IM Security

Lots of IM Security noise this week. From technews “Your Next IM could be Your network’s last by Gregg Keizer:
Facetime is issuing a “Worm Free Guarantee” on tuesday as it released Facetime Auditor 6.5. AFAIK they rely on thresholding to watching clients sending too many messages in a short period of time. When I evaluated an earlier version of Facetime’s product in October, I was plagued by problems.
IMLogic pointed out theyuse RTTPS technology to detect odd behavior and block the transmission. RTTPS is an add-on piece for their IMLogic product. It was not available when I tested IMLogic in September. I asked about getting a new beta and was told they don’t do that because evals are limited to 50 users and RTTPS doesn’t eval well with that number of users. When I evaled IMLogic file transfer did not work with AIM and MSN Messenger.
The article says that it is possible to create an IM exploit that automatically runs exploit code using keystroke macros found in MSN and AOLs product. (I haven’t heard of this before)
I had Akonix on site today and will be beginning an eval of them next week. They have been doing IM Security for a while now. They are still using updating block lists. Its a better defense than what IMLogic and Facetime gave me to demo. However, I find myself wondering if these two vendors haven’t jumped right back into the game with their new releases.
Being dependent on updates as Akonix is, is not a good place to be. Think of it like email. When there were a low number of email virues and they spread slowly, it was rare for a virus to get by. But as the volume of email viruses increased, their speed increased and more got by. Today viruses target specific companies and industries. The update model of security is not good enough for that. But based on my poor experience in evaluating IMLogic and Facetime, I really dont trust their press releases. Hopefully my eval of Akonix will fare better than these previous two.