Users warned of security risks in messaging software

NEWS Mikko Hypponen, head of research at security specialist F-Secure, cautions companies using IM outside their own intranets. He said: "Even if the IM clients involved are protected by firewalls, there is no guarantee the user is protected from infecting the whole network. It would be advisable for companies to limit IM software for internal use only." The comment comes in response to Computer Emergency Response Team (CERT) at Pittsburgh's Carnegie Mellon University warning against instant messaging (IM) and internet relay chat (IRC) software. CERT warns of possible security threats associated with IM software such as viruses and other malware, insecure configurations and password intrusions. Graham Cluley, security expert from security firm Sophos agrees. He said: "The fact is viruses and malicious people can exploit both email and IRC for their advantage. CERT are sensible to say that if you really don't need IRC then don't enable it in a corporate environment." IM software, which is offered by companies such as AOL and Microsoft in conjunction with email allows users to communicate with each other in real time.