Author |
Topic  |
|
Bookie
Average Member
  
USA
856 Posts |
Posted - 19 February 2003 : 11:17:38
|
I work for a college. The admissions department asked me questions about instant messaging because they want to use it as a recruitment tool. The head of the network and on-campus computers is adamant about not using IM programs because of the potential security risks. I'm trying to pool some resources together to demonstrate that IMing is basically no different than web page browsing or e-mail with the hopes that the admissions dept can start to use IM (specifically Trillian because of the program compatibility).
I understand that IMing is generally not encrypted so hackers could snag messages out of the air and potentially read conversations. Not a big deal. I'm not addressing that.
His concern is security holes, getting viruses, and allowing someone to hack into your computer. As far as getting viruses through file transfers, it doesn't work anyway because our firewall won't allow file transfers. Moot point. With this in mind, it would be easier to get a virus through e-mail than through IM.
Regarding security holes, I've read that IM programs are basically as secure as the OS and/or a browser. Is this true?
I think it really comes down to wise use of the program. We try to teach the employees not to open any e-mail attachments, don't click on links from people you don't know, and use your virus checker like it's going out of style. I think the same principles apply to IM as e-mail.
Thoughts? Thanks in advance. |
Participate in my nonsense |
|
sr_erick
Senior Member
   
USA
1318 Posts |
Posted - 19 February 2003 : 12:14:44
|
IM is as safe as any other network activities that may be happeneing there. I would actually consider e-mail to be "less safe" than IM. I have also NEVER seen a case where someone has gotten hacked through an IM, unless the person ther were chatting to was giving out crucial information about the computer and network they were on. Security holes? THese thing, like you said, are just as secure as the operating system itself. Just like most e-mail, IM conversations are not encrypted so just like with e-mail, don't be sending too much confidential information over it.
Just my thoughts. Hope things work out. |


Erick Snowmobile Fanatics
|
 |
|
lofty
Junior Member
 
USA
158 Posts |
Posted - 20 February 2003 : 02:07:11
|
Almost all of the employees at my company work at home, so it is crucial that we use IM to communicate quickly and cheaply. This enables us to carry on phone conversations at the same time that we chat about a different topic. It really enhances our productivity.
But we were hacked via IM several times. Someone at our office got an IM from one of the employees, and it said "Click Here! Check this out!". Of course she clicked, which took her to a web page that had some kind of script on it that was able to read all of her IM contacts, and sent the same message to all of her contacts. Of course, everyone at work got the same IM eventually, and most of us clicked on it, which further propogated the worm.
It actualy seemed harmless, and a security patch for IE was shortly available afterwards. But there is always the potential that another exploit will be found, and instead of just sending an IM to everyone on the contacts list, it might read files from your machine or do other nasty things. But the benefits outweight the risks IMHO. |
 |
|
Gremlin
General Help Moderator
    
New Zealand
7528 Posts |
Posted - 20 February 2003 : 07:19:36
|
There have been several IM trojans in the past, they are not as safe as they appear at first glance. Using fairly traditional buffer overflow style hacks most online programs can be used to run malicious code on the end users computer. IM clients just get less publicity and focus than say webservers do. |
Kiwihosting.Net - The Forum Hosting Specialists
|
 |
|
VodkaFish
Average Member
  
USA
654 Posts |
Posted - 20 February 2003 : 13:27:25
|
quote: Originally posted by sr_erick
IM is as safe as any other network activities that may be happeneing there. I would actually consider e-mail to be "less safe" than IM.
I would definitely agree with that last statement. E-mail is generally much easier to "hack" into.
Bookie - many companies have corporate editions of their IM clients. They generally offer more security and give the company (in your case the college) the ability to control what goes on a bit more.
For example - Yahoo's Messenger Enterprise Edition
In the end, you are correct - it's how you use it that matters most. (Glad that was in this context ) |
v ø d k â f ï § h |
 |
|
|
Topic  |
|