Any computer application/software may have design flaws or characteristics (often referred to as "vulnerabilities") that can be exploited for malicious use. Some of the software vulnerabilities that are discovered are publicly disclosed and described in detail on various Internet Web sites. This allows the existence of and knowledge regarding these flaws to be quickly publicized. Once a security vulnerability has been discovered responsible software vendors/manufacturers will often issue a publicly available fix or patch. These fixes or patches are usually freely available for download from the software vendors Web site.

Published software vulnerabilities serve to alert users so patches or fixes can be applied to any affected software. Malicious individuals or groups can also use this information to exploit these design flaws to their benefit and your detriment. Some design flaws or bugs can allow remote access to your computer. This could allow the theft of personally identifying information, charge card, bank or other account numbers, business and customer information. Search the US-CERT (United States Computer Emergency Readiness Team) Web site for vulnerability information on IM clients and other applications you are currently using or considering.

Reality Check: It is safe to assume that not all software/application vulnerabilities are publicly known. If you were a malicious individual or group who could make money exploiting an application vulnerability would you publicly disclose it?

things you can do to protect yourself

1. Choose a good password and change it on a regular basis. Use a different password for your IM client than you use for your computer or other accounts. Read my article about creating a good password. I suggest you change your passwords once per month. I also suggest you use a password manager" to help create, organize and more securely store your passwords. I've written a short tutorial to get you started using the FREE version of "Password Agent" a password management application. It's very simple to use and it securely stores your passwords and other information by encrypting it.
2. Be careful not to divulge to much personal information when you create IM user names. Do you operate a small business with multiple employees who will use IM? Assign user names that follow a strict format for example: first_name/company_name/4_random_characters. Random characters can be generated using the password creation tool provided with Password Agent" or a similar tool. Known, pre configured user names can reduce the possibility of someone posing as company personnel. This can be especially useful if you use a public IM network like Yahoo, AOL, MSN or ICQ.
3. Do not allow your instant messaging program to automatically sign you on to the service. Sign on when you intend to use the service only. This will reduce the time available for malicious individuals to target you.
4. Limit the personal information you make available to the IM service and others online. Do not list your e-mail address, IM username or other personal information on public directories where it is publicly available. This will help limit your exposure to e-mail junk mail (SPAM) and SpIM (Spam over IM).
5. Don't allow files to be automatically accepted and uploaded to your computer. This is the easiest way for malicious individuals to plant viruses, Trojans, spyware or other potentially invasive and harmful programs.
6. Only accept messages from people in your contact/buddy list.
7. If you send sensitive personal or business information use an IM client that can encrypt all IM communications. Cerulean Studios "Trillian" and Pidgin are free products that provide the ability to encrypt IM communication between users/clients. As with most IM products both the sender and receiver will need to use the same IM client to utilize encryption.
8. Make sure you keep your Instant Messaging program and computer operating system updated with the latest patches/fixes or to the current version. Check the manufacturers Web site periodically to see if new patches/fixes or versions are available. New versions, fixes and updates often address security related issues. Remember to always back up your important files/data before adding new programs or updates/patches/fixes to your computer.
9. Do not click on links (hyperlinks) to Web sites, music, video, etc. within an IM session unless you know the person who sent them and are expecting them. Links can lead to Web sites used to infect your computer with viruses, Trojans, spyware and other malware that can be installed without your knowledge.

• BitDefender
• Kaspersky Anti-Virus
• AVG Antivirus

Home users: Have a home meeting to discuss the issues and dangers I've covered in this article. A simple 15 minute discussion could save you hundreds of dollars in computer repair cost, frustration, time and the possibility of being a party to a lawsuit.