ie8 fix
madison

Social Business

Eileen Brown
Home / News & Blogs / Social Business

SocialToo gives social networkers a false sense of security

By | September 28, 2009, 9:43am PDT

Summary: Last week SocialToo introduced an “antivirus solution” for Twitter. Problem? It’s not an antivirus solution.

Last week social network “companion” Social Too announced that it had created an “automatic antivirus solution” for Twitter. I saw it retweeted multiple times, with apparent users excitement. I was terrified. Why? For one, it’s not an antivirus solution.

The SocialToo “antivirus solution” promises to act as a middle man between Twitter and your inbox for direct message (DM) delivery. Users log into SocialToo and select “Send SocialToo DM Emails” and then a user’s DMs are re-routed to SocialToo rather than emails going directly to the user. Then SocialToo service then promises only to pass through the alerts to your inbox that are presumably safe.

I talked to my friend Tom Eston, security researcher from SocialMediaSecurity.com, about this service and we agreed on a few things that are alarming about this service:

1. Again, this is not an antivirus product by any stretch of the imagination. It will not prevent malware (malicious files) from being installed on your computer like a traditional anti-virus (signature based) solution. It only applies to DMs.

2. Calling this an “anti-virus” product will give the general social network user a false sense of security.  These are not “viruses” being sent via DM’s…they are phishing links (or in the case of trending topic spam, links to malware).  This might cause users to think that this will protect them from all threats on Twitter just because its labeled an “antivirus product”.

3. Even calling this an anti-phishing solution is stretching it.  There are possibilities of being phished via retweet spam or links from your friends on their feeds after their accounts are compromised. SocialToo’s service will do nothing to protect against these threats.

Continued –>

More from “Social Business”

Topics

Twitter Inc., Antivirus, SocialToo Direct Message, Phishing, Cyberthreats, Spam, Viruses And Worms, Security, Spam And Phishing, Jennifer Leggio

Jennifer Leggio, aka "Mediaphyter," writes about the "social business" side of social media - including enterprise, security and reputation issues.

Disclosure

Jennifer Leggio

Jennifer is employed full-time with Fortinet, a leading network security appliance vendor. She is also actively involved in the network security community and works with the Security Bloggers Network. She co-manages the annual Security Bloggers Meet-UP at RSA Conference.

Jennifer is also involved with Silicon Valley Tweet-Up, a philanthropic networking event that brings people together to raise money for local family-oriented charities.

The blog posts here are solely her opinion and do not represent her employer or any other organization with which she may be affiliated.

Biography

Jennifer Leggio

Jennifer Leggio (@mediaphyter) has been a communications professional for more than 15 years, focusing primarily on enterprise technology and security. She is currently the director of strategic communications for a leading network security vendor. Jennifer is also passionate about all things social media, especially enterprise, security, privacy and reputation issues, which is why she writes about these things for ZDNet.

A well-connected communicator, Jennifer has led or supported interactive social networking efforts for security industry conferences including RSA Conference, Black Hat USA and SOURCE Conference, and founded the Security Twits, a community for network security professionals. She also helps run communications for the Security Bloggers Network.

Finally, Jennifer co-hosts the Quick'n'Dirty social media podcast with Aaron Strout, is a founding member of Technically Women, a communal blog project, and manages marketing and public relations for Silicon Valley Tweet-Up, a networking group that raises money for family-oriented charities. Jennifer was profiled in Silicon Valley San Jose Business Journal's "40 Under 40" edition, as a rising star for 2009.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?
Ask a Question Start a Discussion
13
Comments
Add Your Opinion

Join the conversation!

Just In

RE: SocialToo gives social networkers a false sense of security
joe cibula 29th Sep 2009
It's great you bring this to people's attention. Mixing social with business just doesn't make sense; it's all about delivering more ads, something we all need, right? Look what pay-per-click did to search results. In short, let social be social, and business be business. Then we wouldn't have these types of problems.
View in thread
0 Votes
+ -
False Sense
tehuff 28th Sep 2009
I think there is an innate false sense of
security with social media after the initial
exposure and use of a platform (FB, TWTR,
LinkedIn etc.).

Anything that adds an additional layer of
"false sense" needs to be brought in the light,
as you did... good post.

If SocialToo "GETS IT" they'll use it to
improve their product/strategy.


http://twitter.com/tehuff
0 Votes
+ -
RE: SocialToo gives social networkers a false sense of security
jessestay 28th Sep 2009
Jennifer, I wish you would have contacted me on this (I'm
the CEO) for background. We're still working out how
we're going to package this - the anti-virus package is
mentioned *nowhere* on SocialToo.com itself. The *only*
place we've packaged it as an anti-virus product has been
on our blog, our hope being that it helps users understand
they can feel more secure by joining our service. After all,
we're able to do a heck of a lot more than Twitter is
capable of doing currently - the true concern is whether
Twitter is giving users a false sense of security by
encouraging DMs in the first place without a way to stop
this stuff.

The one thing you neglect to say is that users will be a
whole lot safer using our service than standalone Twitter. I
wish we could spread the word more about that than scare
users away from such a service.
0 Votes
+ -
Tomato, tomahto
Jennifer Leggio 28th Sep 2009
The post was not meant to scare people away from using a service, but to make them aware that this is not an antivirus service. Most social networkers do not understand security or how certain solutions differ from others. They also are relying too much on technology to protect them when most issues can be thwarted with user education.

