Question about mIRC security

I'd like to start using mIRC to chat with some online friends, but I
need to know what kind of security issues I should address first. I'm
currently using fully patched WinXP Home, AVG Antivirus, and ZoneAlarm
for my firewall. For malware, I use AdAware and Spybot S&D. I don't
plan on downloading files, especially from people I don't know. Would
this configuration keep me reasonably safe from viruses and other
crap? I was using AOL's chat for years, but have recently cancelled my
account with them.
--
Zilbandy - Tucson, Arizona USA <>
Dead Suburban's Home Page: http://zilbandy.com/suburb/
PGP Public Key: http://zilbandy.com/pgpkey.htm
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Zilbandy

Honestly, the biggest thing you have to worry about is just downloading
files. As long as you don't go crazy with all that file sharing and
such, and it sounds like you keep yourself protected in case you ever
do. I would be cautious using mIRC scripts that you don't trust the
maker of, because backdoors are often found in those. Don't type
commands you don't know what they do, often times people will try to
trick you into fserv something from them (like a virus). Basically, it
all comes down to just not doing things you are unsure about, as that is
how mistakes end up compromising systems.

Hope this helped,

-Hooges

Zilbandy wrote:
> I'd like to start using mIRC to chat with some online friends, but I
> need to know what kind of security issues I should address first. I'm
> currently using fully patched WinXP Home, AVG Antivirus, and ZoneAlarm
> for my firewall. For malware, I use AdAware and Spybot S&D. I don't
> plan on downloading files, especially from people I don't know. Would
> this configuration keep me reasonably safe from viruses and other
> crap? I was using AOL's chat for years, but have recently cancelled my
> account with them.

Matt Hodges

Zilbandy wrote:
> I'd like to start using mIRC to chat with some online friends, but I
> need to know what kind of security issues I should address first.

Not using mIRC. It's bug history is a big mess of a lot insanely dumb
critical security vulnerabilities.

> I'm currently using fully patched WinXP Home, AVG Antivirus, and
> ZoneAlarm for my firewall.

ZoneAlarm is no firewall, it's a host-based packet filter and a pretty
lousy one. Why do you even attribute it to security?

> For malware, I use AdAware and Spybot S&D.

Fine. But what exactly do you think you can accomplish? Merely detection
after the fact, if you ever differ it from the load of false positives.
What about not executing malware in first place and not running any
defective software that does so automagically, like mIRC?

> Would this configuration keep me reasonably safe from viruses and
> other crap?

No. Actually you're inviting it actively.

> I was using AOL's chat for years, but have recently cancelled my
> account with them.

Woah, you really don't understand what IRC is?

Sebastian Gottschalk

On Wed, 14 Jun 2006 18:50:00 -0400, Zilbandy <>
wrote:

> I'd like to start using mIRC to chat with some online friends, but I
> need to know what kind of security issues I should address first. I'm
> currently using fully patched WinXP Home, AVG Antivirus, and ZoneAlarm
> for my firewall. For malware, I use AdAware and Spybot S&D. I don't
> plan on downloading files, especially from people I don't know. Would
> this configuration keep me reasonably safe from viruses and other
> crap? I was using AOL's chat for years, but have recently cancelled my
> account with them.

Given that you're firewalled and won't download files, and presuming that
you will be running unpriviledged whenever it is in operation, your
primary concern is probably client integrity.

Some IRC clients are better coded, and thereby safer than other; check
SANS for the status of yours.

Some of us believe that anything connected to the net for an extended
period should be secured as if it were a server...... i.e. IIWU and
running windows, I'd look for an IRC client that's been built within a
freeware VM (e.g. vmware appliance). That would afford it overflow
protection, zero-day attacks, etc.

A "good" IRC client in a VM is probabably safer than an "excellent" IRC
running uncontained on your windows box. This is especially true if you
start weakening it with third-party "plugins" - which could be poorly
written, or be Trojans.

Roger Parks

On Thu, 15 Jun 2006 02:09:56 +0200, Sebastian Gottschalk
<> wrote:

>Zilbandy wrote:
>> I'd like to start using mIRC to chat with some online friends, but I
>> need to know what kind of security issues I should address first.
>
>Not using mIRC. It's bug history is a big mess of a lot insanely dumb
>critical security vulnerabilities.
>

Ok. Any suggestions?

