Are Your Social Friends Infecting You With Malware?

The Internet and social networks are incredible – they allow us to connect with one another in a way we have never been able to before. But in many instances, they also propose a threat. You see, we trust our friends and contacts. Therefore, whenever a friend shares something they read or use on a social network, we are much more inclined to check it out, whereas we might be more hesitant if we just saw it amongst some search engine results. So what do you do to prevent becoming infected with malware via social networks?

The precautions are simple:

Be aware and careThink before you clickWarn your friendsProperly set security settings

Ultimately, there are three kinds of naive friends that we have who are potential threats to us on social networks:

The Facebook Over-SharerThe Dodgy DownloaderThe Victim Of Identity TheftThe Facebook Over-Sharer

This is the person who prefers the Share button over the Like button and who blows up your News Feed. I have a few of these and they’re annoying. Sure you can prevent them from showing up in your News Feed altogether or filter out different kinds of posts… however, often times they do share a lot of good things – just too much.

So what’s the threat?

Because they share too much, the odds are higher that they’re bound to share malicious links once in a while – it’s a numbers game.

What can I do?

There are a few things you can do. For starters, you can install certain browser extensions which flag known malicious sites. Note that not every tool is 100% is perfect and there may be the occasional site that goes undetected.

There are several browser extensions for this including Web Of Trust, BitDefender’s TrafficLight, AVG’s LinkScanner, McAfee’s SiteAdviser and Norton’s Safe Web. In addition we’ve written about some more tools in the articles 8 Ways To Make Sure A Link Is Safe Before You Click It and 4 Quick Sites That Let You Check if Links Are Safe.

The clincher is, though, that not all of those tools work in social networks. There is one, which has been proven effective for this and that is Web Of Trust. It’s what I use, personally, and I feel that it is the most accurate due to the substantial community.

In addition there are some useful Facebook applications that you can use to enhance your security and protect yourself against the over-sharers.

BitDefender’s Safego, which is different from TrafficLight, but works well in combination with it. Safego works by scanning links which have been posted by your friends and pages that you follow.

Safego has three specific features. Account protection, which warns you and protects your account against social network-specific scams by automatically scanning the posts in your News Feed for spam messages and malicious links. QuickScan, which, in less than 60 seconds, gives you a safety status check. QuickScan is an official product of BitDefender. Lastly, there’s the Friend Safe Net, where Safego automatically warns your friends when “fishy” links are posted in their News Feeds. Note that the “Publish to Wall” option must be enabled for this to work.

For more information you can follow their Facebook page.

Norton Safe Web is another. It works by scanning your Facebook News Feed for the links shared with you in the past 24 hours. There is a label system which includes five categories: Norton Secured, Safe, Caution, Warning, and Untested.

Note that for Auto-Scan to work, you must manually turn it on at first and approve the application’s permissions to access certain parts of your account. Also, I want to emphasize the importance of checking over the permissions of any app you are about to allow access to your profile.

For more information about Norton Safe Web, you can follow it on Facebook.

The Dodgy Downloader

You know those people who install everything without thinking on their computer? Well, sadly they likely have a Facebook account as well. In fact, as you’ve probably noticed, as they’re the people constantly sending you app invites.

So what’s the threat?

About those app invites… you know that not all apps are safe? You probably do, but how do you tell? You follow those four tips at the beginning of the article. Out of all of those, probably the most important one for this category of friend is think before you click.

What can I do?

Whenever you’re invited to use an app, refrain from trying it, unless you know for sure that it’s safe. If you think the app is somehow unsafe, you can report it to Facebook as spam. You can also alert the person who “sent” it (because chances are, they didn’t actually send it). Recently, before I even considered writing an article about this, I had this exact experience where a friend sent me a request to use an app. Web Of Trust flagged it as unsafe, not that I would have clicked it anyway – I hate (most) apps.

So what did I do? Well, as you can see, I looked it up and verified that it was unsafe. Then I contacted them. They received my recommendation kindly and removed it (I assume). This works on most occasions. Unfortunately, you will probably have some “friends” who don’t care about what apps that have and will ignore your recommendations. The best thing you can do is use a tool like Web Of Trust to look out for malicious links.

The Victim Of Identity Theft

If you aren’t careful and click a link from “The Facebook Over-Sharer” or “The Dodgy Downloader” you just might end up like one of your friends who is “The Victim Of Identity Theft”. You wouldn’t want that would you? But, even if you weren’t one yet, you could become one. How? From a friend who is one already.

So what’s the threat?

Right now you’re probably thinking “this doesn’t sound like a problem of mine, and I don’t have time to worry about my friends’ issues.” Well… you’re wrong because of two things:

It is a problem of yours because you connect with them on Facebook.You’re on Facebook. Don’t give me the “I don’t have time” excuse.

