| Instant Messaging continues to be the fastest growing communications
medium of all time with an estimated 300 million consumer and enterprise
IM users in 2005. Global services such as AOL Instant Messenger, MSN
Messenger, and Yahoo! Messenger each report over 1 billion messages sent
per day, and IM traffic is expected to exceed email traffic by the end
of 2006. As one of the most successful and widely-deployed applications
on the Internet, IM has increasingly become the target for attackers to
propagate IM-borne viruses, worms, spam over IM (SPIM), malware and
phishing attacks.
Though widespread in adoption, IM is generally unprotected and
unmonitored in consumer and enterprise environments, leaving it
vulnerable to attacks and exploits. These attacks have grown
exponentially over the past 3 years, increasing the need for real-time
threat protections for IM and other real-time communications
applications.
One very common form of P2P networking is Instant Messaging (IM)
where software applications, such as MSN Messenger or AOL Instant
Messenger, for example, allow users to chat via text messages in
real-time. While most vendors offer a free version of their IM software
others have begun to focus on enterprise versions of IM software as
business and corporations have moved towards implementing IM as a
standard communications tool for business. Please also see
Peer-To-Peer.
Note: Many people refer to instant message conversations as
chatting, but there is a slight difference between IM and chat. IM
usually refers to a conversation between two people, whereas chat is
often a conversation with a group.
10 best practices for using IM
| 1. |
Be careful when creating a screen name. Each IM program asks
you to create a screen name, which is similar to an e-mail
address. Your screen name should not give away personal
information. For example, use a nickname such as BaseballFan
instead of BaltimoreJenny. |
| 2. |
Create a barrier against unwanted instant messaging. Only
share your screen name and e-mail address with people you know,
since some IM services use e-mail addresses as another way to
identify users. Avoid listing this information in public areas,
such as large Internet directories, job-posting sites, blog or
online community profiles—even your own Web site. Consider using
a separate e-mail address for such purposes if necessary. |
| 3. |
Never give out sensitive personal information, such as your
credit card numbers or passwords, in an IM conversation. |
| 4. |
Only communicate with people who are on your Contact List or
Buddy List. |
| 5. |
Think hard before you agree to meet in person a stranger
that you only know from IM. |
| 6. |
Never open pictures, download files, or click links in
messages from people you don’t know. When they come from someone
you do know, double-check with the sender first to make sure the
message is on the up-and-up. If it's not, close the instant
message window to get rid of it. |
| 7. |
Don't send personal or private instant messages at work.
Your boss may have a right to view those messages. |
| 8. |
If you use a public computer, do not select the feature that
allows you to log on automatically when you start up your
computer, or future users may be able to log on using your
screen name. |
| 9. |
Monitor and limit your children's use of IM. One way to do
this is to sign up for the MSN Premium IM service, which lets
you approve all of your child's contacts before she can receive
instant messages from them. You'll also get a report of your
child's online activity mailed to you each week. Check the
MSN
Messenger Web site for more information on the parental
controls included with the service. |
| 10. |
When you're not available to receive messages, be careful
how you display this information to other users. For example,
you might not want everyone on your contact list to know that
you're "Out to Lunch". For more information, read
Control Your Online Status Using Windows Messenger and
Set Your Online Status. |
Tips for IM safety
Instant Messenger worms are becoming increasingly more sophisticated
- and more prevalent. To avoid infection, treat IM as suspiciously as
you should be treating email. These tips will help you avoid infection:
Don't be click-happy
Don't click any link received in IM unless you've first confirmed that
the sender intended it. This includes links contained in 'away' messages
- these 'away' messages are often frequent targets of IM worms.
Beware IMs bearing attachments
Don't open any attachment received unexpectedly - verify that the sender
intended it. Make sure you enable file extension viewing so you're not
fooled by the infamous double-extension ruse. Before opening any
attachment, scan it first using up-to-date antivirus software. (The
Kaspersky online scanner is superb for quickly checking single files
less than 1MB).
More is *not* merrier
Keep the number of IM clients to a minimum. IM worms target specific
clients, though multiple clients might be targeted. For example, the
2002 FloodNet IM worm sent its infectious message to both AIM and MSN
Instant Messenger users. Thus, the more IM clients used or supported,
the more likely you are to be victimized by an IM worm.
What to do if infection strikes
If you do get hit by an IM worm, remember that all of your contacts are
now vulnerable. To avoid sending the infection to others, disconnect
from the Internet until you are able to completely remove the infection.
If you need Internet access to obtain antivirus software or updates, ask
a friend to use their computer and burn the files to CD. If this is not
an option, uninstall the IM client until after you've properly cleaned
the infection. Of course, always keeping your antivirus software
up-to-date will avoid this last minute scramble for protection. |