MSN Messenger – Friend or Foe?
MSN Messenger – if you are a regular computer user under the age of 25 you probably will fight me on multi levels on this one. That is OK. When push comes to shove the ultimate decision is with management. All IT professionals can hope for is that we can effectively explain the pros and cons of programs like Instant Messaging programs so that management can make good decisions using good information. It is surprising to see that so many are not aware or make light of all of the issues / threats with Instant Messaging. This article may help you to make a more educated decision as to whether or not MSN is a good corporate choice.
Lets look at some of the good things that Instant Messaging can do for you:
You will be able to do all this with a relatively low powered machine.
These benefits could definitely enhance most business operations. With instant communication in the new IM text language, you can cut down response request time, you will be able to transfer data in file format on demand and set up conferencing so that remote locations could join in on a meeting. With the promise of interoperability with other Instant Messaging programs like Yahoo Messenger, MSN will break down its proprietary walls making communication even easier.
Now lets see what some of the issues from a security standpoint are:
Now lets look at some of the other issues that can come about from using MSN (Instant Messaging Programs). If you are sending data out that can be deemed personal information by any of the privacy laws in place in your particular country, Province, or State using an MSN transmission, you could be operating in violation of those privacy laws. See, information sent in an MSN transmission is sent in clear text format for the entire world to see if they want to.
You may say, well I only have a very select list of people in my buddy list. If the information is being sent in clear text, that means anyone on any computer (this would include the servers that it travels through) that is handling that transmission has the capacity to read that information. Do you know and implicitly trust everyone at your Internet Service Provider? They can track everything that goes through their servers. If the information gets stolen, the average cost per person to recovery from the violation is approximately $320,000 US per individual. How many people do you have listed in your accounting software, databases, client lists. Do the math.
Scared yet? No. Ok, how easy is it to get that information if you have IM on your machine? If you have the capability to share files through IM, you are potentially sharing your private information also. You say, the private files are not part of that list, or I don’t share those and they are on a protected partition. I have some bad news for you. If you have sharing enabled on the computer, it will not take a hacker long to infiltrate the system and get what they are looking for.
The challenge for Management and IT staff is to find the happy median between pain and pleasure. Management needs to take a long hard look at the cost of recovery V.S. profits brought in by the use of Messenger services. If you can justify a potential intrusion, loss of data, loss of IT service and profits for recovery time, then by all means incorporate a messaging service. If you have any doubts or if there is a safe way to get the same job done within an acceptable time frame without the risk, then the choice is obvious.
If you are sensing that there is a dislike for MSN Messenger, you are not seeing the entire picture. Essentially there is nothing wrong with the program. But now that you introduce an unforeseeable human factor (criminals, hackers, viruses), you introduce security issues. Ultimately the decision is up to you.
Oh, just one more side note: there once was a suggestion a long time ago that there may be issues at work with staff and the Internet. If staff have Internet Access, they may be doing things other than working during work hours. As an IT professional you would not believe the things that show up in the log files. Not everyone is honest 100% of the time. You know, the honest days work for the honest weeks pay moral obligation. Keeping this in mind, how much more time is effectively stolen from the employer with the introduction of an instant messaging program? You could probably use the messaging behaviour of one of your children if they are allowed to have Instant Messaging Access as a benchmark.
If you are using your children as a benchmark, don't forget to look and see what they are saying to their friends. When you are watching, do you see PIR on the screen? That is Parents in room. How about POS? Parents over shoulder. Or the classic ... PITA Pain in the A#$. We have to keep the site family rated.
Happy Instant Messaging!
Download MSN here, and keep our phone number handy.
One more Note (update actually) right from the Official Microsoft White Paper on MSN Live.
"2.3 Public vs. Enterprise IM
The FDIC “Guidance on Instant Messaging” effectively frames the risks inherent in continuing to allow workers to rely on a public IM service, stating that:
“The lack of built-in security, the ability to download files and the built-in ‘buddy list’ of recipients create an environment in which viruses and worms can spread quickly”
“Public IM transmits unencrypted information, so it should never be used for sensitive or confidential information”
“Information received by IM is not authenticated”
Although the FDIC recommends the use of intrusion detection systems, virus protection programs and the blocking of IM vendors at the corporate firewall, the ultimate solution is not to cobble together a protective interface to the public IM, but rather to migrate workers from a public IM network to an enterprise IM server infrastructure that has built-in security, encryption and authentication features