We noticed you're blocking ads.

Keep supporting great journalism by turning off your ad blocker.

Questions about why you are seeing this? Contact us

Font Size

- Aa +

Sun 19 May 2002 04:00 AM

Font Size

- Aa +

Gartner Group warns enterprises of inherent security threat of IM

Businesses advised to subject instant messenger platforms to same security restrictions as e-mail, and to rapidly apply patches.

Gartner Group is warning enterprise organisations to reassess the use of Instant Messenging (IM) platforms in the enterprise due to security reasons. At the start of May, Microsoft issued a patch for a vulnerability in the Chat Control component included in its MSN Messenger software. However, this is merely the latest in a string of security incidents surround free IM platforms.The Microsoft security hole allows an attacker to execute code on the target machine. An attack is likely come from some future worm, or self-propagating virus.“Instant messaging (IM) platforms have had vulnerabilities before, but attacks required the user to take some action ‘Go to this cool site’. This new vulnerability raises the spectre of a destructive self-propagating worm that could have several ‘heads’ exploiting various paths, one of which would be MSN Messenger,” states a Gartner Group report.Although IM potentially increases productivity between workers in and between enterprises, allowing IM traffic through the corporate firewall can create a serious security threat.“The inherent weaknesses in both the software and infrastructure of the major free IM providers – [such as] AOL Time Warner, Microsoft and Yahoo - create significant risk for enterprises allowing IM traffic through the enterprise firewall,” says the Gartner report.Gartner Group has issued a number of security recommendations to enterprises, including saying on top of the recent spate of security alerts and the rapid application of patches as and when they become available. Also, IM should be subjected to the same security measures as e-mail.Long term, organisations should also investigate the possibility of using enterprise-controlled IM and presence servers, which will offer better security than free public services. “When choosing between competing IM systems, enterprises should heavily weight the security of the code,” adds the report.”

Arabian Business: why we're going behind a paywall

For all the latest business news from the UAE and Gulf countries, follow us on Twitter and Linkedin, like us on Facebook and subscribe to our YouTube page, which is updated daily.

Read next