Chat clients are another point of entry into your computer you need to protect. An instant messaging network is made up of clients and servers. The client is a software application that can run off of a desktop computer, laptop computer, tablet, smartphone or any computing device. A user installs the chat application onto their device. The chat client connects to a server operated by the instant messaging network provider, such as Google Chat or Yahoo Messenger or EFnet. There are many different chat networks. Each network is separate because they all use different protocols so the chat clients are not cross compatible. This means Google Chat users can only communicate with other Google Chat users, not with users of other instant messaging services like EFnet.
Along with the ability to exchange text messages Internet chat and instant messaging provide the ability to transfer files. Therefore all of the same vulnerabilities we covered with email; Trojan horses, worms and other malware are present in chat programs. Unfortunately there are times when people connecting to you may be criminals trying to lure you into receiving these exploitations. Using chat criminals looking for victims do not need to scan IP addresses or harvest email addresses. They just need an updated friends or buddy list. Instant messaging providers not only allow for client initiated file transfers, but most of them allow users to share a directory or drive with other users. Using the chat client all of a computer’s files can be shared facilitating the spread of files that are infected with a malware. This attribute in chat clients can also allow unauthorized viewing of your chat conversation.
In addition to the security risks found with email programs, chat clients have additional security risks. Some of the worms spread via email can also be spread with instant messaging. There are worms that can only be spread with instant messaging. The good news is that worms spread with chat clients still need the user to click on them. They cannot use any method to auto-execute once received. Just practicing a simple rule of not clicking on something sent in chat unless you can verify who sent it, and that you trust them will go a long way in protecting you.
To protect against malicious programs transferred through instant messaging precautions must be taken. Keep your chat clients up to date with the latest versions and patches. Make certain your antivirus software is up to date and enabled. Never send personal or sensitive information using instant messenger. Chief among these precautions is do not open messages, click on links or download programs from a source you do not trust, and be careful who you trust. As always, you should be wary of exchanging files with unknown parties. While the preceding message has been mentioned many times in this book much greater emphasis has been placed on it in this section about instant messaging. This is because instant messaging is, as the name implies, instant. Messages and files do not have the time to pass through layers of filters. They are not sitting waiting to be looked at. People are communicating only with other people who are readily available and responding in real time. I have seen many people, even myself, start chat sessions, then get so focused on it you forget yourself. It’s almost hypnotic if you don’t catch yourself. Since everything in the session is instant the wrong action from a user can allow a criminal to do major damage.