How safe is Microsoft Messenger?

My son wants to use Microsoft Messenger, but I've been told by the IT
department at my workplace that it's not entirely safe and could leave us
open to virus attacks. For these reasons, the company I work for disabled it
so that it can't be accessed from the workplace. I confess to having never
used it before myself, so I'm not very clued up in this area. I do know that
it is a popular amongst youngsters, and so I don't want to seem too harsh by
saying 'no' to MS Messenger.
Any advice would be very welcome... DAVID.

David Allan

David Allan wrote:
> My son wants to use Microsoft Messenger, but I've been told by the IT
> department at my workplace that it's not entirely safe and could leave us
> open to virus attacks. For these reasons, the company I work for disabled it
> so that it can't be accessed from the workplace. I confess to having never
> used it before myself, so I'm not very clued up in this area. I do know that
> it is a popular amongst youngsters, and so I don't want to seem too harsh by
> saying 'no' to MS Messenger.
> Any advice would be very welcome... DAVID.
>
>
Use GAIM instead, it will do most of the "messenger" protocols all at
once. http://gaim.sourceforge.net/win32/index.php

nunya

nunya wrote:
> David Allan wrote:
>
>> My son wants to use Microsoft Messenger, but I've been told by the IT
>> department at my workplace that it's not entirely safe and could leave
>> us open to virus attacks. For these reasons, the company I work for
>> disabled it so that it can't be accessed from the workplace. I confess
>> to having never used it before myself, so I'm not very clued up in
>> this area. I do know that it is a popular amongst youngsters, and so I
>> don't want to seem too harsh by saying 'no' to MS Messenger.
>> Any advice would be very welcome... DAVID.
>>
> Use GAIM instead, it will do most of the "messenger" protocols all at
> once. http://gaim.sourceforge.net/win32/index.php

Another one is Miranda IM it uses ICQ, AIM, MSN, Jabber, Yahoo,
Gadu-Gadu, Tlen, Netsend, and more...
License: GPL
Price: $0
Operating system(s): Windows 95/98/Me/NT4/2000/XP

http://www.download-free-download.co...randa%20im.php

It is not so well known but it works with most of the protocols and it
is GPL.
/Anders

Anders

Anders <> writes:
> nunya wrote:
> > David Allan wrote:
> >
> >> My son wants to use Microsoft Messenger, but I've been told by the
> >> IT department at my workplace that it's not entirely safe and could
> >> leave us open to virus attacks. For these reasons, the company I
> >> work for disabled it so that it can't be accessed from the
> >> workplace. I confess to having never used it before myself, so I'm
> >> not very clued up in this area. I do know that it is a popular
> >> amongst youngsters, and so I don't want to seem too harsh by saying
> >> 'no' to MS Messenger.
> >> Any advice would be very welcome... DAVID.
> >>
> > Use GAIM instead, it will do most of the "messenger" protocols all
> > at once. http://gaim.sourceforge.net/win32/index.php
>
> Another one is Miranda IM it uses ICQ, AIM, MSN, Jabber, Yahoo,
> Gadu-Gadu, Tlen, Netsend, and more...
> License: GPL
> Price: $0
> Operating system(s): Windows 95/98/Me/NT4/2000/XP
>
> http://www.download-free-download.co...randa%20im.php

and while we're extolling multi protocol IM software, Trillian for
Windows is very nice and very pretty. Loads rather slowly on older
machines though:
http://www.ceruleanstudios.com/learn/

I use GAIM on my older boxen.

Best Regards,
--
Todd H.
http://www.toddh.net/

Todd H.

Thanks to one and all for your advice... but you're loosing me with some of
the jargon. Nobody has confirmed that Microsoft Messenger comes with risks,
such as being an open door to virus attacks... that's what concerns me most.

I use a computers every day, both at work and at home, but like many people,
I get extremely stressed out if they don't perform according to plan. I used
to use ICQ myself until a couple of years ago, but became rather put off by
some of the people who used it. I suspect I'm showing my age, but I'm not
really interested in spending hours sending pointless and silly messages
around the world, although I can see how it would appeal to youngsters just
wanting to do fun things (they could be doing much worse!).

Maybe I'm worrying about nothing... but I'm still worrying!!!

David Allan

"David Allan" <> writes:

> Thanks to one and all for your advice... but you're loosing me with some of
> the jargon. Nobody has confirmed that Microsoft Messenger comes with risks,
> such as being an open door to virus attacks... that's what concerns
> me most.

