![](\"https:\/\/media.wired.com\/photos\/5a8f634ae7ab4d3c1489b1e8\/master\/pass\/FacebookAntiVirus.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Louise Matsakis| Date: Fri, 23 Feb 2018 17:26:28 +0000<\/strong><\/p>\n When an Oregon <\/span>science fiction writer named Charity tried to log onto Facebook on February 11, she found herself completely locked out of her account. A message appeared saying she needed to download Facebook\u2019s malware scanner if she wanted to get back in. Charity couldn\u2019t use Facebook until she completed the scan, but the file the company provided was for a Windows device\u2014Charity uses a Mac.<\/p>\n \u201cI could not actually run the software they were demanding I download and use,\u201d she says. When she tried instead to log in from her computer at work, Facebook greeted her with the same roadblock. \u201cObviously there is no way for Facebook to know if my device is infected with anything, since this same message appeared on any computer I tried to access my account from,\u201d says Charity.<\/p>\n A Facebook spokesperson said Charity may have been asked to download the wrong software because some malware can spoof what kind of computer a person is running. Still, Charity was left without any way to access her account. And her experience is far from unique.<\/p>\n The internet is full of Facebook users frustrated with how the company handles malware threats. For nearly four years, people have complained about Facebook's anti-malware scan on forums<\/a>, Twitter<\/a>, Reddit<\/a>, and on personal blogs<\/a>. The problems appear to have gotten worse recently. While the service used to be optional, Facebook now requires it if it flags your device for malware. And according to screenshots reviewed by WIRED from people recently prompted to run the scan, Facebook also no longer allows every user to select what type of device they're on, which ostensibly would have prevented what happened to Charity.<\/p>\n 'I could not actually run the software they were demanding I download and use.'<\/p>\n Charity, Facebook User<\/p>\n The malware scans likely only impact a relatively small population of Facebook's billions of users, some of whose computers may genuinely be infected. But even a fraction of Facebook's users still potentially means millions of impacted people. The mandatory scan has caused widespread confusion and frustration; WIRED spoke to people who had been locked out of their accounts by the scan, or simply baffled by it, on four different continents.<\/p>\n The mandatory malware scan has downsides beyond losing account access. Facebook users also frequently report that the feature is poorly designed, and inconsistently implemented. In some cases, if a different user logs onto Facebook from the same device, they sometimes won\u2019t be greeted with the malware message. Similarly, if the \u201cinfected\u201d user simply switches browsers, the message also appears to occasionally go away.<\/p>\n \u201cIt is actually tied to one specific Facebook user on one specific browser\u2014if I change either to a different account, or use Safari instead of Chrome with the locked-out account, I do not get the scanner dialog,\u201d says Anatol Ulrich, a Facebook user from Germany who was locked out of his account after sharing several Google docs in comment threads on Facebook. He, too, was prompted to download a Windows file on a Mac device.<\/p>\n \u201cOur visibility into each account on a given device isn\u2019t complete enough for us to checkpoint based only on the device, without factoring in whether the particular account is acting in a suspicious manner,\u201d Facebook spokesperson Jay Nancarrow said in a statement. In some ways that might be comforting; Facebook doesn't collect enough information about your computer to say whether malware has infected it.<\/p>\n But if Facebook doesn't know for sure, why would it push you to clean your device? Antivirus software is a powerful tool<\/a>, capable of accessing nearly everything on your computer. Some users might reasonably not want to give Facebook and its chosen cybersecurity partners that level of access. Antivirus and anti-malware software are also prone to vulnerabilities themselves; in 2016, Google\u2019s Travis Ormandy discovered critical flaws<\/a> across all of Symantec\u2019s antivirus products, for example.<\/p>\n Facebook also doesn\u2019t appear to have regularly updated its users about which partners it relies on to supply its malware scans. The social network began integrating the scans into its malware detection systems in May of 2014, and said they would be supplied by F-Secure and Trend Micro, according to the announcement blog post<\/a> written at the time. In December of 2014, it added<\/a> ESET, and in 2015, Facebook announced<\/a> it was also adding Kaspersky Lab.<\/p>\n Facebook stopped working with Kaspersky last year, following reports<\/a> that Russia exploited the company's antivirus software to trawl US government systems for classified data. F-Secure says it also stopped working with Facebook last year, but the social media platform never announced the change. \u201cThank you for bringing this to our attention. We will update our documentation to reflect the current set of companies,\u201d Nancarrow said in a statement.<\/p>\n Both ESET and Trend Micro say that they continue to work with Facebook, but stressed that they had no control over how the social network handles its scanning feature. \u201cESET does not have any ability to lock users out of their Facebook account, or unlock someone\u2019s account. We recommend that people contact Facebook support for help if they experience this issue,\u201d a spokesperson for ESET said in a statement.<\/p>\n Even with legitimate software partners, though, Facebook's malware-scanner notification could encourage unsafe behavior elsewhere on the web. It "will possibly train users to accept or install fake antivirus products, most of which are ransomware," says Mohammad Mannan, a security researcher at Concordia University who has studied antivirus vulnerabilities. "That is, you visit a random site, and get a scary popup which says your machine is infected and needs immediate cleaning; if you say yes to the installation, a ransom is asked."<\/p>\n At least one person, New Zealand businessman Jack Yan, even reported that running Facebook\u2019s malware detector caused his own antivirus to disappear in 2016. Facebook declined to comment on the record about why this may have happened. It's possible the Kaspersky Lab antivirus software that Facebook mandated Yan use may have automatically deleted a number of other programs<\/a> on his machine. After the incident, Yan penned a blog post<\/a> describing his experience, which has since attracted a number of Facebook users who have experienced similar annoyances.<\/p>\n \u201cMost of the folks who I have spoken to over the last couple of years have all said their systems were clean, and used their own virus and malware detectors,\u201d says Yan. \u201cMine was confirmed clean at the time too.\u201d<\/p>\n 'Facebook should make their agreements with antivirus partners public.'<\/p>\n Mohammad Mannan, Concordia University<\/p>\n Facebook declined to say how many users see the malware scanner prompt, possibly because it doesn't actually know. When the social media company stopped working with Kaspersky, it said<\/a> it was \u201cunable to easily reconstruct how many Facebook users downloaded Kaspersky software.\u201d The only public figure is from a 2015 blog post, in which Facebook said<\/a> it had \u201chelped clean up more than two million people\u2019s computers,\u201d over the course of three months.<\/p>\n Facebook also hasn't provided information about how it uses the data it gleams from its cybersecurity partners that conduct the malware scans. "What does Facebook collect from their antivirus partners?" asks Mannan. "An antivirus product can collect a lot of useful information from the user machine\u2014telemetry data; beyond what Facebook gets through their website\u2014and share it with Facebook. Facebook should make their agreements with antivirus partners public."<\/p>\n Facebook tells users when they agree to conduct the scan that the data collected in the process will be used "to improve security on and off Facebook," which is vague. The company did not immediately respond to a followup request for comment about how exactly it uses the data it collects from conducting malware checks.<\/p>\n Facebook has legitimate reason to want to keep malware off its service. Scammers<\/a>, hackers, and even would-be cryptocurrency miners<\/a> have all targeted Facebook and Facebook Messenger. But if Facebook keeps forcing its malware scans on its users, it has to commit to more transparency as well.<\/p>\n