There are strong parallels between organised abuse of Facebook and FB’s attempts to respond, in the last 24 months, and malware on Windows and Office and Microsoft’s attempts to respond, 20 years ago.

Initial responses in both cases have taken two paths: tactical changes to
development and API practices to try to make the existing model more
secure, and attempts to scan for known bad actors and bad behavior (virus
scanners then and human moderators now)

For Microsoft’s malware problem, however, this was not the long-term
answer: instead the industry changed what security looked like by moving to
SaaS and the cloud and then to fundamentally different operating system
models (ChromeOS, iOS) that make the malware threat close to irrelevant.

Facebook’s pivot towards...

There are strong parallels between organised abuse of Facebook and FB’s attempts to respond, in the last 24 months, and malware on Windows and Office and Microsoft’s attempts to respond, 20 years ago.

Initial responses in both cases have taken two paths: tactical changes to
development and API practices to try to make the existing model more
secure, and attempts to scan for known bad actors and bad behavior (virus
scanners then and human moderators now)

For Microsoft’s malware problem, however, this was not the long-term
answer: instead the industry changed what security looked like by moving to
SaaS and the cloud and then to fundamentally different operating system
models (ChromeOS, iOS) that make the malware threat close to irrelevant.

Facebook’s pivot towards messaging and end-to-end encryption is (partly) an
attempt to do the same: changing the model so that the threat is
irrelevant. But where the move to SaaS and new operating systems happened
largely without Microsoft, Facebook is trying to drive the change itself