Computer Associate's anti-virus head Dr. Eugene Dozortsev told ZDNet Australia that instant messaging "just opens up another hole", and companies should live without it if they can.
"Does e-mail make systems less secure? Yes. What about instant messaging? Yes, but you can live without it," he said.
Instant messaging software has crept into corporate environments and like any other tool is providing attackers, worms and viruses with another way in. Training staff in the use of these types of technology is crucial, says Dozortsev.
"If you have access to the corporate network you should have at least two to three hours of security [specific] training," he added.
These sentiments are echoed by Dozortsev's virus research manager, Jakub Kaminski, who says the way in which computers are used has lead to the need for strict training and policy regimes.
"It used to be [with computers] if you didn't know what you were doing you were just a danger to yourself. That's changed with networking," he said.
He equates using a computer network without training to driving a car without a licence.
"If you drive a car without a licence, is it responsible?" he asked.
Having an appropriately enforced security policy for users is also a good idea, but there's no point going overboard with enforcement, Kaminski said. Because policies often require user cooperation, scaring people can be counter productive.
"If [a user] thinks they've been infected and the person who got infected before them got the sack, then they won't report it," Kaminski said.
Instant messaging is a boom business, with major players such as Microsoft, Yahoo and AOL scrambling for a share in the corporate market.
Microsoft is aggressively pushing their Real Time Communications Server 2003 in the hope of turning instant messaging into a standard form of corporate communication.
