[unisog] MSN Messenger - two questions

STeve Andre' andres at msu.edu
Tue Feb 20 22:19:57 GMT 2007


On Tuesday 20 February 2007 16:55:40 Brian Eckman wrote:
> STeve Andre' wrote:
> > On Tuesday 20 February 2007 15:46:15 Alan Rothenbush wrote:
> >> Background:
> >>
> >> I'm now under some pressure to "release" MSN Messenger to a group of my
> >> users, some of them senior administrators.
> >>
> >> To date, the answer has been "no, insecure, next question", and as I
> >> "own" the machines and the users are but users, it has not yet been
> >> installed.
> >>
> >> Sadly, these bosses (at least one of whom can fire me) now present a
> >> legitimate business need for which I have no other solution, the problem
> >> being that prospective students almost universally choose some sort of
> >> IM as the preferred form of communication.
> >>
> >> (The Instant Gratification generation, I suppose, making me once again
> >> feel my age)
> >>
> >> Since we (annoyingly) do need students around the place, I'm probably
> >> going to have to come up with some solution.
> >>
> >> My concerns (perhaps unfounded) are the need to open up the built-in XP
> >> firewall to a server off in the big bad internet, allowing access to an
> >> application that I think has historic security issues.
> >>
> >> Question 1:
> >>
> >> Are my concerns unfounded ?
> >>
> >> (My response "they're all wrong" to the statement "every other
> >> university does it" doesn't seem to be enough of an explanation)
> >>
> >> Question 2:
> >>
> >> If it turns out I have to do this, any tips for keeping things safe ?
> >>
> >> Thanks in advance.
> >>
> >> Alan
> >
> > Well, if you run gaim instead of the standard messenger program, you'll
> > be safer.  Gaim is an open source multiple protocol IM system.  It runs
> > on lots of systems, too.
>
> Can someone please explain how Gaim would make him "safer"? There have
> now been at least two posts that suggest this, but offer no explanation
> regarding what makes them "safer".
>
> Thanks,
> Brian

Sure.  Gaim, being a different binary isn't subject to the same potential
exploits as the official IM programs are.  You can probably say the code
is of slightly better quality too, such that horrid buffer overflows aren't
quite as rampant.  At least with open source code, you can peer inside
it, and possibly even fix something.  I will not say that Gaim is perfect,
its far from that, but there is an advantage here, security wise.

--STeve Andre'
Michigan State University



More information about the unisog mailing list