[Web4lib] IM Security

[Micah Stevens]

On 03/05/2007 06:52 PM, Chadwick, John, DCA wrote:
> One of the major problems with IM is that it uses a protocol instead of
> a standard TCP/IP port. It is easy to filter out spam and viruses on
> e-mail because all traffic flows on port 25. IM just looks for the next
>   
I hate to be nitpicky, but this statement is extremely misleading. Email 
is a protocol just like anything else on the Internet. It actually uses 
several (SMTP, POP3, IMAP, etc..) It also uses a port as does any TCP 
connection. This is exactly how most instant messengers work, although 
the specifics of the protocol are different. Although a protocol could 
be designed to operate as you suggest, it would be incorrect to describe 
all instant messengers as having this property. AIM for example uses 
port 5900 to connect. MSN uses several ports depending on what is being 
transferred (voice, files,etc.) however they are specific ports and can 
be effectively firewalled. Without researching I cannot speak for all 
the IM services that are available, but I think my point in general is 
valid. If you have a specific example that disagrees, I'd be curious to 
know.
> Also, since flavors of IM uses peer-to-peer
> technologies, your computer essentially becomes one with other
> computers, including those that are infected with viruses.
>
>   
Again misleading and incorrect depending on implementation. I will agree 
however that these systems can be a portal for virii, and this is a very 
valid concern. Inherently though this threat is no more so for Instant 
messaging than for other methods of Internet communication such as web 
browsing, email, etc.. Secure implementation varies however as the 
mentioned links suggest.

-Micah