JY&A logo


Jack Yan & Associates

Facebook needs to come clean on malware scanner offered by Kaspersky and others

Wellington, October 9 (JY&A Media) Facebook needs to come clean on its malware scanner provided by Kaspersky, F-Secure, Trend Micro and others, says Jack Yan, whose blog posts on the subject have amassed nearly 120,000 views and continue to be read by people affected by the social media site’s warnings.
   Mr Yan, who runs a communications’ firm, Jack Yan & Associates, in Wellington, New Zealand, says he first confronted Facebook’s malware scanner, a program endorsed publicly by Facebook and reported regularly by the tech press, in January 2016. Facebook would show a checkpoint page, where a user could not proceed till they had downloaded the scanner.
   He claims that running it—his was provided by Kaspersky—knocked out his real antivirus program, and since blogging about the experience has received hundreds of comments and tens of thousands of views. He also says that anyone receiving a malware warning from Facebook can log out and log back in as someone else without getting any such warning, which suggests the computer is not at fault.
   He was surprised to discover that Facebook’s warnings targeted particular users.
   He also says that once installed, the scanner does not appear anywhere in the installed programs’ list, but resides in a hidden directory on the user’s computer.
   He notes that the US press has now become suspicious of Kaspersky because of its Russian origins, but says that Facebook has publicly stated it is working with one of several antivirus partner companies, including ESET, Trend Micro, and F-Secure, and that all are equally responsible.
   However, when he commented on Kaspersky’s blog post about its cooperation with Facebook, his words were promptly deleted, and when Tweeting one of the other antivirus providers, the dialogue abruptly came to an end when the subject of the malware scanner was brought up.
   Mr Yan says he has read through the hundreds of comments on his blog and noted no similarities between the types of people affected other than their use of Windows, but that Facebook’s behaviour was consistent.
   ‘The affected netizens are both political and apolitical, some play games and others don’t, some are on the left and others on the right, and it doesn’t matter where they live,’ he says.
   He says he has been in touch with affected users in his own country, and in the US, UK, India, and Latin America.
   ‘Before April 2016, most users could delete their cookies and re-enter the site, which places great doubt on Facebook’s claims that their computers were infected with malware.
   ‘However, after April 2016, this method stopped working and users had to resort to other means,’ he says. ‘Facebook shifted the goalposts.’
   Users reported that they had run their own malware scans, including scanners made by Facebook’s partners, and usually came up with nothing.
   Even after running the scan, some users would still be unable to post links.
   ‘Generally, people would be locked out for three days to a month if they refused to run the scanner, which is not unlike the sort of failures Facebook experienced in the first part of the 2010s,’ he says.
   Mr Yan says he switched to computers running Mac OS and Linux and was able to bypass the malware checkpoint and a prompt to download software, though he still had malware warnings come up whenever he posted a link. The difference was that he was able to tell Facebook it was in error and he was allowed to continue using the site.
   In September 2014 there was a Facebook outage where users were unable to post status updates, something which the company later attributed to an internal bug.
   Mr Yan says Facebook’s behaviour was very similar to what had happened in 2014, except now it had shifted the blame to the user’s computer.
   He says that there was an increasing amount of reports on Getsatisfaction, a website that hosted support forums on behalf of companies. Facebook eventually shut down its part of the site.
   Three months before the widely reported outage, Mr Yan says he encountered a Facebook block for 69 hours, where he could not post, like or comment, but still had access to the site—exactly what users went through in September 2014.
   He says the way Facebook behaves after it has accused a user of having malware is similar to what happened in 2014, and has a hard time believing that it is the user’s fault or that the user’s computer has malware.
   ‘Everything about this points back to Facebook, and the fact that no one has come out to address users’ concerns over the years they have offered this makes me suspicious.
   ‘It’s as though there’s something faulty with Facebook’s servers, but they have to buy time to repair them. Most people will take the warnings at face value and willingly plant Facebook’s software in a hidden directory on their computers.’
   Mr Yan says a number of netizens have come up with solutions that have been posted on his blog, but worries that, as with Facebook moving the goalposts in April 2016, they would do that again to users who attempt these newer methods.
   He says that the number of views on his blog posts on the topic is increasing consistently, and believes the problem is becoming more widespread.

About Jack Yan & Associates
Started in 1987, Jack Yan & Associates is a communications’ company with businesses in brand consulting, font software and media. JY&A Consulting is connected to Medinge Group, a Swedish branding think-tank, through its founder Jack Yan. JY&A Fonts is New Zealand’s first digital typefoundry and a pioneer in the business. JY&A Media is an early pioneer in online publishing, with its first digital magazine launched in the 1990s; its ventures include Lucire, the international fashion magazine and Autocade, a car encyclopædia. Jack Yan & Associates is headquartered in Wellington, New Zealand, but has licences and other presences globally.

Notes to editors
Original post in January: http://jackyan.com/blog/2016/01/when-facebook-forces-you-to-download-their-anti-malware-your-own-antivirus-gets-knocked-out/
   Follow-up post: http://jackyan.com/blog/2016/01/if-facebook-says-you-have-malware-do-not-download-their-program-heres-a-way-around-it/
   All trade marks are the properties of their respective owners and are only used in a descriptive fashion without any intention to infringe.

Contacts
Jack Yan, CEO
Jack Yan & Associates
T 64 4 387-3213
E jack.yan@jyanet.com

William Shepherd
Multicultural Brand Consultancy
T 1 213 248-4484
E ws@popdocumentary.com

###