Sophos urges caution on Facebook apps
Facebook users have been advised to exercise caution before downloading applications on the social-networking site, after an application was identified as downloading adware onto users' PCs.
According to IT security vendor Sophos, the discovery concerning the Secret Crush application underscores the need for Facebook users to be careful about the kinds of third-party applications they install.
The application invites unsuspecting Facebook users to find out which of their friends have a secret crush on them. After installing the application, however, users are instead directed to an external website inviting them to download applications such as MyWebSearch, which allows for pop-up advertising.
Facebook has now removed Secret Crush from its database.
"Facebook users must show greater discretion about how they use the site and which applications they install," Graham Cluley, senior technology consultant at Sophos, said. "These third-party widgets are not written by Facebook and can mean that you are carelessly sharing your personal information with strangers or risking your computer's security."
Cluley noted that "thousands" of third-party applications have been developed and made available for Facebook users, and it is "obviously proving impossible" for the social-networking site to police them.
"The message from Facebook to its users appears to be: 'Add third-party applications at your own risk'," Cluley said.
Facebook makes clear on its website that it will not be held responsible for any loss or damage incurred by its users through "any user content or third-party applications".
In a statement released on Monday, Facebook said it is committed to ensuring user security but asked for its users to "employ the same precautions" while downloading applications from the site as they would when downloading software on their PCs.
Cluley urged companies to establish proper user policies if they do decide to allow their employees to access social-networking sites during office hours.
"It's vital that they do not put their personal and corporate data at risk... If your users are installing third-party Facebook applications in the office, they could potentially be bringing adware, spyware and malware into your organisation at the same time," Cluley said.