its internal blacklist of malicious links and also queries external partners such as McAfee, Google, Web of Trust, and Websense.  When FB detects that a URL is malicious, it displays an interstitial page before the browser actually requests the suspicious page. This protects the user, who now has to make a conscious decision as to whether he wants to proceed to the malicious page.

BTW, if you have not already installed the 'Web of Trust' browser plugin for your browser, do so immediately :)

Another interesting point was the fact that it is more secure to run a check at click time than at display time. If one relied on display-time filtering alone, we would not be able to retroactively block any malicious URLs - lying in an email or an old page.