Companies are warned that employees using instant messaging programs could be less productive and at risk from viruses.
Security experts have warned companies that increased use of corporate instant messaging services could increase vulnerability to virus attacks and the interception of messages.
Yahoo! and Sun Microsystems have both announced that they will release instant messaging (IM) software for corporate use, and Microsoft has said that IM will play a large role in its .Net strategy for accessing applications online. Yahoo! said its IM service will let employees send messages behind the corporate firewall, but will also integrate with other systems and the Internet to allow real-time communication across global locations. Sun's messaging service will also work behind the firewall, the company said.
Though at present there are only a few instant messaging worms, Denis Zenkin, the head of corporate communications at antivirus specialist Kaspersky Labs, warned, "It is only a matter of time for virus writers to get interested in this application. If this technology becomes as popular as email we will certainly see numerous worms, using social engineering methods and exploiting vulnerabilities in instant messaging or similar programs."
Many companies have banned the use of IM software because of concerns that infected messages can bypass server-based antivirus security, and because they fear that IM could reduce productivity. Zenkin emphasised that firms should consider the threat from the inside. "Any new information technology being integrated in the enterprise-wide network makes the whole system more vulnerable to virus and hacker attacks."
Firms should be aware that the level of protection offered against viruses and message interception for IM is not as advanced as for email, said Eric Chien, chief researcher at security giant Symantec.
Chien said no antivirus products protect against IM at email server gateways. Antivirus technology for IM is under development but in the meantime firms should set usage guidelines.
"With the lack of tried and true security for instant messaging, policy plays an even larger role," Chien said. "Users should be reminded that they should not utilise any unexpected attachments that come via instant messaging. Administrators should consider disabling file transfers via instant messaging altogether."
Kaspersky's Zenkin added that companies using IM software should strongly encrypt any messages to ensure that if they are intercepted, they cannot be read, and also regularly update their antivirus software.
it's true - the public IM networks like icq, aim, msn, etc. are all subject to various security issues, and it's almost impossible to make them safe. but that said, a PRIVATE and secure IM intranet-based system can avoid 99% of those problems. and you dont need to look to sun or yahoo or MS for solutions - there's a GREAT app that's been quietly out there for a long time call "Sonork" - it works, it's secure, and it's serious. why is it only when the big guys make some announcement like this that this news comes out? let's support the other ppl out there sometimes? check it out - i use it, and i love it!