We looked last week at some security problems related to Instant Messaging (IM). The question was also posed, “Do software manufacturers have a responsibility to teach the safe operation of their products?
As automakers are responsible to inform their customers about the safe use of their products, I believe that software manufacturers bear a similar responsibility. Their products are used in public venues (i.e., the Internet) and pose a great potential hazard to other innocent “drivers” and bystanders. They should point out, before any explanations about how to operate the leather-covered power seats or the 75:1 theatre system, “Oh, by the way, see that thing in front of your chest? That’s the steering wheel, and here’s what it can do. See that thing by your foot? That’s the brake pedal. Oh, and that thing over there? That’s the windshield wiper switch, just in case it rains.” Shouldn’t you learn about the steering wheel and brakes before you get too misty-eyed about the DVD player?
One example of how IM software manufacturers relegate safety and security to the back seat is the America Online Instant Messenger website (www.aim.com).
By the way, do you remember when AOL stood for “America Online?” Sorry, Charlie, those days are gone, just like when AT&T stood for “American Telephone and Telegraph.” Now, they’re just AOL and AT&T, acronyms that, if you visit their websites, apparently stand for nothing. In the new one-world global economic order, AOL and AT&T are nothing more than meaningless letters. In fact, both companies seem to have gone to great lengths to distance themselves from their original company names. For example, in AT&T’s “Corporate History” section, the phrase “American Telephone and Telegraph” doesn’t even appear. Talk about history revision! But, I digress.
The AOL Instant Messenger (AIM) website clearly does not take IM safety and security seriously. Their main page brashly brags about how the new AIM Version 6.1 features
“Easier text messaging. Buddy profile images. More colors. Vista ready.” Because of security measures enacted by many corporations which do not allow users to install untested or insecure software, the AIM website even offers a way for workers to bypass restrictive company policies. “Can’t download AIM? Use AIM Express,” says the link text. Formerly known as “Quick Buddy,” AIM Express is a Internet-based version of AIM that allows you to sign on to the AIM network without downloading or installing any software, thereby enabling workers to easily evade annoying company policies. Don’t kid yourself; AOL knew exactly what it was doing when it invented AIM Express. “Restrictive company policies be damned. I’m tired of playing Solitaire; I want my AIM!”
Further compounding the anti-security stance taken by AOL is the fact that the only link to any truly useful safety and security information is tucked away in the upper right-hand corner, next to “Site Map,” a link few people understand or visit. Click on the unimportant-looking link in small type that says “Help” and you are taken to the AIM Help and Support page. Click on number 6 in the list, “Security Central,” and you are finally taken to the only page on the entire site that contains any meaningful security information.
To their credit, whoever wrote the AIM Online Safety/Security FAQ did a pretty good job. Many fine tips and suggestions are offered regarding how to engage in safe instant messaging. The problem is not that AOL can’t show people how to protect themselves from IM attacks. The problem is that their security information is relegated to the back seat. In fact, they don’t even seem to want to let security come along for the ride.
Next week: how to secure AOL Instant Messenger.