`
`AOL ICQ Vs MSN Messenger
`
`University of Southampton
`Department of Electronic and Computer Science
`CM 316 Multimedia Systems Coursework
`Liew Kwek Sing, Nelson
`
`1. Abstract
`Instant messaging may be the next great shift in information sharing. The following essay compares the two
`main service providers, ICQ & MSN Messenger, both very popular and available free. A broad description of
`the technology is provided and a detailed comparison of the current versions is made.
`
`2. Keywords
`ICQ, MSN Messenger, Peer-to-peer, Mp3, SMS, Voice/Video–Conferencing, Instant Messaging Software.
`
`Note : There are not many books on Instant messaging software because they are relatively new inventions.
`However there are some journals about the security of instant messaging and synchronized chat. Hence
`most of my resources are web references and the journals I have just mentioned.
`
`3. Introduction
`(a) What is Instant Messaging software?
`Instant messaging software is a distributed communication tool that allow users to communicate through
`peer-to-peer using a web server. So what actually motivates people to use Instant messaging software?
`Undoubtedly, the use of so many wonderful functions for free is alone a very tempting reason. The
`exchanging of instant messages, voice/video–conferencing, sending/receiving SMS with other users’
`cellular phones and sharing of files, all are available free of charge. Indeed, with so many free benefits, it’s
`no wonder why Instant messaging software’s popularity is becoming so widespread. In fact, ‘ICQ remains
`the leading brand among instant-messaging services at home with 41.7 million unique users in September
`2001, up 21 percent from September 2000. However, MSN Messenger! Messenger are the fastest growing
`applications: MSN increased 94 percent, from 9.6 million users in September 2000 to 18.5 million in
`September 2001’ with reference to (Jupiter Media Metrix 2001) report.
`
`
`(b) Problem
`Many computer users are into downloading instant messaging software because it not only helps them to
`communicate better, but also save them a lot of money on long–distance communication through using free
`voice/video conferencing. Due to the rapid growth of these two instant messaging tools, the number of
`users concurrently using more than two software packages is escalating. Nevertheless, many users still
`have doubts about which application will satisfy their communication needs better. Should they stick with
`one or should they use both at the same time to get the best of both worlds? This paper intends to give
`potential users an overview of both ICQ and MSN Messenger so they will know better which software will
`suit their individual needs best. Firstly, this paper will explore & demonstrate all the popular features of the
`two software pieces of software. Then, it will make a comparison of the pros & cons, before researching the
`network protocols of both the applications. Lastly, the paper will discuss security and social issues, followed
`by a development on future dissertation and an overview of both tools.
`
`4. Background
`
`
`
`
`
`MSN Messenger History
`According to (Redmond Wash 1999) news article on “July 21, 1999 -
`Microsoft Corp. today announced the launch of MSN Messenger
`Service, the free Internet messaging service that allows users to
`communicate with the greatest number of Internet users and offers
`the tightest integration with popular Microsoft communications tools.
`MSN Messenger Service tells consumers when their friends, family
`and colleagues are online and enables them to exchange online
`messages and e-mail with the more than 40 million users of the MSN
`Hotmail”
`
`
`
`1
`
`Page 1 of 16
`
`GOOGLE EXHIBIT 1012
`
`

