The evolving Nature of IM Client Software and the ensuing

The evolving Nature of IM Client Software and the ensuing threats

It is becoming ever easier even for novice computer users to use communication and file sharing services like instant messaging programs. As a result of this, the security risks and the need for education increases dramatically. Indeed, everyone is vulnerable if the public as well as IT professionals are not made aware of what need to be done and if there is no implementation of the strict policies that govern instant messaging. Instant messaging security takes on a whole new meaning when you consider that common file sharing programs, and most of which are instant messaging programs, often come loaded with spyware. Sometimes, it can even be difficult to verify the integrity of their download locations as well as the integrity of the installation files. In fact as one report said, IT managers are finding themselves in an environment where public Instant Messaging clients are prevalent, and thus they have inherited a non-corporate communications system that is insecure and unmanageable.

For all of the instant messaging programs, each uses its own protocol of communication and password encryption. The widespread use of these programs has come at a price. Each has its own vulnerability and this has prompted many hackers and virus writers to look for the specific vulnerabilities of each of these programs. In fact, there is no anti virus program that can monitor instant messaging traffic and few are able to plug into these programs and fetch for infected files. IM traffic is difficult to monitor and the evolving nature of these programs as well as their protocols makes this a difficult task too. This means that a lot of threats are allowed to pass undetected even among server-based security products.

Instant messaging security also is vulnerable to Trojan horses. Since a lot of instant messaging programs have file sharing capabilities, they allow for certain ports to remain open thereby increasing the risk from hackers. Once a hacker gains access to a system, he will also be automatically notified when the victim is online and the hacker can do his destructive work. Some Trojans will modify configuration settings of the user and make some resources sharable. Other Trojans will harvest system information, IP addresses and cached passwords and make the users system vulnerable to a future attack.

Another instant messaging security threat is account hijacking. Since most protocols do not encrypt their traffic, a hacker can use a password-stealing Trojan horse and impersonate the victim. While not a big threat now, worms may indeed become a big problem in instant messaging security when IM programs resolve the interoperability issue. Other concerns include illegal file sharing and denial of service attacks. The threats mentioned above are real and prevalent and what is more, a lot of users are unaware of these threats. The evolution of the industry presents new challenges everyday and more research will need to be done to block traffic eluding firewalls and other security systems in place.