Wednesday, April 11, 2007

Week 2, Exercise 2: IM

I've had an AOL IM screen name since the late 90's (askcalif) For awhile I was using it a lot to chat with friends and relatives. I also had an ICQ number, but only used it for a couple of months. The last couple of years I didn't bother even opening up chat in the evenings when I turned on my home computer to check email. I just got a new computer and haven't bothered to install the AIM software and may not for quite awhile.

In considering this change in usage I'm wondering what factors are different between then and now. One major one is long-distance phone costs. I used to use AIM instead of calling out-of-town friends and family. Then in 2001 or 2002 I got a wireless phone service that includes long distance and no roaming, etc. Since the calls are already paid for I prefer hearing voices than typing conversations.

Regarding IM for library service, if it is being used by our patrons then resources should be devoted to it. Cost-benefits should be periodically analysed. In addition there may be network security implications of running IM chats. Most of the IT security trade journals caution businesses about the risks of IM. Viruses and trojans have been spread through IM.

Our library will soon be installing a web filtering software product, mainly to filter out malicious sites. Most institutions using the software block AIM, Yahoo Chat, Meebo, etc. Some of our IT people want to turn on the blocking of chat services. For non-public service areas it may be appropriate (should the HR staff be IM'ing their friends during work hours?) but we have to be careful not to inhibit the reference desks from providing service.


LibrarianInBlack said...

Two things:
1) E-mail was originally blocked by many IT departments. But it grew as a communication medium that everyone needed to use, and not just for communicating with the public, but from staff to staff too. IM is the same. More libraries use IM for staff to staff communication than use it for communicating for the public. I would strongly advise against blocking IM in any way.

2) Any IT staff that says there are network problems with IM has not done its homework. The only network threat from IM is if people download files that people they don't know send them via IM. The only other security issue with IM is if someone you don't know sends you a link that says something like "Click on my hot sexxy pix!", and you click on it, you are likely to end up at a site that has malware installed on it. IM is not the threat. User behavior is the threat. If staff are taught not to do these two things, there is no security threat through IM whatsoever. All these stories about how it opens up security holes, and is inherently nonsecure, is total 100% fabrication.

I also challenge the assertion that "Most of the IT security trade journals caution businesses about the risks of IM." Everything I have read has said the exact opposite, and I'm probably reading the same journals you are. Do you have specific articles you can point to?

j-seagal said...

Yes, users are the greatest threat to a network, not the technology itself. But viruses and worms are spread through the technology.

When we do install the web blocking software we won't be blocking IM, but the vendor highlighted the fact that it could be blocked as one of the great features of their product. My point was more that the default setting of many web filters may be to block IM ports since that's what enterprises are asking for.

I haven't saved any of the articles because we don't intend to block IM, but did find some online articles from some of the publications I receive:

Report: IM, P2P threats on the rise. April 12, 2006 from Security Magazine

Messaging Security: Understanding the threat of eMail and IM Attacks. November 14, 2006 from Bitpipe