Number one kind of sucks, doesn’t it? Yeah – that’s a big issue with Facebook. But it doesn’t have to be if you’ve made the proper precautions – you know, the ones listed at the beginning of the article that I keep referring to?

What can I do?

While all of those can be helpful in preventing the same curse happening to you, the biggest one is to properly set your security and privacy settings, which Facebook has recently made very easy. While the article I linked to provides the details, I will touch upon the basics. First, check out your Security Settings.

Here you can adjust the settings for Secure Browsing, Login Notifications, Login Approvals, App Passwords, Recognized Devices and Active Sessions – all of which are important to familiarize yourself with.

But that’s not it – there are also Privacy settings and Timeline and Tagging settings.

The Privacy Settings and Tools provide controls under two categories: “Who can see my stuff?” and “Who can look me up?” In the first section, you can control who can see your future posts, review all posts and the things you’re tagged in and limit the audience for posts you’ve shared with friends of friends or the Public. The second section allows you to change who can look you up using the email address or phone number associated with your account, and whether or not to allow search engines to link to your timeline.

The Timeline and Tagging Settings are equally as important. Have you ever been “spammed” on your wall from a friend via an app? That’s because you haven’t enabled the setting to approve posts before being published to your Timeline – do that and you’ll never be spammed. Note that whenever a friend “spams” your wall, they may or may not realize they’re doing it. Also, consider that by allowing your friends to “spam” your wall, you’re subjecting your other friends to the same junk – that’s not very considerate.

Don’t just stop at the Facebook security and privacy pages though – explore the App Settings page as well. There are a couple of important sections to note.

Apps you useApps others use

The Apps you use section has a “switch” to turn on/off Facebook Platform which, as explained in the image below, allows you to use apps and websites with Facebook.

If you don’t want to use Facebook with anything, by all means, turn it off. But you’ll likely want to use it with some app (such as the security ones mentioned earlier) or sign into a website, like here at MakeUseOf.

It is important to address, however, that with this turned off, you won’t receive any app invites from friends. The Apps you use section is important for exploring what apps you have installed. Take a second to see what apps you’re using and which ones you aren’t. It’s also important to go over what the apps have access to on your profile.

The Apps others use section allows you to control what your friend’s apps can access on your own. That’s right – if you see any of these check boxes checked, apps that your friends use are using that info about you. Need I say more?

Conclusion

By taking these precautions you will reduce your chances of acquiring malware via your social media contacts. Facebook was the primary social network focused on in this article, but the same rules can be used on other social networks, especially where clicking on links is concerned. MyPermissions.org is an excellent tool for managing what services have access to your social networks.

Below are a few additional sources for information about Facebook security and preventing infections:

AVG Officially Launches Desktop Safe Social App MultiMi [Updates]ROUNDUP: 5 Must-Know Critical Facebook Privacy TipsHow Secure Is Facebook, Really- A Roundup Of Breaches & Flaws5 Things You Can Do NOW To Secure Your Facebook Account & Make It Recoverable5 Tips & Tricks To Avoid Facebook Phishing ScamsHow To Prevent & Remove Facebook Malware or Virus

What are your experiences with Facebook malware? Any pet peeves you’d like to share (like I have)? Are there any other tools that you use, which have proven to reduce malicious apps and links in your News Feed?

Image Credit: Laptops sending and receiving infected files via Shutterstock

View the Original article

Read more »»»

Posted in: Friends,Infecting,Malware?,Social

Social Media from the Command Line, Part 2: Google

In Part 1 of this series we showed you how to use your command line to access Facebook with FBCMD and Twitter with TTYtter. Today you’ll learn how to manage your Google services from the command line.

Note: We have previously written a beginner guide to using GoogleCL, and this article is an add-on to that article with more detailed examples.

Google offers many different services, several of which are available from your terminal with the Python program GoogleCL:

BloggerCalendarContactsDocsPicasaYouTubeInstallation

It’s more than likely that your *nix package manager offers GoogleCL in one of its repositories. If it doesn’t, or if you’re running Windows, you can download GoogleCL here or grab the latest source code like this (note that Google Docs are broken in the latest .tar.gz packages from the first link, so I strongly recommend using the Subversion command below):

svn checkout http://googlecl.googlecode.com/svn/trunk/ googlecl-read-only

GoogleCL requires the dependencies Python 2.5, 2.6, or 2.7 and gdata. To see all the different ways you can install GoogleCL, visit the official Install page. Here’s how to install it from the Subversion sources:

cd ./googlecl-read-onlysudo python setup.py install

If your default version of Python is not 2.* (you can check with the command python --version), you’ll have to specify a version when you run setup.py. For example, if your Python version is 2.7, run:

sudo python2.7 setup.py install

Once you’ve installed GoogleCL, you’ll be able to run these commands:

google blogger [arguments]google calendar [arguments]google contacts [arguments]google docs [arguments]google finance [arguments]google picasa [arguments]google youtube [arguments]

