Defending instant messaging

Every message isn't necessarily from a human being.

Michael Horowitz
Michael Horowitz

Michael Horowitz wrote his first computer program in 1973 and has been a computer nerd ever since. He spent more than 20 years working in an IBM mainframe (MVS) environment. He has worked in the research and development group of a large Wall Street financial company, and has been a technical writer for a mainframe software company.

He teaches a large range of self-developed classes, the underlying theme being Defensive Computing. Michael is an independent computer consultant, working with small businesses and the self-employed. He can be heard weekly on The Personal Computer Show on WBAI.


On the Internet, no one knows you're a dog. That, of course, was the caption to the classic cartoon from The New Yorker magazine. This anonymity comes into play even when instant messaging with someone you know. All the responses from your friends' computer may not actually be coming from your friend. Some may be inserted by malicious software running on your friend's computer.

As Randy Abrams, director of technical education for ESET, the company that produces the NOD32 antivirus program, put it last month:

"Instant messaging is a very successful means for the bad guys to get their software onto your computer...If a virus infects your friend's computer's instant messaging program then it can "type" anything into the chat windows and it will look like your friend said it. It can provide a link for you to click that may lead you to malicious software."

Abrams offers two defensive steps.

If you get sent a link to a Web site, verify with your friend that they really sent the link. This isn't a perfect defense, as the malware may respond rather than your friend, but it's better than blindly trusting. For users of Windows Live Messenger, he also suggests a configuration change that will prevent the program from downloading many types of malicious software.

As I noted before, skepticism is your best defense on the Internet.

See a summary of all my Defensive Computing postings.