Instant Messaging continues to be the fastest growing communications medium of all time with an estimated 300 million consumer and enterprise IM users in 2005. Global services such as AOL Instant Messenger, MSN Messenger, and Yahoo! Messenger each report over 1 billion messages sent per day, and IM traffic is expected to exceed email traffic by the end of 2006. As one of the most successful and widely-deployed applications on the Internet, IM has increasingly become the target for attackers to propagate IM-borne viruses, worms, spam over IM (SPIM), malware and phishing attacks.   Though widespread in adoption, IM is generally unprotected and unmonitored in consumer and enterprise environments, leaving it vulnerable to attacks and exploits. These attacks have grown exponentially over the past 3 years, increasing the need for real-time threat protections for IM and other real-time communications applications.   One very common form of P2P networking is Instant Messaging (IM) where software applications, such as MSN Messenger or AOL Instant Messenger, for example, allow users to chat via text messages in real-time. While most vendors offer a free version of their IM software others have begun to focus on enterprise versions of IM software as business and corporations have moved towards implementing IM as a standard communications tool for business. Please also see Peer-To-Peer.

 

Note: Many people refer to instant message conversations as chatting, but there is a slight difference between IM and chat. IM usually refers to a conversation between two people, whereas chat is often a conversation with a group.

 

10 best practices for using IM

 

1.	Be careful when creating a screen name. Each IM program asks you to create a screen name, which is similar to an e-mail address. Your screen name should not give away personal information. For example, use a nickname such as BaseballFan instead of BaltimoreJenny.
2.	Create a barrier against unwanted instant messaging. Only share your screen name and e-mail address with people you know, since some IM services use e-mail addresses as another way to identify users. Avoid listing this information in public areas, such as large Internet directories, job-posting sites, blog or online community profiles—even your own Web site. Consider using a separate e-mail address for such purposes if necessary.
3.	Never give out sensitive personal information, such as your credit card numbers or passwords, in an IM conversation.
4.	Only communicate with people who are on your Contact List or Buddy List.
5.	Think hard before you agree to meet in person a stranger that you only know from IM.
6.	Never open pictures, download files, or click links in messages from people you don’t know. When they come from someone you do know, double-check with the sender first to make sure the message is on the up-and-up. If it's not, close the instant message window to get rid of it.
7.	Don't send personal or private instant messages at work. Your boss may have a right to view those messages.
8.	If you use a public computer, do not select the feature that allows you to log on automatically when you start up your computer, or future users may be able to log on using your screen name.
9.	Monitor and limit your children's use of IM. One way to do this is to sign up for the MSN Premium IM service, which lets you approve all of your child's contacts before she can receive instant messages from them. You'll also get a report of your child's online activity mailed to you each week. Check the MSN Messenger Web site for more information on the parental controls included with the service.
10.	When you're not available to receive messages, be careful how you display this information to other users. For example, you might not want everyone on your contact list to know that you're "Out to Lunch". For more information, read Control Your Online Status Using Windows Messenger and Set Your Online Status.

Tips for IM safety

 

Instant Messenger worms are becoming increasingly more sophisticated - and more prevalent. To avoid infection, treat IM as suspiciously as you should be treating email. These tips will help you avoid infection:

 

Don't be click-happy
Don't click any link received in IM unless you've first confirmed that the sender intended it. This includes links contained in 'away' messages - these 'away' messages are often frequent targets of IM worms.

Beware IMs bearing attachments
Don't open any attachment received unexpectedly - verify that the sender intended it. Make sure you enable file extension viewing so you're not fooled by the infamous double-extension ruse. Before opening any attachment, scan it first using up-to-date antivirus software. (The Kaspersky online scanner is superb for quickly checking single files less than 1MB).

More is *not* merrier
Keep the number of IM clients to a minimum. IM worms target specific clients, though multiple clients might be targeted. For example, the 2002 FloodNet IM worm sent its infectious message to both AIM and MSN Instant Messenger users. Thus, the more IM clients used or supported, the more likely you are to be victimized by an IM worm.

What to do if infection strikes
If you do get hit by an IM worm, remember that all of your contacts are now vulnerable. To avoid sending the infection to others, disconnect from the Internet until you are able to completely remove the infection. If you need Internet access to obtain antivirus software or updates, ask a friend to use their computer and burn the files to CD. If this is not an option, uninstall the IM client until after you've properly cleaned the infection. Of course, always keeping your antivirus software up-to-date will avoid this last minute scramble for protection.