PDA

View Full Version : Secure Instant Messages (Review)



mhollis
26th March 2004, 03:16 PM
Today's New York Times had a pretty good sized article about the dangers of the various Instant Message clients and how some of these clients (most notably AO-Hell's network, which is the one Apple's iChat uses) have started to be used to send "SIM" which is IM-Spam as well as worm programs that send themselves to everyone on your "buddy list."

Furthermore, the article detailed how, since IM messaging does not use any encryption, anything you type in a session may be seen by anyone snooping the server or your send and receive ports.

For further information regarding snooping, please see this article (http://www.zdnet.com.au/reviews/software/productivity/0,39023447,20271821-4,00.htm)

I downloaded two programs that claim to encode all IM messaging. In no particular order is The Project SCIM software (http://www.projectscim.com/) and BitWise Chat (http://www.bitwisecommunications.com/chat/). Both are interoperable between Windoze, OS X and Linux.

I downloaded both and installed them according to the instructions. I registered myself on both. Project SCIM has a really nice installer, which will allow you to choose where you wish to install the program (/Applications is a good idea) and lets you create an alias anywhere, including on your Dock. Unfortunately, after setting up the program, it seemed to hang while registering me with a small open window titled "Registration in progress" and the text "Please wait while your details are sent to the server ..." I don't think it ever registered me.

Bitwise Chat will notify you of off-line messages in your e-mail account (which may remain hidden) and gives you a temporary password, which you may change easily in its Preferences. It seemed to register me very quickly and asked me if I would like to be seen as a "chatty user" which would help me set up a list of contacts rapidly. I gracefully declined, though I can change that quickly.

Lacking tons of contacts, I thought I would try out the software with a chatty user who was on-line. I spoke with Kevin who is one of the authors of Bitwise Chat. He was quite helpful. You can see screenshots of the application at their website.

I don't think that SCIM really works in real life. Also, I don't like the pee-cee user interface, with no change in the context-sensitive menubar at the top of your screen -- all menu actions are performed on it's own menubar like Windoze.

I can recommend Bitwise Chat, cannot recommend SCIM because it never worked for me. Neither program allows video chat at this time but if security is important to you, Bitwise Chat is definitely worth a look.

pipsqeek
26th March 2004, 05:12 PM
Good heads up.

Security is of upmost importance to my friend and he currently uses iChat, he uses it with his iSight for video confrencing overseas clients.

Wonder if this Bitwise Chat supports iSight video conf?

Anyway, I also like the idea that is can handle multiple connections with Bitwise Routing Server.

Steve

jameso
31st March 2004, 05:31 PM
http://fire.sf.net/ will allow gpg encrypted IM chat... it slows down alot with the encryption but for the paranoid it is a much have.

jameso

mbd
31st March 2004, 09:17 PM
Depending on the needs and the environment, it might be worth looking into running a Jabber server. It doesn't do audio/video last time I looked, but will do text. The good thing is that the server is running under your control, so you can set it up as you please and don't have a 3rd party being the middleman in your conversations. So, it's great for convos within one company, for example. It also provides gateways optionally, which lets you sign on to most major IM servers as well from the one client - I used to use a jabber server at a previous job, and could talk securely to others within the org, but also be logged into ICQ and AIM as well, without running multiple clients (kind of like Fire I suppose, but only one sign on needed at startup). You can also run the Jabber connections via SSL so that they can't be easily snooped.