On Sunday, a number of Facebook users reported being locked out of the system. When they attempted to log in they were presented instead with the a series of screens, informing them that their computer was infected, and providing a link to a free scanning service by McAfee antivirus software.

Facebook screens
Being locked out upset people to no end, because it was the first they had heard about their computer being infected.

It appears that Facebook users on a grand scale are
receiving a notice that their account is temporarily locked and
could be infected with a virus. These users are then encouraged to
download a free tool by McAfee to scan their system.
There has been much speculation on the issue. Our best guess is that
there is a bug in Facebook's filters or algorithms
that is yielding a false positive malware result for a large
portion of these users. We have reached out to Facebook
regarding the matter and will update this thread if we hear
anything back.
Other users with Mac computers insisted they were safe.


If only that were true.
Over just these past few weeks we have read about Facebook itself being hacked due to a vulnerability in Oracle’s common cross-platform (Windows, Mac, UNIX) software component Java. Media-player Adobe Flash has had a tough time of it too being repeatedly patched, then re-hacked within days, and that runs on all sorts of computers. One Adobe rep, looking very tired, said recently that things were so busy with security issues staff had taken to sleeping at the office. Like, as in ‘moved in’.

Our point? It was entirely reasonable to think that Facebook was detecting infected computers trying to log into their systems.

Wait what? Facebook is scanning their users computers?

Yes, they are. This isn’t a new activity. For example, Google and Facebook helped quell a massive infection called DNSChanger by diverting infected users to special pages with disinfection information U.S. Cable ISP behemoth Comcast also scans their users’ computers and in the case of repeated, untreated infections, user accounts are placed in a so-called ‘walled garden’ limiting Internet access until they can be fixed.

Walled Gardens are a reasonable approach, and an effective way to deal with the rampant levels of compromised computers that can damage networks, and the users’ themselves, by stealing personal information on the machine. In fact, CAUCE has representation on the FCC’s Communications Security, Reliability and Interoperability Council (CSRIC) working group advocating a similar approach industry-wide.

CAUCE has also been involved in parallel discussions in Canada, where the idea is still nascent, but is likely to take hold shortly. But what does all this have to do with Facebook Users? Facebook scans computers connecting to their network for infections, and places compromised user computers in a walled garden until the problem can be remediated. They offer free tools to help. They write certain rules for the scanning engine to detect the infections Reasonable enough. According to a Facebook rep., speaking on condition of anonymity said the problem last Sunday was a new employee wrote rules that were a bit too aggressive, and they incurred many false positive results, falsely indicating computers were infected when they were not. After a couple of hours, the error was caught, and initially they withdrew the rules, and then began to find, and reverse the suspended status of those users they had initially blocked. This lead to what users were experiencing– log in once, you are told you are infected, log in again, no such notice. This is what is known in the computer industry by the technical phrase ‘oops’. CAUCE congratulates Facebook (and others) on their efforts to help mitigate computer compromises by this approach. While it is irksome, and sometimes scary to be locked out, and told your computer is infected, the worst-case scenario is that you were unable to post cat and baby photos for a short time on Sunday, and had to run a harmless anti-virus scan.