Instant Messenger Hacks: 10 Security Tips to Protect YourselfMost of us will agree that we are paranoid about email security and hack attacks. We should equally be concerned about the other popular connection device we use – the humble instant messenger. It is also open to some of the privacy risks we associate with emails.
Especially in a business environment, unsecured IM installations are creating backdoors for hack attacks. This threat has increased manifold because nearly all IM’s allow for exchange of files, images, songs and even peer to peer sharing of entire folders.
Spam, worms, Trojans and viruses are familiar email foes. They are no friends of instant messaging either. So how do we pick our friends from our foes? Perhaps by following what Benjamin Franklin said -
Distrust and caution are the parents of security. Also, by putting these
10 habits in place.
- Don’t give out your identity
Every IM client asks you to create a screen name. A screen name usually refers to your email ID. Create a screen name which does not touch upon personal information or your real identity. For instance, my screen name is ‘Braniac’ and not ‘Saikat’. And NEVER provide any personal details including credit card numbers and social security number over the internet.- Don’t chat with people not on your contact list
Always vet your contact list with people whom you know something about. Talking with Mr. Anonymous at the other end of space may be fraught with risk. It is possible to discover your computer address (i.e. your IP) from an instant message and that usually is the first requirement for a remote hack attack.Don’t believe everything you read and always verify any information or request for information.- Don’t click on spam links
This is what a spam link might look like –This is probably what you will be bombarded with first. A link tempts you to click it just for the lark. A lot of these links take you to websites which can install spyware stealthily on your computer. For e.g. Viruses and worms with colorful names such as W32.Yalove or W32/Spybot-MQ are potential threats to Yahoo users. Ignore them.- Don’t share files with your chat partner
An IM client like Yahoo allows P2P file sharing. Do not share unknown content even if the person is known. P2P files, like email attachments can carry viruses, Trojan horses, and worms. They are engineered to seed themselves to other members on your buddy list. Be especially cautious when someone sends you an .exe or a .zip file.- Don’t let potential hackers reach you
Yahoo has an Ignore user or Report as spam so that he can’t disturb you once again. GTalk has a Block user option. Using this option allows you to keep out the unwanted from repeatedly messaging you. The default security settings in chat software tend to be relatively lax. Thus making you open to attacks. Check the settings and preferences of your chat client to apply stricter permission controls.- Don’t Neglect Encryption
Most IM clients lack encryption features. That essentially means that your messages can be tracked and read by eavesdropping hackers using technologies like packet sniffers or similar ones. Passwords are also a security loophole with hardly any client using strong password encryption.The subject of encryption and strong password protection would require another post by itself. So I hand you over to Tim’s excellent post on How To Secure & Encrypt Your Instant Messaging Chats. Here at MakeUseOf.com we have a lot of posts tagged as ‘passwords’. Why not take a look at ways to set strong passwords.- Don’t use an older version of IM – Update
IM client companies spend a lot of effort behind doors to prevent backdoor threats. Newer versions come with bug fixes and enhanced security. For instance, the latest version of Yahoo IM is better integrated with anti-virus solutions like Norton Internet Security and Norton Anti-Virus.So, always update your IM client as soon as one becomes available. If the chat client does not automatically prompt for an upgrade, go to the website and check your version number with the latest available. You can note the version of your particular client by clicking on Help – About…- Don’t download third party plug-ins from unverified sources
A lot of third party plug-ins are available for download which enhance the chatting experience. It is safer and advisable to always download from the IM client websites themselves or from verified sources.- Don’t forget to log-out completely
It is an oft repeated habit to click on the [X] button and exit. But this action does not close our IM client completely. Most often, they continue to run in the system tray leaving it ‘open’ for a third person to access it. IMs also have a nasty habit of broadcasting your online presence even if left to run as a background task. Especially in public computers be mindful of logging out and exiting completely. Also, never click on any Remember My Password checkbox during log-in as an added safeguard.For Yahoo Users: Before you get up, delete your Yahoo Messenger profile. It is located by default at C:\Program Files\Yahoo!\Messenger\Profiles. - Don’t forget the value of a good browser, a good firewall and an even better anti-virus
Sometimes we will click a link; sometimes we will download a file. All the precautions in the world will not be able to protect us if we don’t have a secure browser, a good firewall and an anti-virus updated with the latest virus signatures. These three not only protect us from IM attacks but they are the must-haves for any system.
Chatting as against emailing is a real time activity. It is in that sense more social than any other form of web communication. The danger is that chatting can lull us into a false sense of security. Just a few fundamental forethoughts help us to turn that false sense into a more conscious sense of security.
Have you been hacked? Perhaps, you share the concern for a rigorous defense against hackers? Let us know what safety measures you personally use…