>> I'm currently using fully patched WinXP Home, AVG Antivirus, and
>> ZoneAlarm for my firewall.
>
>ZoneAlarm is no firewall, it's a host-based packet filter and a pretty
>lousy one. Why do you even attribute it to security?
>

Well, whatever you call it, it must be doing something. At least I get
a chance to allow or disallow incoming/outgoing connections to my
system. Most of them, anyway.

>> For malware, I use AdAware and Spybot S&D.
>
>Fine. But what exactly do you think you can accomplish? Merely detection
>after the fact, if you ever differ it from the load of false positives.
>What about not executing malware in first place and not running any
>defective software that does so automagically, like mIRC?
>

You sound a bit terse, but that's ok... I'm used to that. I'm married.
What do I think I can accomplish? If I get majorly 'infected', I
can simply boot from my Acronis boot cd and restore an image of my
system from my usb harddrive. I image my drive every three days and
maintain those backups for a month. I also maintain a monthly backup
for at least a year.

>> Would this configuration keep me reasonably safe from viruses and
>> other crap?
>
>No. Actually you're inviting it actively.
>

That's not exactly what I wanted to hear, but I'll take your word on
it. Security is not forte. I do possess some common sense though, and
that's managed to keep my two computers clean for many years. ::knock
on wood::

>> I was using AOL's chat for years, but have recently cancelled my
>> account with them.
>
>Woah, you really don't understand what IRC is?

Ummmm, I guess not, but lemme think. I type something... someone on an
IRC channel reads it... they type something and I read it. Sounds like
'chat' to me. Whatever else IRC may or not be doesn't concern me at
this time.
--
Zilbandy - Tucson, Arizona USA <>
Dead Suburban's Home Page: http://zilbandy.com/suburb/
PGP Public Key: http://zilbandy.com/pgpkey.htm
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Zilbandy

Zilbandy wrote:

>> Not using mIRC. It's bug history is a big mess of a lot insanely dumb
>> critical security vulnerabilities.
>
> Ok. Any suggestions?

HydraIRC, smIRC, Chatzilla, ... there are so many good IRC clients that
are not f***ek up.

> Well, whatever you call it, it must be doing something. At least I get
> a chance to allow or disallow incoming/outgoing connections to my
> system. Most of them, anyway.

Why do you think that you need that?
BTW, it does something: It increases complexity (therefore initially
decreasing security) and in case of ZA it makes your computer vulnerable
in first place.

> If I get majorly 'infected', I
> can simply boot from my Acronis boot cd and restore an image of my
> system from my usb harddrive. I image my drive every three days and
> maintain those backups for a month. I also maintain a monthly backup
> for at least a year.

Not that sounds really serious. Still you might understand that these
tools are pretty unusable when it comes to detecting any serious infection.

>>> I was using AOL's chat for years, but have recently cancelled my
>>> account with them.
>> Woah, you really don't understand what IRC is?
>
> Ummmm, I guess not, but lemme think. I type something... someone on an
> IRC channel reads it... they type something and I read it. Sounds like
> 'chat' to me. Whatever else IRC may or not be doesn't concern me at
> this time.

Well, IRC has been the biggest and so far the only well-defined chat on
the internet, with public specs (RFC!) of the protocols and various
interoperable clients. AOL's chat is merely a clone for losers being
isolated from the IRC world who are even too dumb to know about IRC.

Second, with IRC you don't need any account at an ISP or at a server to
utilize IRC, so you won't lose your chatability and built social
contacts when cancelling any account. (However, you can register your
nick on servers for better authorization.)

For the third, I was a bit suspicious about your initial question,
sounding like you'd see mIRC as a chat platform itself rather than just
one (lousy) of lots of clients for the real platform IRC.

Sebastian Gottschalk

Roger Parks wrote:

> Given that you're firewalled and won't download files, and presuming that
> you will be running unpriviledged whenever it is in operation, your
> primary concern is probably client integrity.
>
> Some IRC clients are better coded, and thereby safer than other; check
> SANS for the status of yours.

