A challenge for network managers is preventing IM clients from becoming used in virus attacks.
IMlogic Inc. and FaceTime Communications Inc. provide methods to snap in various anti-virus engines but leave the management separate from IM management. Akonix Systems Inc. takes a more integrated approach, including a McAfee virus protection system as part of L7 Enterprise. The integrated method puts the management for the complete system under one interface, but it also means if you are using something else for the rest of the company, you can’t use it here. IM-Age did not document for us any methods for adding anti-virus products into its software.
Also becoming more prominent is spam, coined “spim” in the IM arena. FaceTime and IMlogic have functions built into their products that explicitly deal with spim. FaceTime uses a challenge/response method, asking users to send back a configurable phrase before it lets a request be added as a “buddy” to be passed on. IM clients can, of course, be configured to accept messages only from people on a buddy list. But this feature will stop programs that simply try to get on the buddy list of every user it can find. If someone is already on your buddy list and they send you spim, you can just delete them from your list.
IMlogic manages a blacklist of users to block on the three public IM systems. The list can be updated one name at a time, or in bulk using lists. This prevents so-called spimmers from sending IM, even if they manage to get on a user’s buddy list.
Akonix also handles spim, but it doesn’t have separate functions in L7 Enterprise dedicated to it. Instead, L7 Enterprise includes three default polices for the latest threats (Osama Found, the Bizex worm and the JituxA worm) as a template for how to create new policies as new threats emerge.
With IM-Age, you need to rely on a combination of keyword blocking and overall file blocking to address spim threats. Templates for how to do this are not included, either. But as long as spims have consistent text, effective rules can be created quickly.
Methodology
Each product was installed on an Hewlett-Packard Co. ProLiant DL380 G3 server, with two 2.8-GHz Xeon processors, 2GB of RAM and a 34GB RAID5 disk. Windows 2003 Standard Server was installed to host the application and Microsoft Corp.’s SQL Server 2000 Standard Edition database.
For IM-Age, a second server was required for Microsoft’s Internet Security and Acceleration server. A second HP DL380 was installed with Windows 2000 Server to host ISA Server 2000.
Our tests simulated what most public IM users would be doing with three main public IM clients — MSN, Yahoo and AOL Instant Messenger. To test policy enforcement capabilities, we looked for content management and keyword blocking, as well as file transfer management and control.
We did not test effectiveness of anti-virus features on these systems, because the vendors included in the review do not manufacture them.