Precautions for Instant Messaging and File-sharing
The risks
Peer-to-peer (P2P) clients (programs) are more vulnerable than email clients. IM and file-sharing clients are designed to be left running. They continually broadcast your online presence. That makes your computer -- along with any vulnerabilities -- easy for a hacker or worm to find. Worse yet, many P2P programs install unwanted software themselves.
P2P attachments, like email attachments, can carry viruses, Trojan horses, and worms. A new breed of worms uses the basic structure of IM to propagate. These worms send copies of themselves to the members of your buddy list. The message may contain a link to a Web site that downloads more malicious code, like a Trojan horse.
Instant Messaging is well suited to "social engineering". An attacker can assume virtually identity they want to. You simply do not know who you're dealing with. The highly social nature of IM makes it easy to lull people into a trusting relationship. From there, the imposter can launch scams, identity-theft, and other predatory attacks.
P2P networks are not protected from eavesdropping. They're also vulnerable to "spoofing" -- changing addresses -- so that messages appear to come from a "buddy" when they really come from an attacker. [news] [more news]
Precautions
A good all-around security system -- like the 7-step Plan -- plus special attention to some safeguards should provide good protection from IM and file-sharing hazards.
- Don't be lulled into being too trusting. Your best protection is informed vigilance.
- If you get strange messages from someone you know, terminate your IM connection, and contact them by phone or email.
- Don't accept attachments from strangers, and be very careful even with one from someone you know. If possible, configure your IM client to reject attachments by default.
- Don't open your IM client to the public -- people not on your buddy list. That will block most attacks.
- Keep Windows, your IM software, and your anti-virus and anti-malware programs and definitions up to date.
- Use a strong password for your IM account and change it often.
- Never send credit card numbers, SSNs or any other sensitive personal information over IM. It is not even as secure as email, which is not secure either.
- Consider using special IM protection, like IMsecure from Zone Labs. [more]
More on the Web:
Using Instant Messaging and Chat Rooms Safely -- from US Computer Emergency Readiness Team
Instant messaging safety and privacy tips -- from Microsoft
http://www.symantec.com/homecomputing/library/mrim.html
http://www.symantec.com/symadvantage/014/instant.html
- • attack vectors
- deception the #1 threat
- phishing #1 deception
- poisoned websites
- poisoned email
- email attachments
- downloads
- spam (scams and phishing)
- hackers and worms
- popup warnings
- • malicious content
- spyware
- viruses and worms
- trojans
- • backup is security job one
- • develop your "web smarts"
- don't get hooked
- guard against spyware
- be careful with email
- fear attachments
- surf safely
- • tighten security settings
- windows
- browsers
- email clients
- • defense tools and software
- firewalls
- hardware firewalls
- anti-virus
- anti-spyware/-malware
- all-purpose security suites
- • patch and upgrade software
- • bonus: double your security
- • test your protection
- • protect your privacy
- • WiFi security