Actually this is a quite strange approach, because integrity problems in
a IRC client shouldn't be acceptable in any context. IRC is a very
simple and straight-forward protocol, so the clients should be. smIRC
gets in right in only 50KB of code, Chatzilla gives an implementation
with merely 90 KB of code (in very expressive XUL) and shouldn't be
expected to have any non-subtile issues.
That's why I don't understand that mIRC gets it so wrong.

> Some of us believe that anything connected to the net for an extended
> period should be secured as if it were a server......

Usually it actually is a server.

> I'd look for an IRC client that's been built within a
> freeware VM (e.g. vmware appliance). That would afford it overflow
> protection, zero-day attacks, etc.

What about running it with different credentials on a different
graphical context (WindowStation)?

Sebastian Gottschalk

On Thu, 15 Jun 2006 03:09:33 -0400, Sebastian Gottschalk <>
wrote:

> Roger Parks wrote:
>
>> Given that you're firewalled and won't download files, and presuming
>> that
>> you will be running unpriviledged whenever it is in operation, your
>> primary concern is probably client integrity.
>>
>> Some IRC clients are better coded, and thereby safer than other; check
>> SANS for the status of yours.
>
> Actually this is a quite strange approach, because integrity problems in
> a IRC client shouldn't be acceptable in any context.

Heh!.........perfection is ellusive.

> IRC is a very
> simple and straight-forward protocol, so the clients should be. smIRC
> gets in right in only 50KB of code, Chatzilla gives an implementation
> with merely 90 KB of code (in very expressive XUL) and shouldn't be
> expected to have any non-subtile issues.
> That's why I don't understand that mIRC gets it so wrong.
>
>> Some of us believe that anything connected to the net for an extended
>> period should be secured as if it were a server......
>
> Usually it actually is a server.
>
>> I'd look for an IRC client that's been built within a
>> freeware VM (e.g. vmware appliance). That would afford it overflow
>> protection, zero-day attacks, etc.
>
> What about running it with different credentials on a different
> graphical context (WindowStation)?

IIUC, that would enforce least priviledge - and if there are multiple
users it would be a good move. But it wouldn't make either the client
(actually, we agree - the server), OR the OS more robust and resistant to
overflows, smashes, zero-day Trojans, and other zero-day exploits.

IMHO, it just makes sense these days to put everything that is WAN-exposed
into a hardened jail/VM

Roger Parks

Roger Parks wrote:

>> Actually this is a quite strange approach, because integrity problems in
>> a IRC client shouldn't be acceptable in any context.
>
> Heh!.........perfection is ellusive.

Robustness isn't.

>>> I'd look for an IRC client that's been built within a
>>> freeware VM (e.g. vmware appliance). That would afford it overflow
>>> protection, zero-day attacks, etc.
>> What about running it with different credentials on a different
>> graphical context (WindowStation)?
>
> IIUC, that would enforce least priviledge - and if there are multiple
> users it would be a good move. But it wouldn't make either the client
> (actually, we agree - the server), OR the OS more robust and resistant to
> overflows, smashes, zero-day Trojans, and other zero-day exploits.

In such a scenario only a local privilege escalation would be the real
threat, and this is no different with a breakout from a VM. Actually one
should be pretty careful because most VM hypervisors run as kernel mode
drivers.

> IMHO, it just makes sense these days to put everything that is WAN-exposed
> into a hardened jail/VM

Running with restricted privileges with some precautions simply is such
a jail.

Sebastian Gottschalk

On Thu, 15 Jun 2006 09:01:02 +0200, Sebastian Gottschalk
<> wrote:

>>> Not using mIRC. It's bug history is a big mess of a lot insanely dumb
>>> critical security vulnerabilities.
>>
>> Ok. Any suggestions?
>
>HydraIRC, smIRC, Chatzilla, ... there are so many good IRC clients that
>are not f***ek up.

Ok, I've dumped mIRC and will try HydraIRC. Thanks.
--
Zilbandy - Tucson, Arizona USA <>
Dead Suburban's Home Page: http://zilbandy.com/suburb/
PGP Public Key: http://zilbandy.com/pgpkey.htm
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Zilbandy