Does IM stand for insecure messaging?

(continued from previous page)

medium," Toulouse said. "We're already employing technological measures to help fight the problem in the next version of Messenger. But at the end of the day, it's really a matter of trying to help people to better protect themselves."

But the attackers don't have to look for new ways to formally hack IM applications while the current software remains open to Trojan-based infections, said Shimon Gruper, vice president of technology at antivirus specialist Aladdin Knowledge Systems.

How to protect yourself on IM

Take the same protective measures that you use in opening e-mail and build them into your IM habits.

Use a secure browser

Internet Explorer, Firefox, Mozilla, Safari and Opera all have the ability to encrypt Web communications and typically indicate that security is in use with a padlock icon.

Know your merchant

Check out smaller companies online by searching for complaints. If in doubt, just use sites that you know or that others have recommended.

Look before you click

Never open a link or attachment sent to you via IM until first making sure it is legitimate.

Double-check sender

Even if a message looks like it's from someone you know, make sure it's not a hoax before clicking on any links or attachments.

Protect your PC

Use firewall software to limit the kinds of data that can be sent to you over IM.

Don't talk to strangers

Do not accept IM invites or messages from contacts you don't already know.

Stay alert

Check with IM software providers to ensure that your applications are patched and up to date.

Source: CNET News.com

"There's no need for hackers to attack the IM software yet, because unlike in e-mail, where applications have been set to block the dangerous types of attachments, there's little to no security built into IM," Gruper said. "The IM protocol, especially for Messenger, is very open and easy to use, so people can exploit that without a lot of effort, and they won't stop until the methods they're using now become less effective."

America Online, another leading provider of IM software, said that it is working to add new protections to its applications. It also said that getting the word out to consumers about the threats could have the biggest effect in alleviating the problem.

"In some cases, there are technological fixes we can use to help protect members, such as putting some automated blocks in place to keep the bad links from going through," said Andrew Weinstein, an AOL spokesman. "But we feel the best solution for protecting people is installing a healthy dose of caution among users. Even if an IM looks like its coming from someone they know, people should check with buddies to try to ensure everything is what it appears to be."

Yahoo, another major provider of instant messaging software, said it has already put preventative measures in place to help protect its IM users from attacks. These efforts include adding a mechanism to its application that limits the number of messages that can be sent out simultaneously from one of its individual customer accounts.

Until now, all the IM threats reported have been Trojan attacks that sit on top of IM software code, rather than a worm that takes advantage of a flaw to penetrate the applications themselves. But some experts believe that it's only a matter of time before such worms are released.

"We haven't seen attacks on the IM code yet, but won't surprise me if it does happen," said Ero Carrera, an antivirus researcher at security software maker F-Secure. "All it takes is for people to find one IM client that has some small code error for things to develop very quickly. Any application has some holes, and history has shown us that someone usually finds a way to hack those flaws."

Smart phone risk
There's another potential IM time bomb. The communications software is becoming popular for exchanging messages between smart phones and computers, which means it could help viruses spread from PCs to mobile devices.

Vincent Weafer, senior director of Symantec's Security Response organization, said that once IM threats begin to spread rapidly, it will be hard to keep them off wireless gadgets.

"A huge amount of IM is now translated onto smart phones, especially in Europe and Asia," Weafer said. "So when you start

BlowSearch Offers Secure IM

4,096 bit encryption too. It's called BSM and we use it exclusively for our corporate network for over 50+ employees in our office. We've put it through testing and it's a good product. It also interfaces with AOL,MSN, and Yahoo's messenger products.

In my opinion this article really isn't necessary with products like BlowSearch's BSM Messenger around. Instead of complaining about the issue - offer a solution.

Is IM the real problem ?

Q. Does anyone really NEED IM ? I know that, at work, the last thing I wanted was somone messaging me, when I was in the middle of coding - it could cost me hours of work. If people wanted me, they could email & I would read the email, when appropriate.

Perhaps there may be one or two groups of people who NEED IM. But for the remaining 99.9% - it's unnecessary & a security risk. Why take risks with security ?

Hell - most of today's population don't even NEED cell phones, if they could just ORGANISE themselves ;-)

[Scott W]

msn

well, i say that anyone using msn deserves everything they get. sorry i couldn't resist snide jabs at m$

[Sboston]

Others

Well you should target yahoo, aim, ICQ, Trillion and others as well. :)

[Prndll]

One of the biggest problems here...

...is the idea of putting 13 year old children on the internet. The internet is no place for children. There is a reason why ISP's do not sell to 13 year olds. There are too many things out on the net that only represents trouble for children this age. Wether it be viri or pedophiles, extreme porn to getting sued by the RIAA. I do agree that parents need to teach their children about computers. But, just cutting them loose to be exposed to the world like this is nothing short of irresponsible.