Aug '05 Tools

What is Instant Messaging?

Instant messaging, commonly known as IM is a communication service that lets the user create a chat session with one or more other people. Typically, the instant-messaging system alerts a user whenever somebody on their "buddy" list is online - a capability known as "presence." They can then initiate a chat session with that person. People can communicate with each other using a PC, wireless device, or other Internet device - or a combination of devices.

IM is becoming increasingly popular. According to a recently released report by the Radicati Group, "Instant Messaging Market 2005-2009," there will be 867 million Instant Messaging accounts by the end of 2005. The research firm has forecast that by 2009 there will be 1.2 billion IM accounts in use.

How does IM work?

Instant messaging requires the use of an IM client program that hooks up to an instant messaging service. It differs from email in that conversations are able to occur in real time via a chat room environment. Most services offer a "presence awareness" feature, indicating whether people on one's list of contacts - commonly called a "Buddy List" or "Contact List" - are currently online and available to chat.

To use IM, both users (who must subscribe to the same service) must be online at the same time, and the intended recipient must be willing to accept instant messages. If the online software is set to accept IMs, it alerts the recipient with a distinctive sound, a window that indicates that an IM has arrived, allowing the recipient to accept or reject it, or a window containing the incoming message. IM software can be set to reject messages from selected senders. An attempt to send an IM to someone who is not online, or who is not willing to accept an IM, will result in notification that the transmission cannot be completed.

A Buddy List is a collection of screen names in an Instant Messenger program. The Buddy List is generally a window that has a list of "screen names" that are chosen by the people you chat with. Double-clicking on any name will open an Instant Message session and allow you to talk with the other people. Usually, if somebody shows up in your buddy list, your screen name will show up in theirs. With most programs, the Buddy List can be minimized or closed to the System Tray to keep it from getting in the way, and is accessed again by double-clicking its icon.

Due to the quick exchange nature of chatting as well as the fact that cell phones, PDA's and other wireless devices have small screens, abbreviations are commonly used in Instant Messaging. You can view a list of IM abbreviations and acronyms here.

A number of variations of instant messaging applications are available and each application has its own protocols. Most attempts at creating a unified standard for the major IM providers have failed and each continues to use its own proprietary protocol. This has led to users running several instant messaging applications simultaneously to be available on several networks. An alternative is to use an application which supports many IM protocols, such as Miranda, Gaim, Trillian or Jabber clients.

AOL Instant Messenger, Yahoo! Messenger, and Microsoft’s MSN Messenger are the most widely-used instant messaging applications available. Corporate versions for use on company networks include IBM’s Lotus Notes Sametime, e/pop, Jabber, and QuickConference. Instant messaging services are also available for use on cell phones, PDAs, and other wireless devices.

What are the drawbacks of IM?

All real-time Internet communication tools are a security risk and have the potential to release confidential information - not to mention the fact that they are breeding grounds for the propagation of viruses. IM is vulnerable to denial-of-service attacks, hijacking sessions and legal liability resulting from downloading copyrighted files.

In April, 2005, sixty thousand users of Reuters instant messaging service were attacked by the Kelvir worm, which spreads by sending copies to everyone on an infected client's IM contact list. To stop the spread of the worm Reuters had to shut down their entire system for twelve hours.

There are a number of privacy and security instant messaging drawbacks that necessitate care and caution when using IM. Here a few issues to be aware of:

SPIM - Instant Messaging spam is called SPIM. IM systems are popular targets for spammers because many IM systems offer a directory of users, including demographic information such as age and sex. Advertisers can gather this information, sign on to the system, and send unsolicited messages.
Privacy - Instant messages cannot be sent securely over the Internet and may be accessed by anyone. Because IM transmits unencrypted information it should never be used for sensitive or confidential information. In addition, file-sharing exposes the user’s Internet protocol (IP) address and increases the risk that unauthorized parties could gain access to the computer.
Hijacking - Information received by IM is not authenticated. There is no way to verify that a message really originated from the sender with whom the recipient believes he or she is communicating during the session. Chat sessions can be hijacked and users can be impersonated.
Viruses - The lack of built-in security, the ability to download files and the built-in “buddy list” of recipients create an environment in which viruses and worms can spread quickly. This threat has additional risks to the workplace network because public IM does not travel through a central server where traditional corporate anti-virus protection software is located. Instant messaging virus protection should include network desktop and laptop solutions to handle both IM methods of delivery.
Web Access - Even though a company may not permit IM software downloaded in a work environment, IM can still be accessed by sending messages directly from a web browser like Microsoft’s Internet Explorer using applications such as MSN's Web Messenger.

The following guidelines can help to increase your safe use of Instant Messaging:

The default security settings in chat software tend to be relatively permissive to make it more open and "usable," and this can make you more susceptible to attacks. Check the default settings in your software and adjust them if they are too permissive. Make sure to disable automatic downloads. Take advantage of software that offers the ability to restrict interactions to certain users.
Be careful of revealing personal information unless you know who you are really talking to. You should also be careful about discussing anything you or your employer might consider sensitive business information over public IM or chat services.
Try to verify the identity of the person you are talking to. If you are sharing certain types of information or being asked to take some action like following a link or running a program, make sure the person you are talking to is really is who they claim to be.
Try to verify the information or instructions from outside sources before taking any action.
Chat software may have vulnerabilities that attackers can exploit. Keep your software up to date - including not only the chat software, but your browser, operating system, email client, and anti-virus software.

While there are a number of different security measures emerging, there are currently no established tools for protecting IM. For now, users should be aware of the dangers and cautious in their use of IM - employing it mainly for informal chat rather than sensitive business dealings.