Jump to content

Is there such a thing as a secure IM?


Normandie

Recommended Posts

Hey folks, just wondering if there is such a thing as a "secure IM". For example with Trillian is there a way to make sure that you are not constantly open to attack? I looked at IMSecure by zonelabs, but I heard that it only works if the people you are chating with are using IMSecure also.

 

I have read that with the IM running that you are totally open to wirus and problems. I have looked for articles about this but have not found any that seem to give a straight forward opinion. When I used Trillian I only had access and left access to my IM by people that I put on my list, but have heard that anyone can "hack" in and screw up my computer.

 

Thanks in advance & have a good day,

Normandie

Link to comment
Share on other sites

Security is a very very broad term.

ICQ have been very known to be easy to hack.

It is important that you use the latest client of whichever software you use, so it contains the latest security fixes.

Becareful with attachments that get sent to you, also sometimes if your friend get infected with a virus, that will try to send the file to everybody on his contact list.

 

If your IM client have a option to scan recived files with Antivirus, then enable that options.

Besure to know what you are accepting, before you accept it.

Only accept things from people who you trust.

Never open .pif or .scr files. Maybe consider not opening .exe files.

.jpg, .png, .gif, .mp3, .wav, .txt should be pretty safe.

 

Becareful so people dont send a file such as avril_lavigne.mp3.exe or my_picture.jpg.exe

 

Personally I use Miranda IM, its a modular IM where I can customize it how I want and choose the plugins and protocols I want. Light-weight.

firefoxblue4yw.gif

button_b.png hydrogen2nr.png

80x15_3.png

Link to comment
Share on other sites

Security is a very very broad term.

ICQ have been very known to be easy to hack.

It is important that you use the latest client of whichever software you use, so it contains the latest security fixes.

Becareful with attachments that get sent to you, also sometimes if your friend get infected with a virus, that will try to send the file to everybody on his contact list.

 

If your IM client have a option to scan recived files with Antivirus, then enable that options.

Besure to know what you are accepting, before you accept it.

Only accept things from people who you trust.

Never open .pif or .scr files. Maybe consider not opening .exe files.

.jpg, .png, .gif, .mp3, .wav, .txt should be pretty safe.

 

Becareful so people dont send a file such as avril_lavigne.mp3.exe or my_picture.jpg.exe

 

Personally I use Miranda IM, its a modular IM where I can customize it how I want and choose the plugins and protocols I want. Light-weight.

 

 

 

 

 

Eldmannen,

 

Thanks for the advice, however, I am not as worried about files, because I don't & won't accept files, even from people I know through the IM. my main concern is it just sitting there open. Can someone who is not on my list access my computer if the IM client is up & running? On my contact list I have it set up to only accept people I add myself and not just anyone on line. I have just heard that it is not good to have them up and running, all the time. Since I am using a DSL and am conected almost all the time, it has worried me.

 

I will take a look at Miranda.

 

Thanks & have a good day,

Normandie

Link to comment
Share on other sites

As I said, security is broad. :)

 

It might be that a IM opens a UDP or TCP port that it listens on, and that may be a security concern. To find out if it does that, open a console / command prompt before you start your IM and type "netstat -a" then start the IM client and then run "netstat -a" again. Now it should establish one or more connections to server(s) depending on how many protocols you use. That is normal and it will mark the connection with the ESTABLISHED state.

What you should look for if there is any new state which is set to LISTENING.

 

If you have many connections with the established state and wonder which is connected by what, you can use "netstat -b".

 

You should also block contact not on your list to send you messages, files, urls, etc to prevent anyone sending any data to you which might exploit any potential buffer overflow in your IM client.

 

Any IM client and any application/software can/may have security vulnerabilitities such as buffer overflows which can be exploited to executable arbitary data and commands. Nothing is ever 100% safe. Update your IM client regularly.

If you use an open-source application, then everybody can see the source code and any bugs or potential security issues can get fixed fast.

firefoxblue4yw.gif

button_b.png hydrogen2nr.png

80x15_3.png

Link to comment
Share on other sites

I think that he is saying that by leaving his IM program turned on that he is open to attacks.

 

You can leave your IM program on all day and do not worry. As long as you don't "direct connect" or some such you will be fine.

Link to comment
Share on other sites

I think that he is saying that by leaving his IM program turned on that he is open to attacks.

 

You can leave your IM program on all day and do not worry.  As long as you don't "direct connect" or some such you will be fine.

 

 

 

 

 

bpm3k,

 

Yes, that is what I am trying to find out. I guess I am not too clear, sorry about that.

 

Thanks to all of you who responded & have a great day,

Normandie

Link to comment
Share on other sites

When someone discovers a remote exploit for your particular IM client, then you will not be fine, direct connect or not. Remote exploits are the only thing to be concerned about. AIM has a long history of remote exploits. YIM probably has the least [didn't check].

 

The best thing to do is use an alternative client (i.e., stay away from MSNM, YIM, and AIM, and use a jabber client that does all three at once - that way, the latest AIM exploit, etc, won't even work on you).

Click here if CCleaner Issues are re-appearing

 

DjLizard.net

DjLizard.net wiki

Dial-a-fix

Dial-a-fix tips

DjLizard.net software support forum

 

Do you live in Bradenton, Sarasota, Tampa, or St. Petersburg, Florida? Visit Digital Doctors where I work :)

Link to comment
Share on other sites

When someone discovers a remote exploit for your particular IM client, then you will not be fine, direct connect or not.  Remote exploits are the only thing to be concerned about.  AIM has a long history of remote exploits.  YIM probably has the least [didn't check].

 

The best thing to do is use an alternative client (i.e., stay away from MSNM, YIM, and AIM, and use a jabber client that does all three at once - that way, the latest AIM exploit, etc, won't even work on you).

 

 

 

 

DjLizard,

 

Thanks for the advice. When you say "use a jabber client" does Trillian fit this bill? I am not very familar with the vocabulary. I am sorry to keep asking questions, but don't want to open my computer to problems if I can avoid it.

 

Thanks & have a good day,

Normandie

Link to comment
Share on other sites

Yes, trillian is a jabber client. Almost all jabber clients can connect to almost all IM services out there.

 

http://www.jabber.org/software/clients.shtml

Click here if CCleaner Issues are re-appearing

 

DjLizard.net

DjLizard.net wiki

Dial-a-fix

Dial-a-fix tips

DjLizard.net software support forum

 

Do you live in Bradenton, Sarasota, Tampa, or St. Petersburg, Florida? Visit Digital Doctors where I work :)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.