Instant Messaging Security

Viruses can infect everything from computers to cell phones, and they can be spread numerous ways. One of the increasingly popular ways that viruses spread is through instant messaging services such as AIM, Yahoo, and MSN. Because these viruses often spoof the identity of friends on a buddy list, users of these services are highly susceptible to infection unless proper precautions are taken. Here are several rules for using instant messaging services securely:

Rule 1: Do not trust anyone.

Identities and accounts can be forged or compromised. On instant messenger it is very difficult to know beyond a shadow of a doubt that you are actually talking to the person you think you are. Look at every link and every file transfer with great suspicion.

With the most recent outbreak of instant messaging viruses, an infected computer would send a link to buddies who are online that says "click here" with a malicious URL that would attempt to install a virus. This link would appear to come from someone on your buddy list. Sometimes this would come in the form of a brand new conversation, and other times this link would appear in the middle of a conversation.

Therefore, CITES strongly recommends that every time you receive a link, you check with the person who sent it to you and ask what the link is. If the person doesn't know what you are talking about, the odds are very good that it was not your friend, but the virus, that sent you the link.

Rule 2: Never forget Rule 1.

Rule 3: Control file sharing.

Either turn off your IM client's file sharing entirely or make sure that the client is configured to ask for your approval before downloading a file. You don't want your IM client to automatically download a new virus without asking whether or not the file is legitimate.

Rule 4: Control your contacts.

In addition to viruses, spam is being broadcast to hundreds of IM users at a time, making itself a nuisance in the IM world just as it has been in email. To help control "spim" (instant-messaged spam), you can add the screen names of people you know to your IM contacts list, and accept only messages from people you know.

Rule 5: Keep your software up to date.

Every day new vulnerabilities are found in software applications. These are like a part on a car that may be defective. The dome light may not function properly, but the car itself is very useful and provides a great service to its owner. Updates to the software applications frequently provide new features or better compatibility, but they often include minor fixes to issues that could create an opening for a virus infection or compromise.

Therefore, it is important to make sure you are using the most recent version of the software in order to protect yourself from virus attacks.

Rule 6: Do not expect your IM conversations to be private.

Instant messaging, like email, is not a secure and private means of sharing information. Messages on an instant messaging service are not encrypted and also must pass through another server (i.e. AOL's Instant Messaging servers) before they reach the person you are talking to. This setup makes your instant messages an easy target for someone to monitor.

Therefore, you should expect that you are being watched and know that you have no privacy over instant messaging. Accordingly, do not share social security numbers, passwords or other sensitive information over instant messenger.