Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 Community Forums
 Community Discussions (All other subjects)
 Thoughts on IM and Security
 New Topic  Topic Locked
 Printer Friendly
Author Previous Topic Topic Next Topic  

Bookie
Average Member

USA
856 Posts

Posted - 19 February 2003 :  11:17:38  Show Profile  Visit Bookie's Homepage  Send Bookie an AOL message  Send Bookie a Yahoo! Message
I work for a college. The admissions department asked me questions about instant messaging because they want to use it as a recruitment tool. The head of the network and on-campus computers is adamant about not using IM programs because of the potential security risks. I'm trying to pool some resources together to demonstrate that IMing is basically no different than web page browsing or e-mail with the hopes that the admissions dept can start to use IM (specifically Trillian because of the program compatibility).

I understand that IMing is generally not encrypted so hackers could snag messages out of the air and potentially read conversations. Not a big deal. I'm not addressing that.

His concern is security holes, getting viruses, and allowing someone to hack into your computer. As far as getting viruses through file transfers, it doesn't work anyway because our firewall won't allow file transfers. Moot point. With this in mind, it would be easier to get a virus through e-mail than through IM.

Regarding security holes, I've read that IM programs are basically as secure as the OS and/or a browser. Is this true?

I think it really comes down to wise use of the program. We try to teach the employees not to open any e-mail attachments, don't click on links from people you don't know, and use your virus checker like it's going out of style. I think the same principles apply to IM as e-mail.

Thoughts? Thanks in advance.

Participate in my nonsense

sr_erick
Senior Member

USA
1318 Posts

Posted - 19 February 2003 :  12:14:44  Show Profile  Visit sr_erick's Homepage  Send sr_erick a Yahoo! Message
IM is as safe as any other network activities that may be happeneing there. I would actually consider e-mail to be "less safe" than IM. I have also NEVER seen a case where someone has gotten hacked through an IM, unless the person ther were chatting to was giving out crucial information about the computer and network they were on. Security holes? THese thing, like you said, are just as secure as the operating system itself. Just like most e-mail, IM conversations are not encrypted so just like with e-mail, don't be sending too much confidential information over it.

Just my thoughts. Hope things work out.




Erick
Snowmobile Fanatics

Go to Top of Page

lofty
Junior Member

USA
158 Posts

Posted - 20 February 2003 :  02:07:11  Show Profile  Visit lofty's Homepage
Almost all of the employees at my company work at home, so it is crucial that we use IM to communicate quickly and cheaply. This enables us to carry on phone conversations at the same time that we chat about a different topic. It really enhances our productivity.

But we were hacked via IM several times. Someone at our office got an IM from one of the employees, and it said "Click Here! Check this out!". Of course she clicked, which took her to a web page that had some kind of script on it that was able to read all of her IM contacts, and sent the same message to all of her contacts. Of course, everyone at work got the same IM eventually, and most of us clicked on it, which further propogated the worm.

It actualy seemed harmless, and a security patch for IE was shortly available afterwards. But there is always the potential that another exploit will be found, and instead of just sending an IM to everyone on the contacts list, it might read files from your machine or do other nasty things. But the benefits outweight the risks IMHO.
Go to Top of Page

Gremlin
General Help Moderator

New Zealand
7528 Posts

Posted - 20 February 2003 :  07:19:36  Show Profile  Visit Gremlin's Homepage
There have been several IM trojans in the past, they are not as safe as they appear at first glance. Using fairly traditional buffer overflow style hacks most online programs can be used to run malicious code on the end users computer. IM clients just get less publicity and focus than say webservers do.

Kiwihosting.Net - The Forum Hosting Specialists
Go to Top of Page

VodkaFish
Average Member

USA
654 Posts

Posted - 20 February 2003 :  13:27:25  Show Profile  Send VodkaFish an AOL message  Send VodkaFish an ICQ Message  Send VodkaFish a Yahoo! Message
quote:
Originally posted by sr_erick

IM is as safe as any other network activities that may be happeneing there. I would actually consider e-mail to be "less safe" than IM.
I would definitely agree with that last statement. E-mail is generally much easier to "hack" into.

Bookie - many companies have corporate editions of their IM clients. They generally offer more security and give the company (in your case the college) the ability to control what goes on a bit more.

For example - Yahoo's Messenger Enterprise Edition

In the end, you are correct - it's how you use it that matters most. (Glad that was in this context )

v ø d k â f ï § h
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Topic Locked
 Printer Friendly
Jump To:
Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.32 seconds. Powered By: Snitz Forums 2000 Version 3.4.07