October 23, 2003

IMSecure Pro: A Firewall for Instant Messaging

Yet another good review from the November issue of PC World Magazine, this time reviewing IMSecure Pro from ZoneLabs. Here's what the review doesn't explain, but should have:

Besides the clever name, IMSecure Pro (and its free basic sibling, IMSecure) sounds like the right product at the right time. More and more people have been tuning into Instant Messaging, but IT departments have rightfully been concerned when their users download and install the free and insecure consumer-level IM clients -- which is why a fair number of organizations have already banned IM. Likewise, even home and laptop use of these programs introduces the definite possibility of malware and other undesirables (such IM-borne scripts, buffer overflow attacks, and IM spam) being transmitted along IM channels.

In comparison to ZoneLabs' well-known ZoneAlarm firewall, IMSecure Pro is best described as a firewall for IM clients. It works with most IM programs, even the multi-network Trillian IM client, but there are a few exceptions per the review (apparently it doesn't work with ICQ or IRC).

What makes this different from a regular personal firewall like ZoneAlarm? A regular personal firewall lets you control web access by port number and program name, but it usually doesn't have the finer control over individual features within a program. Consider this: What is one of the first things you need to do after installing an Instant Messaging program on a PC with a personal or network firewall installed? That's right: If it's not already open, you need to open a hole in the firewall so your IM program can talk to all of your buddies' IM programs -- potentially a hole that a savvy hacker can drive a truck through.

That's where IMSecure comes in: IMSecure Pro allows you to block certain IM features, such as file transfers and voice and video chats. The program also supports encryption for messages sent between between different IM programs, as long as they communicate over the same service. Its "ID Lock" feature can also prevent the inadvertent release of private data over IM channels and exploits. What I like is that ZoneLabs included a similar lockout feature from ZoneAlarm, called "IM Lock" in IMSecure Pro, so that you can take ultimate control over instant messaging in case of IM misuse or extreme IM security.

Now I haven't had a chance to try IMSecure yet, and I've oversimplified this discussion to get the points across in relatively plain language. However, if you use one or more of the popular consumer-based (read: very insecure) IM programs, this sounds like a must-try program.

Topic(s):   Privacy & Security
Posted by Jeff Beard
Comments