`

`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`ICQ History
`According to (ICQ Story 2002) website “ICQ Inc., the successor of Mirabilis Ltd.
`was created when America Online acquired all Mirabilis' assets on June 1998.
`Mirabilis was founded in July 1996 when four young Israeli avid-computer users
`established a new Internet company. Yair Goldfinger (26,Chief Technology
`Officer), Arik Vardi (27,Chief Executive Officer), Sefi Vigiser (25,President), and
`Amnon Amir (24, currently studying), created the company in order to introduce a
`new way of communication over the Internet. They observed the fast deployment
`of the World Wide Web which was propelled by the mounting popularity of surfing
`and browsing, and watched the growing number of people interacting with web
`servers. They realized, however, that something more profound was evolving
`under the surface. Millions of people have been connected to one huge world
`wide network - the Internet. They noticed that those people were connected - but
`not interconnected. They realized that if one missing component would be added,
`all these people, in addition to interacting with web servers, would be able to
`interact with each other. The missing link was the technology which would enable
`the Internet users to locate each other online on the Internet, and to create peer-
`to-peer communication channels, in a straight forward, easy, and simple manner.
`They pioneered this technology, that way opening a whole new industry.”
`
`In contrast ICQ was originated by an Internet company, which aimed to introduce
`a communication revolution across the Internet. However MSN Messenger was
`created by Microsoft seeing a need to be part of this new communication
`technology in order to stay competitive.
`
`
`
`
`
`5. Popular Features of ICQ: Base on (ICQ Features 2002) website
`
`
`(a) Send instant Messages, SMS and Email
`- Exchange messages of any length to online buddy instantly and securely.
`- Support Mobile SMS message from ICQ to friends anywhere in the world, as long as he has a
`cellular phone with supported network.
`- Check email accounts using ICQ. When an email is received, a notification will be send.
`(b) 13 versions of Languages
`ICQ can translate its interface to any of the 13 languages available: Arabic, Chinese, Dutch, French,
`-
`German, Hebrew, Italian, Japanese, Portuguese, Russian, Spanish, and Swedish.
`(c) Voice and Video – Conferencing
`- Launch net meeting with multiple users for video and telephony chat.
`(d) Send and Receive file plus Shared File Utility
`- Send file of any type and size to other users online. Plus, additional features such as “shared file”, to
`browse and get a file from a buddy’s shared directory.
`(e) Chat with a friend
`- Real time chat with one or more friends. Find friends of common interests or random chat.
`(f) Launch custom Games
`- Play online custom games together with friends.
`(g) Security Status plus Objection Language.
`- Select your different online mode such as Chat with a Friend, Available/Connect, Free for Chat,
`Away, N/A, Occupied, DND, Privacy, Offline/Disconnect. Plus filter incoming message by blocking
`words which you would prefer not to receive.
`(h) Send online Voice message
`- Leave a 15 second voice message (offline/online) to user using microphone and soundcard.
`(i) Spell Checker
`- Check text spelling of messages.
`(j) Message History
`- Allow the viewing of incoming/outgoing message history or chat, using message history button.
`
`
`6. Popular Features of MSN Messenger: Base on (MSN Messenger Features 2002) website
`
`
`(a) Send instant Messages, SMS and Email
`- Exchange instant messages, SMS and Email with other users. Also, you can chat with 1–14 users in
`the same conversation window. The automatic typing indicator alerts you whenever one of the users
`is typing a response.
`
`
`
`2
`
`Page 2 of 16
`
`

