Because using IM software requires you to have a service connected to the Internet on an open port, it offers an attack vector for hackers. The IM software tends to have security flaws and vulnerabilities that allow for malicious attacks. In January of 2002 a flaw was announced in AOL Instant Messenger which would allow the attacker to gain access to your system without notifying you, giving you an opportunity to deny the connection or providing any means for tracking the attack. In June of 2002 CERT released an advisory regarding a vulnerability in Yahoo Messenger that would allow an attacker to execute the code of their choice on your computer. The list is long and growing of ways that Instant Messaging software can be used to compromise your system.
Originally, instant messaging was just a means for communicating in real time with other instant messaging users. However, more functionality was added to instant messaging as its popularity grew. IM clients generally have the capability to send and receive files or designate a folder to share out files to your buddy list. Because downloading files in this manner bypasses most corporate security measures many companies have implemented policies banning the use of IM software until a traceable, secure system can be found.
Peer-to-Peer (P2P) networking is a phrase coined to apply to individual PC’s acting as servers to other individual PC’s. In a P2P network all of the computers are peers to each other and are able to act as file servers. Katherine Mieszkowski of Salon was quoted as saying “P2P is a particularly comical new coinage for a business model since the phrase starkly points out that there’s no middleman – so how can anyone possibly make any money?” P2P was made popular primarily by the digital music swapping sysem created by Shawn Fanning- Napster.
Napster spread like wildfire and other P2P file swapping networks sprung up in its wake. Eventually the Recording Industry Association of America (RIAA) managed to have Napster effectively shut down due to litigation over copyrighted songs being made available through the Napster network. The RIAA may have brought on the untimely demise of Napster (although the phoenix may yet rise from the ashes- in February 2003 Roxio announced plans to resurrect Napster as service to allow songs to be downloaded for a fee Napster Rising From The Grave), but more P2P networks are out there and the juggernaut has too much momentum for the entertainment industry to be able to effectively litigate it away.