Before you can actually use these services, you must authorize GoogleCL. The first time you run a GoogleCL command for a particular service, you’ll be automatically taken to the authorization page in your browser. For example, I ran:

google picasa list-albums #lists your Picasa albums

GoogleCL asked me to specify the user (usually yourusername@gmail.com, unless you’re using Google services for a different domain name), and then it took me here:

Once I pressed “Grant access,” I went back into my terminal and hit Enter. GoogleCL then listed my Picasa albums along with their URLs:

Usage

You can view a complete list of GoogleCL commands by entering man google in your terminal. I’ll now show a few examples of what you can do.

Blogger

First configure your blog. In Linux, Mac OS X, or a BSD system, edit “~/.config/googlecl/config”; in Windows 7+, edit “C:\Users\USERNAME\.googlecl”, and in Windows XP edit “C:\Documents and Settings\USERNAME\.googlecl”. Scroll down to the end of the document, where there is a section labeled [BLOGGER], and add your blog’s information:

blog = The Name of Your Blogskip_auth = Trueuser = yourusername@gmail.com

Now you can:

List your posts:

google blogger list

Make a new post with tags:

google blogger post --tags "breakup, terminal" "I broke up with my boyfriend today, so I'm disconsolately posting about it from my bash shell." [name of blog, if you have more than one]

Make a new post from a text file and give it a title:

google blogger post --title "I wrote this post in Vim!" blogger-text.txt

Delete a post:

google blogger delete --title "This is a really embarrassing post about my feelings that I will someday regret publishing"Calendar

Add an event to your calendar:

google calendar add "MakeTechEasier article due Saturday at 11:59pm" --reminder 2d # GoogleCL will automatically parse the date and time

List all events:

google calendar list

List events in a particular date range:

google calendar list --date 2012-12-25,2013-01-16

Delete an event on a particular calendar:

google calendar delete --cal "My Social Calendar" --title "Lame Party"Contacts

For Contacts, you’ll have to provide an authorization token in addition to authorizing GoogleCL in your browser. GoogleCL will walk you through this. Once authorized, you can perform these common tasks:

Add a new contact:

google contacts add "Ms. NewBoss, boss@company.com"

List contact information for anyone with a particular string in their name:

google contacts list "Boss"

Add a new contacts group:

google calendar add-groups "Family" "Friends" "Enemies"

List your contacts groups:

google calendar list-groups

Delete a contact:

google calendar delete "Traitor"Docs

Remember that if you installed the stable version of GoogleCL, Google Docs is likely to be broken. Use the Subversion command described in the “Installation” section of this article to get Docs working. Once you’ve provided your authorization key, you can perform these actions and more:

Upload a document:

google docs upload Homework.odt

List all of your documents:

google docs list

Edit a document by name in an editor of your choice:

google docs edit --title "My Hopes and Dreams" --editor emacs

Download a document:

google docs get --title "Mom's Hannukah Wishlist"

Picasa

Create an album:

google picasa create --title "My Art" --tags art,drawing

Delete an album:

google picasa delete --title "Ex-Girlfriend and Me"

Add a new photo to an album:

google picasa post --title "San Francisco" golden-gate-bridge.jpg

Tag photos in an album:

google picasa tag --title "College" --tags college,UCSC

List photos with a particular tag:

google picasa list --query "GPOY"

Download an album to your Pictures folder:

google picasa get --title "New Girlfriend and Me" ~/PicturesYouTube

In the next installment of this article series, we’ll discuss ways to view and download YouTube videos. If you have your own YouTube account, you can manage it with GoogleCL:

List your videos:

google youtube list

Post a new video:

google youtube post --category Music --devtags folk,"The Mountain Goats",live --title "The Mountain Goats live in Portland" tmg_live.ogv

Tag all videos with a certain string in the title:

google youtube tag -n ".*mashup.*" --tags mashup

Delete a video:

google youtube delete --title "V-Day with the Ex"

GoogleCL lets you add many additional parameters to your tasks that I haven’t described here. See this section of the GoogleCL manual to read about them.

Stay tuned for next time, when we’ll talk about using Tumblr, Flickr, and YouTube from the command line!

View the Original article

Read more »»»

Posted in: Command,Google,Line,Media,Social