Facebook under fire for stealth app installs

The problem appears to stem from Facebook's ability to add secret applications to members profiles – which then interact with other users and even off Facebook systems – without users even knowing about it.

Perhaps worse, Infosecurity notes, there is no real easy way to stop this from happening.

Usually, if a piece of software or unknown application is installed on your home or office computer, it is considered to be malware. The problem facing the Facebook user community is whether these stealth install apps could be considered malware.

According to newswire reports, the situation is compounded by the issue that the on-Facebook apps can interact with other web sessions open in other browser windows on users' PCs.

The feature that has been added is part of Facebook's new sharing features and tools, which integrates Facebook into other related news, and flash game websites such as the Washington Post and CNET.

Facebook says the intention is to share information with its users, telling them what information they have shared via the relevant website, and asking them if they wish to post the information on their wall.

Because the apps are effectively being added to users' profiles in stealth mode, users have no way of knowing the apps have been added, meaning they cannot stop the apps from interacting with their Facebook sessions or – for that matter – other web sessions open in other browser windows, Infosecurity notes.

According to security researcher Gadi Evron, Facebook is also being used as a distribution platform for adware such as the FLV Direct media player.

Confirming earlier reports from Sunbelt Software, Evron says that software comes bundled with adware from an app called Zugo Search.

Amichai Shulman, chief technology officer with Imperva, said that social networking operators like Facebook should test their applications more rigorously for security issues.

"However, with respect to privacy issues in social networking this is like telling a seaman 'avoid deep water' ", he said, adding that the social networking sites should be managing their risk properly and focusing on the real issues, which are infections and worms.

"Social networking sites should focus on avoiding malware distribution through shared content. While I do think that they should strive to provide the required privacy, the essence of social networking platforms is making your personal information public", he said.

"Losing control of it in the process should be accepted as an inherent risk. Facebook or others cannot inherently do something different to prevent this from happening in the future. In a platform where sharing information is the DEFAULT, one must expect privacy breaches", he added.

"My advice to consumers is to reiterate that you should not put up anything on the internet that you are not willing to share with the world."

What’s hot on Infosecurity Magazine?