`

`(b) 26 versions of Languages
`- MSN Messenger is available in 26 different languages: Arabic, Brazilian, Chinese (simplified),
`Chinese (traditional), Czech, Danish, Dutch, English, Finnish, French, German, Greek, Hebrew,
`Hungarian, Italian, Japanese, Korean, Norwegian, Polish, Portuguese, Russian, Slovak, Slovenian,
`Spanish, Swedish, Turkish.
`(c) Voice and Video – Conferencing
`- See and chat with a friend anywhere in the world using the computer microphone and speakers.
`Windows Messenger supports high quality voice calling from the computer.
`(d) Send and Receive file
`- Trade files with friends, without any file type or size constraints.
`(e) Chat with new friends
`- Search for friends with common interests or find long–lost friends in the MSN Member Directory.
`(f) Invite friends to play a Game
`- Use MSN Messenger to invite friends to play a DirectPlay® compatible game online.
`(g) Security Status
`- Use block SPAM to block instant messages from people unknown to user.
`(h) Remote Assistance
`- Seek a friend for Remote Assistance, which is to allow a friend to take control of your computer with
`your permission.
`(i) Work with a friend on the same program or Brainstorm using Whiteboard
`- Share the same program such as Word processor or Whiteboard to work or draw simultaneously.
`However, at least one of you must have the program.
`(j) Microsoft.Net Alert
`- Receive important notice like Stock Alerts in your MSN Messenger.
`
`
`7. Overview of Features
`
`
`No Feature
`Instant Messaging
`1
`2 Mobile SMS
`Email
`3
`Language Support
`4
`Voice
`and
`5
`Conferencing
`Sent and Get File
`Share File Utility
`
`6
`7
`
`Video
`
`8
`
`Friend Chat
`
`ICQ
`(cid:151)
`(cid:151)
`(cid:151)
`(cid:151)
`(cid:151)
`(cid:151)
`(cid:151)
`(cid:151)
`
`MSN No
`(cid:151)
`9
`(cid:151)
`10
`(cid:151)
`11
`(cid:151)
`12
`(cid:151)
`13
`(cid:151)
`X
`(cid:151)
`
`14
`15
`
`16
`
`Feature
`Launch Game
`Security Status
`Voice Message
`Spell Checker
`Message History
`
`Remote Assistance
`Share same program and
`Whiteboard
`Instant Alert
`
`ICQ
`(cid:151)
`(cid:151)
`(cid:151)
`(cid:151)
`(cid:151)
`
`X
`X
`
`X
`
`MSN
`(cid:151)
`(cid:151)
`X
`X
`X
`(cid:151)
`(cid:151)
`(cid:151)
`
`
`Note : If you are unfamiliar with the popular features of both tools, please refer to the screenshot of ‘Popular
`features - Utilization of ICQ & MSN Messenger’ in the appendix. But if you are familiar, please skip this and
`go to the next section. The purpose of this is to give you an overview of how the features work, before getting
`into detailed comparison of both tools. Compare and observe how each software execute its popular features
`and figure out which is more useful or user- friendly.
`
`8. Comparison of ICQ with MSN Messenger : Why use ICQ?
`
`(a) Instant Message, SMS and Email Exchange
`ICQ is able to send instantaneous messages, SMS and emails all in one instance. For example, the
`user can click on the targeted buddy, and the message menu will pop up, allowing the user to input
`text in the message box. The user can then choose to send just instantaneous messages, SMS,
`emails or all of them by ticking on the respective boxes. MSN Messenger does not have this feature,
`but sends each service one at a time instead, making it more tedious.
`
`
`(b) SMS Networks
`ICQ supports the sending of SMS to 180 networks across the world. Hence, ICQ users in London can
`send SMS to a buddy’s cellular phone in Singapore and vice versa. Interestingly, the buddy can also
`use the cellular phone to reply to the user instantaneously without using the computer. On the other
`
`
`
`3
`
`Page 3 of 16
`
`

`

`hand, MSN Messenger SMS service is restricted to US or Canada only. Also, it does not provide the
`service of direct reply to the SMS received, creating an inconvenience to MSN users.
`
`
`(c) Send and Receive File
`ICQ supports File–Resume and File–Transfer Speed Gauge whereas MSN Messenger does not. ICQ
`file–resume will help to resume the transfer of files from where it was previously disrupted, instead of
`downloading from the start again, as MSN Messenger requires. MSN Messenger does not have a
`speed gauge which makes it difficult for user to estimate how long it takes for a file– transfer
`download to complete.
`
`(d) Share File Directory
`ICQ allows its users access to a friend's shared directory in order to download files from it. If User A
`wants to know what kind of files User B has, A can view B’s shared directory and pick the file instead
`of checking one by one physically with B. MSN Messenger does not provide this feature.
`
`(e) Voice Message
`With ICQ, you are able to send online voice messages. 15 seconds of voice messages can be sent to
`any offline or online user, informing them that your message sent is in vocal form instead of plain text
`form. Unfortunately, MSN Messenger does not provide such a service and is unable to process the
`interaction of voice messages.
`
`
`(f) Friend Chat
`ICQ allow users to chat in real time, search for friend sharing common interests, or random search for
`a chat. In this case, User A can invite User B and C for a real time chat, enjoying instantaneous
`response as messages are being typed, instead of being sent one by one. Moreover, a user may
`search for a buddy sharing the same interests to chat or just random search for anyone. In fact, this
`service has helped many ICQ lovers to meet online and build relationships in real life. MSN
`Messenger is only able to search for chat pals with common interest.
`
`(g) Security
`ICQ allows user to choose the appropriate ICQ status and filter incoming messages so as to achieve
`better control of security and privacy. MSN Messenger is only able to block users. In the case where
`the Do–Not–Disturb mode is on, users who send messages will be notified that the person prefer
`privacy through a non-blinking icon. Invisible mode indicates to other users that you are offline, when
`in fact you are still online. Filter message disallow wording like vague language that you dislike to be
`displayed. All these features are ICQ security–added features that MSN Messenger lacks.
`
`(h) Spell Check
`ICQ gains an upper hand by providing spell–check capability to check text messages sent. When a
`user has finished typing a message, he can use the spell–check function to ensure correct spelling
`before sending. MSN Messenger does not provide spell–check, allowing its users to send messages
`with spelling errors.
`
`
`
`
`
`(i) Message History
`ICQ also allow users to view message history or even offline messages. User A is sending User B a
`message when he is offline. The message would still be able to reach him when he goes online again,
`by using the view history function to retrieve the last message from User A. However, MSN
`Messenger does not provide this service and hence its users will miss the opportunity to recall what
`had been discussed previously.
`
`
`9. Comparison of MSN Messenger with ICQ : Why use MSN Messenger?
`
`(a) Automatic typing indicator
`MSN Messenger provides an automatic typing indicator, which is a status bar that allows a user to
`see whether his buddy is typing a response or not. For example, User A sends a message to User B.
`If B replies, the indicator bar will show a typing response status in A’s window. ICQ does not provide
`this feature. Therefore, its user will have to wait for a response and it can be frustrating if the user has
`to wait for a long time.
`
`
`
`
`
`4
`
`Page 4 of 16
`
`

