FaceBook fails users AGAIN (privacy failing)

I am so *£%#@ off right now. I already setup my privacy settings ONCE to disallow public access to my account BUT FaceBook has gone through a back door to enable that access.

How so? Well, whilst I setup my account settings to be all "Friends Only", APPARENTLY FaceBook author (feel like telling him to go *£%#off) feels the "general public" are my friend so allowed the world to see my name and a list of my friends (which has lead to an unhealthy amount of new spam which lead me to find out the source of this spam).


Heres a heads up for all facebook users, vital personal information (in this case your name and a list of people who are your friends) is being made publicly available by your FaceBook account. Yes.. I repeat publicly available.

Please PLEASE follow the following steps to prevent this before you too become another hit on Google (and therefore the primary target of spammers!).

Goto the "Account" drop down in the top left of your FaceBook page. Click "Privacy Settings" and you should be taken to the following page:

Click on the "Edit your Settings" button next to the "Application and Websites" at the bottom of the screen.

In the section "Public Search" click "Edit Settings".



Untick the box which contains the "Enable Public Search".

Comodo = Software Leak?

Now I've got a lot of good things to say about Comodo Internet Security suite. Firstly it has proper 32bit and 64bit versions and has for some time now. Secondly its feature "Defense+" is possibly the most comprehensive and ambitious pro-active security solution ever (though you really need to be a computer developer to make the most from it).

Now for the whine:

Defense+ includes a section called "Pending Files" which I hadn't really investigated much until today (that is Comodo Internet Security version 4.1.1500349.920). This section reportedly maintains a list of unrecognised executable files (which on the surface seems fine). It gives the option to submit these unrecognised files to Comodo (presumably for approval or whatever).

So, today I was investigating a Virus Report from the engine. Comodo has had a bit of a spotted history with its Anti-Virus solution. Specifically if is quite prone to false or incorrect reports. So, I was attempting to validate its claim using http://www.totalvirus.com/ which seems like a good site. Whilst I was looking into this I came across "My Pending Files" and I looked and there where a list of executables (fair enough) and amoung them some of my own peices of software.

Then I looked again, and noticed that 2 of the files in the list had been "submitted" to Comodo. I was not aware of ever agreed to this! One of these files was an application I develop that contained propritory code I would very much not like to distribute anywhere for any reason. Whilst I'm not saying Comodo are going to be stealing code, they are probably going to be performing a threat analysis upon the executable in question and to do that understanding its function and purpose is key. So, then they will understand the function and purpose of my propriotory code and well, if you understand something you use that knowledge!

This, to me, is a serious risk of software leak. One I felt I was not given the option to prevent (or at least there was no clear warning it would be sending this file out).

So in summary. If your a software developer, Defense+ is both a boon and a danger. I am not going to disable it because it does guard my system well in all other respects.

This post on their forums has also pacified me for now :

http://forums.comodo.com/help_for_v3/how_do_i_disable_my_pending_files-t15799.0.html;msg124795

Lastly at least it DID tell me it had leaked my executable. I will be keeping a close eye on it in future and possibly doing my development on a different machine to my internet connected system.

AMMENDIUM: I now noticed this:

The "Submit the file to COMODO for analyis" button must have been checked when I was wanting / expecting to check / select "Do this for every" checkbox from the older Comodo dialog. So, sadly, I guess I have been my own leak. Still far to easy to do and no way to disable this.