The idea that the service is promoted on the blog as one thing vs. promoted on the SocialToo Web site as another merely shows a disconnect, not a lack of accountability. That's like saying that you only called a service X in a press release but not on your web site. I did say that I do think it could work as a service, but it also -- like any other third party service -- introduces other risks. Users deserve to have a full understanding of what measure they might take to secure themselves. The last thing I want, or I am sure you want, is for a user to sign up for SocialToo's service and then get phished and ultimately blame you for not being able to protect them.
0 Votes
+ -
Thanks Jennifer
jessestay 28th Sep 2009
Thanks Jennifer - as soon as we're ready to start promoting this on
the site itself we're definitely going to make sure we're abundantly
clear as to what users are getting. My goal is that this does become a
service that helps stop the spread of viruses, phishing, and malware
through Twitter - it will never be 100%, just as any anti-virus solution
isn't 100%, but we'll definitely be completely clear about that in our
materials. Perhaps that didn't get through clear enough in our blog
post - it wasn't my intention.

You do have to admit though that with the advent of social media
there is a new need to apply another layer of protection on top of
these services. I'd rather not receive malicious messages from my
friends in the first place rather than waiting until I click on their
messages to find out. That's our goal with this - call it an anti-virus
solution, an anti-phishing solution, an anti-friends-sending-you-
malware solution, I'm still not sure the best thing to call it. Anti-virus
seemed like the most straightforward message we could send. I think
we're on the verge of a new technology here that the anti-virus
companies haven't completely found a solution for yet. I hope we can
make that clear as we set this further in stone.

I'm always happy to chat further about this over the phone - call me
any time. 801-853-8339 If you have any further advice I'm all ears
and would love to hear how we can make this better.

Thanks again for covering this important matter.
0 Votes
+ -
It's a tightrope walk...
Jennifer Leggio 28th Sep 2009
Part of the onus has to be on the user. I do agree that an additional level of technology to protect users is needed, but I still wish that Twitter itself could get more proactive about protecting against these threats. Until that happens, no matter what the security firms or social networks do, I think user education is a BIG PART of what needs to be done. I would never click on a suspect URL like that, but I've also been working in security for the better part of 10 years. Others aren't sure what to look for, options for expanding URLs, tricks for determining whether or not something is a potential phishing risk, etc. Twitter and Facebook have become more proactive with education, which is good. I'm babbling. My point is, the solution is only part in the technology, a point with which I think you agree.

I do think it's good that SocialToo is trying to do *something* I just urge you not to call it antivirus or antispyware... or even antispam. I do think that would create, as I said, a false sense of security with users and then they are at risk of letting their guards down even more.

Thanks for stopping by and commenting here.
0 Votes
+ -
RE: SocialToo gives social networkers a false sense of security
ConcernedTwitterUser 28th Sep 2009
When the deceitful and incompetent try to go into
business and make unrealistic or false promises, they
ought to be exposed.

As for Jesse Stay, the CEO of SocialToo, who can ever
believe this guy? It's sad that Guy Kawasaki and
Louis Gray have associated their names and personal
brands with such a shady character.

Mr. Stay said that "The *only* place we've packaged it
as an anti-virus product has been on our blog..."

Not true. He's been throwing around the phrase "anti-
virus solution" any chance he gets. See for proof:
http://twitter.com/Jesse/status/4449234618

He's either stupid or willfully lying to you and your
readers.

0 Votes
+ -
Deceitful?
jessestay 28th Sep 2009
Interesting that "ConcernedTwitterUser" isn't willing to reveal their
identity.
0 Votes
+ -
Yes, Deceitful is the right label for Jesse Stay
ConcernedTwitterUser Updated - 28th Sep 2009
"Interesting" that Mr. Stay can't even address
the fact that he has outlandishly claimed
"anti-virus solutions" on more than just his
blog but wherever he gets a chance to dupe
Twitter users.

Again, contrary to his own statements found
here: http://bit.ly/GNyhh -
he's been talking through two sides of whatever
as seen here:
http://twitter.com/Jesse/status/4449234618

Glad that professionals such as Jennifer are
keeping an eye on amateurs and shining a light
on dishonest and misleading claims.
0 Votes
+ -
RE: SocialToo gives social networkers a false sense of security
S_Harrisking 28th Sep 2009
Isn't SocialToo the same company the gave the spammers the DM spam tools in the first place? I would never trust them with security.
0 Votes
+ -
RE: SocialToo gives social networkers a false sense of security
jessestay 28th Sep 2009
S_Harrisking, we reversed that almost a full year ago - we
admitted we were wrong and in fact went 360 towards being
completely against them. It was a lesson learned from
something that got out of hand too fast. Our efforts since
have been to try to get rid of them for those that don't want
to receive such.
0 Votes
+ -
Yep
Jennifer Leggio 28th Sep 2009
They even wrote a blog about it -- http://blog.socialtoo.com/2009/02/28/time-to-take-a-stand-yes-were-ending-the-dms/
0 Votes
+ -
RE: SocialToo gives social networkers a false sense of security
ConcernedTwitterUser 28th Sep 2009
S_Harrisking - good point. Thanks for reminding us the
origins of Social Too as the "social networking companion
for spammers."
0 Votes
+ -
RE: SocialToo gives social networkers a false sense of security
joe cibula 29th Sep 2009
It's great you bring this to people's attention. Mixing social with business just doesn't make sense; it's all about delivering more ads, something we all need, right? Look what pay-per-click did to search results. In short, let social be social, and business be business. Then we wouldn't have these types of problems.

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix
Click Here

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
Click Here
ie8 fix