TOP 5 Security Risks for Instant Messaging

IMLogic publishes two Top 5 Security Risks for Instant Messaging in 2004 and 2005, respectively. In 2005, the top 5 is as below:

  1. Blended Threats Include Instant Messaging
  2. Identity Theft, Spoofing, and Phishing over IM
  3. Advanced Spyware and SPAM over IM
  4. Information Security Leaks over IM
  5. Targeted Attacks on Enterprise Domains

while the top 5 in 2004 is:

  1. Viruses and Worms over IM
  2. Identity Theft and Authentication Spoofing
  3. Tunneling Through Firewalls
  4. Information Security Leaks
  5. SPIM or Spam over Instant Messaging

What differs 2005 against 2004 is that the priority of SPAM/SPIM: increased to 3rd from 5th. The openness and inter-op of IM services and clients will worsen the SPAM/SPIM threats in the near future.

Virus infections are most often sent via file transfers that bypass traditional gateway anti-virus security. IM and P2P attacks also push URLs to malicious code hosted on the Internet which can be downloaded and executed on local machines.

Technorati Tags: IM, SPAM, SPIM, Security

3 Responses to TOP 5 Security Risks for Instant Messaging

  1. rowland says:

    Identity theft will be deduced only when people realise that identity-based security is a bad idea.

  2. zhaol says:

    hi, rowland, i was a little confused. if we don’t use “identity” to identify one client or a person at the IM world, then how do you think we should use? if we have to use some type of “identity”, the access control must be based on that. in orther words, the security mechanism will be based on “identity”. any alternative do you suggest? welcome and thx.

  3. […] 据媒体报导,安全巨头Symantec昨日宣布购并即时消息管理软件公司IMLogic. IMLogic和FaceTime, SurfControl, BlueCoat, Akonix等是当前业界主要的即时消息IM/P2P方面的管理和安全供应商。相信这次收购对CA/IBM/HP也会产生相当的触动。IM/P2P的管理,包括识别、控制、计费、质量等可能成为下一代信息系统管理四大家Big Four(IBM/HP/CA/BMC)的基础性构件。虽然当前这块市场不是很大,但是具有战略意义,关乎各家的“比较优势”。 赛门铁克的收购狂欢2006年没有显露放松的迹象。1月3日,赛门铁克宣布了收购企业即时消息客户端软件提供商IMlogic的计划。 IMlogic是前微软高级官员Francis deSouza在2001年成立的,公司在马萨诸塞州沃尔瑟姆。IMlogic销售帮助企业保护和管理即时消息通信的软件。收购预计2月初完成,财务细节没有被披露。 据赛门铁克安全产品高级副总裁Enrique Salem说,赛门铁克计划今年把IMlogic的安全和内容检查功能集成到自己的反垃圾邮件和反病毒软件以及自己的安全专用设备中。 […]

%d bloggers like this: