Facebook / McAfee deal provides security software but little education

Facebook tonight announced that it has partnered with McAfee to offer a six-month security software subscription to its 350 million users. In the announcement, said that it entered into its partnership to further demonstrate its commitment to securing its user base. After the six-month subscription runs out users will then be offered a discounted price on the security software, making it not a bad sales or marketing deal for McAfee, either.

According to the blog post written by Jake Brill, Facebook continues to hone its security policies to create a safer environment for its users. However, he states that in the "rare case" that a user's computer is compromised due to visits to malicious third-party sites, having a security solution such as McAfee's is important. Users interested in the offer are instructed to visit the McAfee fan page on Facebook.

Call it industry cynicism, but without further education beyond a few tips in a blog post, users will continue to click at random. The question, of course, becomes, "is that really the social network's responsibility?" Perhaps not, but all mainstream social networks have a unique opportunity to take advantage of the captive audience and provide better security awareness training for even the most novice of users

My other concern is that this is going to have an enabling effect. If you can't stop a user from believing that some stranger he or she hasn't met before doesn't have a funny video of them doing something embarrassing (aka Koobface), what's to say that this same user will even have the skills to install the McAfee solution, or in a more complicated sense, understand how to deal with updates and alerts? Plus, this assumes that most users do not already have a desktop security solution; they just change their settings or ignore alerts.

Again, this is a good first step for Facebook, but throwing downloads around is only a small percentage of the solution. This offer creates a risk of a rampant false sense of security among the many otherwise uneducated users. Lest we not forget that Facebook has had issues securing its own site or stopping the scams, too. Nor does this come close to addressing data privacy issues.

I'm still waiting for that Social Network Security Consortium chock full of social network and security industry leaders who get together to develop better cross-service education methods. I hope I won't be waiting too much longer.