Get Smart about Business Spending
Finjan offers free SecureTweets browser plug-in
Updated October 30 at 9:58 a.m. PDT: The software was called SecureTwitter when this article was first published. The name was later changed to SecureTweets and the article has been updated to reflect that.
Finally, there's a tool that can help prevent people from clicking on URLs that appear to come from friends on Twitter and other social media sites but which lead to sites hosting malware.
Web security firm Finjan began offering this week a free browser plug-in dubbed SecureTweets that warns users when they encounter a malicious URL in Twitter, as well as in Gmail, Blogger, MSN, social networks MySpace and Bebo, news aggregators Digg and Slashdot, and the Google and Yahoo search sites.
SecureTweets scans the Web pages that the URLs lead to in real time to analyze the code, as opposed to querying a database of blacklisted URLs, as other safe Web browsing services do, Yuval Ben-Itzhak, chief technology officer at Finjan, said on Thursday.
SecureTweets alerts Twitter users when a URL on the site leads to a page that appears to be hosting malware.
(Credit: Finjan)Green checkmark icons appear next to URLs that are deemed safe and red "X"s for URLs to sites with code that could be a virus, a Trojan, or other malicious program. Yellow question mark icons appear next to URLs that lead to a page that was not available for scanning by SecureTweets for some reason.
SecureTweets appears to be the first safe browsing service that scans URLs within applications and not just in search results or browser address bars.
In a quick test of the service I didn't find any warnings for malicious URLs on the various sites, but it did put a yellow question mark next to URLs that appeared at the top of my Gmail page that linked to legitimate CNN articles, for some reason.
I would love to have SecureTweets warn me about URLs in Facebook, but Facebook requires people to log in to see profiles on the site, which means the company would need people's passwords to access those pages. Since the other sites do not, Finjan could easily scan the URLs on those sites without needing access to private information like log-in credentials, so that's where the company decided to focus their efforts, Ben-Itzhak said.
The service would have protected followers of venture capitalist Guy Kawasaki, whose Twitter feed automatically re-distributed a malicious URL from an un-moderated section of a user-generated news site earlier this week.
It also would protect people against the kind of worm attacks that hit Twitter in April in which people who clicked on the name or image of someone whose account had been compromised by the worm got infected and re-broadcast the malicious message.
And SecureTweets could protect Twitter users against a clickjacking attack, which also hit the site this year. In these attacks, clicks are basically hijacked and users forced to do things they don't intend to, such as redistribute malicious Twitter updates.
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor. 
http://support.mozilla.com/tiki-view_forum_thread.php?locale=en-US&comments_parentId=368142&forumId=1
In May I sent email to Finjan support inquiring as to the viability of the app considering the length of time since its inception and no updates since then. And on June 14 I sent another about the junk insertion. No response to either.
I uninstalled the extension and won't bother with it again until I'm assured there is some kind of active development/support over at Finjan.
In the meantime, I wonder about the newsworthyness of this SecureTwitter which the focus of this article.
- by lloyd_borrett July 13, 2009 7:20 PM PDT
- AVG LinkScanner (http://www.avgfree.com.au) is a free security tool from AVG that scans the pages behind ALL the links you click on, or type into your browser address bar, including Twitter links. It tells you in real-time whether the web page you're trying to view contains malicious code. This is important because criminals often leave bad URLs live for just a few hours or days, then switch pages so as to stay one step ahead of blacklists.
- Like this Reply to this comment
-
(8 Comments)As reported here, it seems SecureTwitter from Finjan Software might be making the same mistake made by AVG when it first released AVG LinkScanner. If Finjan software is scanning all Twitter links that come up in the browser to give its safety verdicts, not just those links clicked on, then it will wreck web administrator analytics and put unnecessary load on web servers and users Internet usage.
If SecureTwitter is simply phoning home to get live results from a blacklist, then it is simply not proving real-time protection.
The only time that matters when you really need to be protected is when you click on a link to load the web page. That's why AVG LinkScanner checks the page you try to view in real-time.