Defending instant messaging

On the Internet, no one knows you're a dog. That, of course, was the caption to the classic cartoon from The New Yorker magazine. This anonymity comes into play even when instant messaging with someone you know. All the responses from your friends' computer may not actually be coming from your friend. Some may be inserted by malicious software running on your friend's computer.

As Randy Abrams, director of technical education for ESET, the company that produces the NOD32 antivirus program, put it last month:

"Instant messaging is a very successful means for the bad guys to get their software onto your computer...If a virus infects your friend's computer's instant messaging program then it can "type" anything into the chat windows and it will look like your friend said it. It can provide a link for you to click that may lead you to malicious software."

Abrams offers two defensive steps.

If you get sent a link to a Web site, verify with your friend that they really sent the link. This isn't a perfect defense, as the malware may respond rather than your friend, but it's better than blindly trusting. For users of Windows Live Messenger, he also suggests a configuration change that will prevent the program from downloading many types of malicious software.

As I noted before, skepticism is your best defense on the Internet.

See a summary of all my Defensive Computing postings.