Oh, it is. Instant messaging is instant. Worms are starting to
propagate this way-- the usual tack is that an IM comes from someone
on your buddy list that you trust, you figure it's okay to see, you
click, and download something, and presto yer infected. all the
while unaware that it wasn't you rbuddy typing at a keyboard but
rather a bot that'd infected his machine that was sending you that
message.

> Maybe I'm worrying about nothing... but I'm still worrying!!!

If you don't need instant messaging in your life, skip MSN Messenger,
AOL Instant Messenger, Yahoo Instant Messenger, etc. Your computer
will be safer for it.

But, so long as you fastidiously keep on top of instant messenger
program updates, you don't configure it to automagically accept
incoming file transfers, stay on top of OS updates, restrict messaging
only to folks on your buddylist, and don't click on links willy nilly
sent to you via IM, you can use them relatively safely.

But if you don't need it, don't use it.

Best Regards,
--
Todd H.
http://www.toddh.net/

Todd H.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

(Todd H.) wrote in
news::

> "David Allan" <> writes:
>
>> Thanks to one and all for your advice... but you're loosing me
>> with some of the jargon. Nobody has confirmed that Microsoft
>> Messenger comes with risks, such as being an open door to virus
>> attacks... that's what concerns me most.

Exploit Targets MSN Messenger Hole
http://www.pcworld.com/news/article/0,aid,119622,00.asp
Major privacy hole in Windows/MSN Messenger
http://tinyurl.com/akjj3
http://tinyurl.com/a5azs

Just Google for "microsoft messenger hole" if you want some
examples.

Regards,
cypher

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBQ+vo1iPnLg7nPH4AEQL66wCeJcdd3le20xFUMbHFpAEedF NWIjYAnR/p
/1ZqUuUf/5kiNIAg9KIJuaQ6
=nP84
-----END PGP SIGNATURE-----

cypher

David Allan wrote:

> Thanks to one and all for your advice... but you're loosing me with some of
> the jargon. Nobody has confirmed that Microsoft Messenger comes with risks,
> such as being an open door to virus attacks... that's what concerns me most.
>
> I use a computers every day, both at work and at home, but like many people,
> I get extremely stressed out if they don't perform according to plan. I used
> to use ICQ myself until a couple of years ago, but became rather put off by
> some of the people who used it. I suspect I'm showing my age, but I'm not
> really interested in spending hours sending pointless and silly messages
> around the world, although I can see how it would appeal to youngsters just
> wanting to do fun things (they could be doing much worse!).
>
> Maybe I'm worrying about nothing... but I'm still worrying!!!

David,

Here is some info about MS MSN Messenger advisories:

(http://secunia.com/product/1902/)

This should give you some idea about what is out there. You can Google
for more specifics. IIRC, the latest IM malware exploits have to do
with attachments, because kids like animated gifs and flash content
(ActiveX).

I assume you are talking about WinXP? Do yourself a favor and create a
disk image backup, and don't let your son surf with full Admin privileges.

Ron

Ron Lopshire

Say 'no'.

All Messengers from Microsoft (Windows Messenger, MSN Messenger, Live
Messenger) are inherently unsecure. They use Internet Explorer's
rendering engine to display formatted messages, and anyone can send HTML
content in messages. So they directly inherit all 50+ well-known yet
unpatched security holes from IE, including some additional ones due to
using it in an unsafe manner; f.e. the MIME sniffing polices are totally
ignored, which allows an image/gif with file extension .wmf to be
displayed as WMF content, which was very fun in recent times.

However, the IM protocol itself is pretty secure as long as SSL is
enabled. That's why using the Live Communications Server in cunjunction
with an alternative IM client (like Miranda, GAIM, Trillian or aMSN)
should be quite secure.

Sebastian Gottschalk

One of the first things I did with XP Pro was to disable Microsoft
Messenger.

Waste of time, effort and resources.

DSH

"Sebastian Gottschalk" <> wrote in message
news:...

> Say 'no'.
>
> All Messengers from Microsoft (Windows Messenger, MSN Messenger, Live
> Messenger) are inherently unsecure. They use Internet Explorer's
> rendering engine to display formatted messages, and anyone can send HTML
> content in messages. So they directly inherit all 50+ well-known yet
> unpatched security holes from IE, including some additional ones due to
> using it in an unsafe manner; f.e. the MIME sniffing polices are totally
> ignored, which allows an image/gif with file extension .wmf to be
> displayed as WMF content, which was very fun in recent times.
>
> However, the IM protocol itself is pretty secure as long as SSL is
> enabled. That's why using the Live Communications Server in cunjunction
> with an alternative IM client (like Miranda, GAIM, Trillian or aMSN)
> should be quite secure.

D. Spencer Hines