Finjan offers free SecureTwitter browser plug-in

June 25, 2009 12:41 PM PDT
by Elinor Mills
cnet.news.com

Finally, there’s a tool that can help prevent people from clicking on URLs that appear to come from friends on Twitter and other social media sites but which lead to sites hosting malware.

Web security firm Finjan began offering this week a free browser plug-in dubbed SecureTwitter that warns users when they encounter a malicious URL in Twitter, as well as in Gmail, Blogger, MSN, social networks MySpace and Bebo, news aggregators Digg and Slashdot, and the Google and Yahoo search sites.

SecureTwitter scans the Web pages that the URLs lead to in real time to analyze the code, as opposed to querying a database of blacklisted URLs, as other safe Web browsing services do, Yuval Ben-Itzhak, chief technology officer at Finjan, said on Thursday.

SecureTwitter alerts Twitter users when a URL on the site leads to a page that appears to be hosting malware.

(Credit: Finjan)

Green checkmark icons appear next to URLs that are deemed safe and red “X”s for URLs to sites with code that could be a virus, a Trojan, or other malicious program. Yellow question mark icons appear next to URLs that lead to a page that was not available for scanning by SecureTwitter for some reason.

SecureTwitter appears to be the first safe browsing service that scans URLs within applications and not just in search results or browser address bars.

In a quick test of the service I didn’t find any warnings for malicious URLs on the various sites, but it did put a yellow question mark next to URLs that appeared at the top of my Gmail page that linked to legitimate CNN articles, for some reason.

I would love to have SecureTwitter warn me about URLs in Facebook, but Facebook requires people to log in to see profiles on the site, which means the company would need people’s passwords to access those pages. Since the other sites do not, Finjan could easily scan the URLs on those sites without needing access to private information like log-in credentials, so that’s where the company decided to focus their efforts, Ben-Itzhak said.

The service would have protected followers of venture capitalist Guy Kawasaki, whose Twitter feed automatically re-distributed a malicious URL from an un-moderated section of a user-generated news site earlier this week.

It also would protect people against the kind of worm attacks that hit Twitter in April in which people who clicked on the name or image of someone whose account had been compromised by the worm got infected and re-broadcast the malicious message.

And SecureTwitter could protect Twitter users against a clickjacking attack, which also hit the site this year. In these attacks, clicks are basically hijacked and users forced to do things they don’t intend to, such as redistribute malicious Twitter updates.

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor.

Read and post comments | Send to a friend

Advertisements

About skicat56

Snow Sports Industry veteran – Husband – Father – Network IT Ninja & Former Powncer. Old enough to know better but young enough to start a new career.
This entry was posted in Online Apps, Security, Twitter and tagged , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s