« | Home | Categories | »

Facebook’s Mandatory Malware Scan Is an Intrusive Mess

Posted on February 28th, 2018 at 11:19 by John Sinteur in category: News -- Write a comment


When an Oregon science fiction writer named Charity tried to log onto Facebook on February 11, she found herself completely locked out of her account. A message appeared saying she needed to download Facebook’s malware scanner if she wanted to get back in. Charity couldn’t use Facebook until she completed the scan, but the file the company provided was for a Windows device—Charity uses a Mac.

“I could not actually run the software they were demanding I download and use,” she says. When she tried instead to log in from her computer at work, Facebook greeted her with the same roadblock. “Obviously there is no way for Facebook to know if my device is infected with anything, since this same message appeared on any computer I tried to access my account from,” says Charity.


“It is actually tied to one specific Facebook user on one specific browser—if I change either to a different account, or use Safari instead of Chrome with the locked-out account, I do not get the scanner dialog,” says Anatol Ulrich, a Facebook user from Germany who was locked out of his account after sharing several Google docs in comment threads on Facebook. He, too, was prompted to download a Windows file on a Mac device.

“Our visibility into each account on a given device isn’t complete enough for us to checkpoint based only on the device, without factoring in whether the particular account is acting in a suspicious manner,” Facebook spokesperson Jay Nancarrow said in a statement. In some ways that might be comforting; Facebook doesn’t collect enough information about your computer to say whether malware has infected it.

But if Facebook doesn’t know for sure, why would it push you to clean your device?


It “will possibly train users to accept or install fake antivirus products, most of which are ransomware,” says Mohammad Mannan, a security researcher at Concordia University who has studied antivirus vulnerabilities. “That is, you visit a random site, and get a scary popup which says your machine is infected and needs immediate cleaning; if you say yes to the installation, a ransom is asked.”



  1. I do get false malware popups on Chrome that I don’t get on other browsers. I reset Chrome’s settings when that occurs. I think the question should be “why does this occur on Chrome when I only use it to view Yahoo’s finance page and weather.com”?

    I use Firefox with popup blocker “ublock” for news and Facebook and I delete the cookies and history automatically when I close each session. The popup blocker prevents me from using weather.com, a recent disturbing development.

    It’s a shame that each user needs to educate themselves on these issues instead of safeguards being built-in.

  2. I suppose she could temporarily set up a virtual machine with windows on it, that way, if she runs the Facebook software on it she might get her account active again, but then, it’s Facebook, so why bother?

previous post: Security firm Keeper sues news reporter over vulnerability story

next post: Your Grandma Was a Chain Migrant!