`

`(b) Language Support
`MSN Messenger supports 26 versions of languages, whereas ICQ only supports 13 versions. In
`addition ICQ charges a fee for its language translation service. Thus, MSN Messenger will win over
`ICQ with this function, because not only is it free, it also allows more people of diverse languages to
`chat together.
`
`
`(c) User Friendly Interface
`MSN Messenger Interface is very user–friendly. For instance, a user can make a Phone Call, Start a
`Video Conversation or use any other feature of Windows Messenger with just a click of a button.
`Using ICQ is more complicated as it requires more clicks to execute a similar function.
`
`(d) Launch Game
`MSN Messenger is able to invite friends online to play a DirectPlay game, such as “Microsoft Age of
`Empire”. As an illustration, User A of MSN Messenger would know if any of his buddies is online
`before inviting him for a DirectPlay game. This saves the trouble of User A having to call each buddy
`to check if they are free for a game. User A’s buddies could be all over the world and if he needs to
`make long–distance calls, it would become very costly. As for ICQ, it does not provide DirectPlay
`game to its user. ICQ users are only able to invite buddies to play its own custom games
`
`
`(e) Remote Assistance
`MSN Messenger allows a user to seek a friend for help in controlling his computer with permission.
`When a user encounters some computer problem which he does not know how to fix, the user can let
`his friend take control of his computer using remote assistance and fix the problem. In a situation
`where a user is downloading files from his buddy, but cannot be at the buddy’s side, the buddy can
`shut down the computer for him after download completes. ICQ does not provide such a service. Its
`users will find it more difficult to seek help from buddies when faced with any difficulties.
`
`
`(f) Share Program & White Board
`MSN Messenger allows two users to work on the same program, such as MS word, or draw on the
`same whiteboard simultaneously. This is a great feature as it allows user to find help from all over the
`web to solve a particular problem. For instance, a Chinese student may seek help from a British friend
`in London to correct his English essay. If he seeks help just by sending email to his friend, he may not
`learn much. However, if he is able to see the correction of his grammar in real time, he can question
`why and learn better from his mistakes. ICQ does not provide either of these services.
`
`(g) Instant Alert
`MSN Messenger has stock or email alerts to inform a user once it is updated. For example, if there is
`a change in a stock that the user is interested in, it will alert the user through a pop up interface with
`the updated stock price. The same goes for email as well. ICQ does not provide alerts like MSN,
`although it does inform its users via beeping sound or flashing icon once an email has arrived.
`
`
`Note : If you have doubts about the computer networks terms, please refer to the appendix ‘Network terms
`definition’, for better understanding.
`
`10. The Network Protocol for ICQ & MSN Messenger
`
`(a) ICQ Protocol
`With reference to the (Henrik Isaksson 1999) ICQ protocol specification document, there are 2 ways ICQ
`communicates: between Client–Server and between Client–Client. Firstly, we are going to talk about the
`communication between Client–Server.
`
`
`
` -
`
` ICQ Protocol Architecture
`
`ICQ Server
`
`UDP
`
`UDP
`
`
`
`
`
`
`
`TCP/IP
`ICQ Client 1
`ICQ Client 2
`
`UDP
`
`
`
`5
`
`Note: With the ICQ Architecture,
`you can observe that all clients
`login to one ICQ server, while
`client 1 and client 2 are directly
`connected.
`
`
`Page 5 of 16
`
`

