Gartner: Kick out Instant Messagingservices from the enterprise

Analysts' group Gartner is advising enterprises to disable Instant Messenger services in the wake of the latest security flaw to...

Analysts' group Gartner is advising enterprises to disable Instant Messenger services in the wake of the latest security flaw to affect Microsoft users.

The software giant last week urged users to update Microsoft Instant Messenger and Chat services because of a security hole in the software.

In a First Take briefing paper on the flaw, Gartner analyst Richard Stiennon warned users that instant messaging services, "created significant risk for enterprises".

Such software, he noted, could bypass enterprise firewalls, and so circumvent corporate security. This, he warned, "raises the spectre of a destructive self-propagating worm".

Stiennon said businesses needed to treat instant messenger services as a formal communications system that is subject to the same security precautions and user restrictions as e-mail.

Gartner advised IT departments to stay on top of the spate of security alerts while they evaluate the security of instant messenger services.

In the long term, Gartner said, users needed to consider moving to enterprise-controlled instant messenger services rather than the free systems that are available today.

Stuart Okin, Microsoft' UK's chief security officer, told that Instant Messenger was not a corporate system and might not be able to meet some corporate security requirements, for example, delivering a clear audit trail.

"Users need to evaluate [application] code for strong security," he told Microsoft was putting strong security ahead of functionality in its product development programme and was continuing to evaluate building stronger security such as an audit trail for Instant Messenger, he added.

"The challenge is analysing the audit trail. I am not aware of any tools that can do a complete audit [for Instant Messenger]," said Okin.

Microsoft's existing security initiatives include a beta programme for Microsoft Software Update Service, an enhancement to the Windows Update feature used to keep PCs loaded with the latest patches.

Instead of working directly on desktop PCs, the Software Update Service downloads patches from Microsoft on to a central server where IT staff are able to assess the impact they would have on their Windows desktop and server environment.

Okin said the software giant was also looking at offering users security guidelines for Microsoft software based on ISO17799 (BSI 7700) security guidelines.

Read more on Hackers and cybercrime prevention