Get APLawrence.com by RSSTime to ban IM?
Personally, I don't like IM to start with, and wouldn't allow it on any network that I had to maintain. It seldom has any real business purpose, and any excuse that can be made for it can be fulfilled by other means almost always.
But I'm cranky. Most folks seem to like IM, and it is nearly a given that IM traffic is flowing in any business network. Now we have this warning: Researchers Say Automated IM Worm Is Inevitable.
I do question "inevitable", though. Is IM so innately flawed that it cannot be made secure? I find that hard to believe. Maybe you'd have to lose some of the "user friendly" oh-so-helpful "features", but so what? If you cut out the file transfer capability entirely and limit it to text, why can't it be secure?
Shrug.. not that I'd mind just eliminating it entirely, of course. But again, that's just me. When they invented the wheel, I said I'd never use it. In more recent times, I stubbornly held on to character interfaces (and still do most of my work in a terminal window) and have yet to see a reason to buy a PDA. So IM is likely one of those things that I'll eventually see the value of (hard as that is for me to imagine).
Probably what bothers me the most about this is that IM seems conceptually simple. Maybe I just haven't thought it through thoroughly, but certainly this isn't anything like writing an operating system or even an accounting package. IM is just email taken out of batch mode. So why should it be insecure, especially this late in the game? Weren't any lessons learned from email? I guess not.
Have you tried Searching this site?
Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates
This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more. We appreciate comments and article submissions.
Many of the products and books I review are things I purchased for my own use. Some were given to me specifically for the purpose of reviewing them. I resell or can earn commissions from the sale of some of these items. Links within these pages may be affiliate links that pay me for referring you to them. That's mostly insignificant amounts of money; whenever it is not I have made my relationship plain. I also may own stock in companies mentioned here. If you have any question, please do feel free to contact me.
Specific links that take you to pages that allow you to purchase the item I reviewed are very likely to pay me a commission. Many of the books I review were given to me by the publishers specifically for the purpose of writing a review. These gifts and referral fees do not affect my opinions; I often give bad reviews anyway.
We use Google third-party advertising companies to serve ads when you visit our website. These companies may use information (not including your name, address, email address, or telephone number) about your visits to this and other websites in order to provide advertisements about goods and services of interest to you. If you would like more information about this practice and to know your choices about not having this information used by these companies, click here.
I sell and support
Kerio Mail server
Click here to add your comments
Tue Nov 22 16:30:41 2005: Subject: BigDumbDinosaur
Oddly enough, an IM type of application can be useful in certain business contexts. For example, one of my clients has several geographically dispersed offices and it is sometimes handy to get someone's attention via a popup on their computer screen, rather than make a phone call.
Be that as it may, I would never even consider using IM or (worse yet) MSN Messenger, as both suffer from severe creeping featurism -- they're obviously geared to the mentality of a 12 year old girl. MSN Messenger is particularly evil in that it provides an easy path for the worm de jour to get into the system.
Wed Nov 23 00:29:28 2005: Subject: dhart
Anyone else tried Google Talk? Interesting gadget...
Wed Nov 23 10:32:00 2005: Subject: anonymous
To me most IM stuff seems like crap. There have been instances of using MSN to cause pop-ups, distribute advertisement, and it's common to use bots to trick people into conversations or clicking on links.
Stuff like that.
Most IM stuff isn't well thought out and has to many features.. stuff like file transfer and whatnot. The concept seems nice a simple, but in execution it rarely is. They seem to focus way to much on features and convienience to sell a service then actual core functionality.
Although there is purposes for it. Similar to email.. If I thought a business or orginization would benifit from IM I wouldn't bother using something public, I'd use something like 'jabber' and setup a server just for that specific orginization to use internally. If somebody wants to use it for roaming or work-at-home or whatnot, that's what VPNs are for.
Wed Nov 30 09:19:23 2005: Subject: A good idea, but... anonymous
"If I thought a business or orginization would benifit from IM I wouldn't bother using something public, I'd use something like 'jabber' and setup a server just for that specific orginization to use internally. If somebody wants to use it for roaming or work-at-home or whatnot, that's what VPNs are for."
Ok.
But you forget one thing: I have seen Windoze users who have several clients like AIM, MSN, and the like open at the same time! Even if you setup up your own jabber for them and they come in over a tightly secured ipsec vpn, still their machines could have a rootkit already, which sits in the background and conveniently sends all your keystrokes, RSA keys or whatever to IRC...
In our company, we have an ultra-lax security policy. People can almost do whatever they want. And it's giving me nightmares...
cheers,
wjl
Thu Dec 1 03:23:48 2005: Subject: drag
Well that's going to be a problem irregardless of what sort of messaging software or no messaging software your running when your dealing with Windows stuff and your dealing with allowing users to login from their own computers... either a laptop they take home or a home computer over a VPN.
The way to fix that is to screw Windows and have people use X terminals or something (like freeNX over VPNs) were you (as the administrator) can much higher levels of control and monitor stuff in a sane manner.
Don't miss responses! Subscribe to Comments by RSS or by Email
Click here to add your comments
If you want a picture to show with your comment, go get a Gravatar