`

`- Client – Server
`The client–server communicates using UDP connections which is not only stateless, but also synchronous.
`The packets sent from the client to the server are encrypted, unlike the packets sent from the server. Every
`packet has the same session ID for each client (random number, chosen when the login packet is sent, and
`kept until you log out), or the server will ignore it. The session ID will also be sent back to the client in every
`packet the server sends. In this way, the client can know if the packet comes from the server or is a 'spoofed'
`packet (by comparing the session ID in the received packet to the one client sent before). When the client
`sends a packet to the server, the client will receive an acknowledgement (SRV_ACK) from the server. If not,
`the client will send the packet again. Also, the server expects the client to send an acknowledgement for
`every packet it receives from the server, except for the (SRV_ACK) packet.
`
` -
`
` Client – Client
`The communication between ICQ client 1 and client 2 is a direct TCP (Connection Oriented) connection. The
`clients start communicating via UDP, sending the IP, LAN IP, and each of the client User’s ID (ICQ number).
`Upon receiving this packet, they will start communicating with TCP, which needs to be initiated. Each type of
`connection creates its own listening socket (i.e. Message, Chat, and File connections each will have their
`own dedicated listener). A message listening socket is created when the client goes online. A chat listening
`socket is created only when someone requests a chat, similar to a file send/receive socket. Before sending
`any TCP packet, we have to build the packet. The data for the size of the packet is sent first, followed by the
`data of the packet itself. This is important because TCP is 'sizeless'. Hence, the packet received can be half
`of the actual packet, or more than one packet at one time. This is why sending the actual packet size first is
`important, as it helps the receiver to check if the packet is correct or not.
`
`
`No reply will be sent from the remote end for a TCP Initialized packet. After the initialization, the messaging
`session starts. After which, the clients start sending the message packets. Once the destination client
`receives the TCP Message packet and confirms that the packet is correctly formatted, the receiver will send
`an ACK packet to the sender. In the sender’s screen, the PC client's message window will not go away and
`the little face window will continue to spin until it received the ACK packet from the receiver client.
`
`(b) MSN Protocol
`According to (Mike Mintz 2001) MSN protocol description document, all the communication in MSN (between
`Client–Server and Client–Client) must go through the server, with the exception of "client to client"
`connections such as file transfer and voice chat. To achieve this, MSN Messenger Service clients make
`connections to several different kinds of servers. Each server can be duplicated an arbitrary number of times,
`independently, so as to support numerous users.
`
` MSN Messenger Protocol Architecture
`
`NS
`
`TCP
`
`TCP
`
`MSN Messenger
`Client 1
`
`MSN Messenger
`Client 2
`
`TCP
`
`TCP
`
`TCP
`
`TCP
`
`DS
`
`SS
`
`Note: With MSN Messenger,
`Protocol Architecture shows that
`all clients can log in to more than
`one server (NS, DS, SS), while
`from client 1 to client 2, there is
`no direct connection.
`
` -
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
` -
`
` Dispatch Server (DS) : The Dispatch Server is the initial point of connection between client and server.
`This server not only functions as the protocol version for negotiation, but also refers the client to the proper
`NS.
`
` -
`
` Notification Server (NS) : It forms the primary server component. The client and the Notification Server
`authenticate, synchronize user properties, and exchange asynchronous event notifications. Some of the
`events transmitted between a client and a Notification Server are: State changes (e.g. client is on-line, client
`
`
`
`6
`
`Page 6 of 16
`
`

