All the latest UK technology news, reviews and analysis
|
|
|
18 Feb 2005
A recently discovered security flaw in MSN Messenger demonstrates that instant messaging (IM) presents a serious security threat and should act as a wake up call for enterprises, industry experts have warned.
According to Gartner, firms must "implement comprehensive IM policies now" after the MSN Messenger vulnerability prompted Microsoft to restrict access to its service in a bid to prevent the exploit from spreading.
Gartner senior analyst Lawrence Orans said: "The MSN Messenger exploit highlights the risks of not establishing and implementing an enterprise IM policy."
"The MSN Messenger client, like those for Yahoo Messenger, AOL Instant Messenger and other IM services, is available for download free of charge.
"As a result, IM is so widely used that most enterprises have no idea how many IM clients are installed on their systems or how much IM traffic passes through their networks."
The warning comes after Microsoft moved to lock out any users not running the latest versions of its MSN Messenger and Windows Messenger clients after proof of concept of a vulnerability was posted on the internet.
The problem centred on the inability of older versions of MSN Messenger and Windows Messenger to properly handle corrupted image files. By exploiting this vulnerability, an attacker could take control of an affected system.
"Microsoft acted quickly to control this malicious code outbreak by denying access to clients that were not up to date," said Orans.
"However, the next time an IM exploit emerges, Microsoft or another IM provider may not be able to respond as quickly or as effectively.
"Enterprises must take responsibility for ensuring that the use of IM does not compromise their security. If necessary, they must be able to temporarily shut it down when a serious security threat emerges."
Gartner advised that, because IM has become so popular, it is rapidly becoming unrealistic to block IM traffic entirely. In many enterprises, one or more business units can make a compelling case for the need to use the technology.
The analyst firm believes that enterprises have three options: implement an enterprise IM system; deploy a product that makes it possible to build policies around public IM services; or do both.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Position:Oracle Applications eBusiness Suite Suport...
Software Developer A leading UK Software Application...
I am looking for a permanent senior Drupal Developer...
Retail Consultant - Data Transformation and Migration...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
secure IM must be embedded
I think that the efforts to secure public IM systems will not lead to a cost-effective solutions. let's face it: if you want your employees to use IM, you have to set up a system where security and ease of use have been embedded as a design specification. such systems are generally cheaper that assembling a host of partial solutions. Part of the security feature is the authentication of a user and an authorization to communicate by each specific receiver. obviously, sending a rogue message to someone after being authenticated will not make sense, so spam is automatically prevented.
Posted by: Andre Maisonneuve 06 Feb 2006