`

`is offline, client is idle), Switchboard Server invitation requests (see below), and application-specific
`notifications that are beyond the scope of this document (e.g. arrival of new e-mail).
`
` -
`
` Switchboard Server (SS) : The component through which clients can establish lightweight communication
`sessions without a direct network link. The common usage of the Switchboard Server is to provide instant
`messaging sessions. When a client wishes to communicate with another client, it sends a message to its
`Notification Server, which then refers the client to a Switchboard Server. Once the SS connection is
`established, the "destination" client receives a notification from its NS to connect to the same SS.
`
`When commands are issued by the client and sent to the server, it is called a request. After a request, a
`server will send back a result as the reply. Between the requests–reply sequence, it is entirely asynchronous
`in MSN. So the client can send in many requests in sequence without waiting for reply from the server after
`submitting each request. The server will then return the reply to the client in the form of result, such as a
`positive acknowledgement, or error return for each request received. Delivering the reply in the same order
`as the requests received is not necessary. The client can then link the request associated with a particular
`response by examining the Transaction ID parameter.
`
`The Transaction Identifier (a.k.a. Transaction ID) is a numeric string representing a number between 0 and
`(2^32 - 1). This transaction ID is included in all the commands that the client sends to the server. In the
`current version of the protocol, the transaction identifier is used to associate server responses with client-
`issued commands. The server treats the transaction ID as an opaque number and does not assume any
`relationship between successive Transaction IDs or any particular starting Transaction ID. It is the client's
`responsibility to guarantee the uniqueness of the Transaction IDs for the purpose of disambiguating the
`commands and/or responses (A future version of the protocol could enable the client to track the status or
`cancel a particular transaction using the transaction ID). When the server sends the response of a command
`to the client, it must include the transaction ID that the client sent to the server. In cases where a server
`sends a command to a client that needs a transaction ID, but does not need response to a specific client
`command, it will use 0 as the transaction ID. In cases where a server sends multiple responses to a single
`client request, the server will use the same transaction ID in each response.
`
`(c) ICQ vs. MSN Messenger Protocol
`
`
`i All the communication in ICQ is Synchronous, while MSN is Asynchronous. Hence, sending
`messages in MSN is more instantaneous while ICQ is slower. This happens because for every
`message ICQ sent, a reply as to whether the message is accepted, has to be received before the
`transaction closes. Whereas in MSN, the sender can keep sending messages without waiting for a
`reply. If the reply is not received after certain time, a pop up window will inform the user that the
`message has not reached the destination. This results in MSN being more responsive than ICQ.
`However, MSN is known to give late notifications at times.
`
`
`ii All the communication in MSN must go through the 3 server phase of MSN (for voice and file sending
`the protocols are similar to those used by ICQ), while in ICQ most of the communication is through the
`server, then directly to the client itself via TCP. This means that communication through ICQ is
`exposed to higher levels of security threats than in MSN (in MSN, only sending file or voice chatting
`directly between client is exposed to the same level of security threats faced by ICQ users). This also
`means that given the same amount of network traffic, more bandwidth is used in ICQ than in MSN,
`similarly for the ICQ server.
`
`
`
`iii Another problem in ICQ protocol occurs when 2 clients communicate between each other. IP
`addresses and User IDs (ICQ number) are sent back and forth in the packets. This means that
`someone can intercept the packet and successfully decrypt it, exposing the IP and ICQ number.
`Further discussion about this area will be made in the security issue section.
`
`Overall the MSN Messenger utilizes a more stable and well–designed set of protocols, providing better
`security features and higher efficiency in terms of bandwidth usage, compared to ICQ protocols.
`
`11. ICQ and MSN Messenger behind the firewall
`
`To help understand better some of the security issues involved in instant messaging, some knowledge of
`firewall is essential. What is a firewall? Firewall is a security system (can be hardware or software, or
`
`7
`
`Page 7 of 16
`
`

`

`combination of both), designed to prevent unauthorized access to a private or local network. Firewall is
`usually used to prevent Internet users from accessing local networks or Intranets. The firewall can be Proxy
`servers, Socks and HTTPS. You can change the setting in ICQ or MSN in their connection options, to inform
`the MSN/ICQ that they are behind the firewall.
`
`Firewall is also set to block a connection from and to certain port. This will cause the MSN/ICQ programs not
`to work even if you already set the setting in MSN or ICQ. Base on MSN/ICQ firewall support and (Http-
`Tunnel 2002) website, this problem can only be solve through:
`
`
`- Changing the configuration of the firewall by opening the port that is being used by ICQ or MSN. This
`solution requires access to the firewall system.
`- Using the HTTP Tunnelling to redirect the MSN/ICQ communication to the HTTP protocol. This solution
`requires a HTTP Tunnel server that can communicate to the ICQ/MSN server.
`
`
`Note : For more details on how to configure both software firewalls please refer to the appendix ‘Firewall
`configuration of Instant Messaging software’.
`
`12. Security, Privacy and Bandwidth Issues
`
`Some of the security and privacy issues mentioned below have been solved while others are still waiting for
`solutions. Therefore, proposed solutions will be recommended to rectify those unsolved problems.
`
`(a) Is Instant Messaging safe to use?
`In the past few years, viruses have been attacking instant messaging software by replicating
`themselves in the network. In (Linda Dailey Paulson 2002) news brief, “Elias Levy Chief Technical
`Officer of Security Focus, states that ‘Virus writers have begun to target IM because if offers a source of
`new victims and relatively untested technology, and it represents a new challenge. Also he added that
`IM protocols are proprietary, which sometimes make it difficult to write anti virus software that
`understand them.’ Some experts say, infections will increase as IM becomes more popular with
`consumers and companies.” Nevertheless, viruses can be avoided if users themselves update their
`anti–virus software frequently and forbid the exchange of any unreliable files.
`
`
`(b) Is ICQ safe to use?
`The security problems in ICQ are mainly caused by the way ICQ communicates with a server or other
`users, and when there are too many operations being done by the client (client-side operations). In this
`case, when an ICQ user sends a message to another user, it will include the source and destination IP
`addresses as well. Although the user may forbid ICQ to display the IP number, a hacker can still crack
`it. "ICQ sort of hides the IP address of the remote user, but since you chat directly with them, you can
`get the IP address by simply running ‘netstat’ or a related utility," said Seifried Kurt in (Susan Willner
`2001) security analysis article. Messages sent are not encrypted, containing information about the
`ICQ’s ID and the sender’s IP address. This allow others to read or modify the messages. Furthermore,
`people can fake identities by creating a program that sends messages to others with fake ICQ ID and
`the IP address. Still, the problem can be minimised by logging in for a short time or only when
`necessary, rather than leaving it on for hours, allowing hacker ample time to hack into the system.
`
`In addition, ICQ has the capability to share directories on users’ machines, which is similar to file–
`sharing software, Napster or Kazaa. The user creates a connection that goes through the firewall,
`allowing file movement besides conversation. Users can download a file freely or serve as a server
`station allowing others to download from it. This would provoke security and privacy bandwidth issues,
`as harmful materials could be passed around without any control, creating harmful impacts on business
`user. "Workers sometimes tap IM for corporate business, thus using the Internet to chat with someone
`down the hall, maybe sending company secrets across public networks. It’s uncontrolled and making a
`lot of managers very nervous,” said Louis Latham of Gartner Group, a market-research firm, published
`in (Susan Willner 2001) security analysis article, "In bandwidth it could affect the network usage of user
`connection and cause slow connection to the user’s computer. Nevertheless file servers on user
`machines can be hard to trace as Seifried Kurt mentioned that firewalling them is very difficult, short of
`using non-routed IP addresses and using proxy servers and NAT at the gateways to the Internet, you
`can’t block it. Probably the simplest is to monitor network traffic going/coming from workstations and
`then zero in on the top 10, 20, 100, or whatever and talk to the users. … Scanning your network
`regularly with tools like nmap and strobe will alert you to open ports".
`8
`
`
`
`Page 8 of 16
`
`

`

`Another possible problem