Helping people with computers... one answer at a time.
Instant messaging programs connect two machines, but typically not directly, and even then normal precautions prevent additional technical risk.
Is it possible for a friend in MSN messenger (or a supposed good friend) to tap into my hard drive once a connection is established with this person? There is one who is an old flame and I wonder at her occasional conversations if indeed she could be snooping such as in My Pictures folders, etc. I do not save any conversations so that could not be found.
Not if you've set things up properly and follow normal security precautions, no.
And even then, in most cases, it's still extremely difficult.
In reality there's nothing all that special about instant messaging. As long as you take into account all the appropriate cautions for security the most the other person might be able to get is your IP address. And as we've spoken of time and time again, that's not very useful.
Let's review what you need to do to stay safe.
There's no known "tunnel" through any of the IM protocols that would allow someone access to your machine if you were chatting with them. If there were (even accidentally) it would get shut down pretty darned quick for all the obvious security implications.
So in that regard, IM programs are, themselves, pretty safe.
One of the most important things when it comes specifically to instant messaging programs is to never accept a file transfer that you don't expect, or don't completely trust. There are viruses that routinely propagate by using file transfers to trick you into downloading something that's not at all what it would seem.
That's relevant here for two reasons:
you may be accepting a virus and your machine may become infected.
You may be accepting spyware that could allow someone access to your machine.
Typically, I'm sure you think of spyware as something much like viruses - you get them from sources unknown, almost as a surprise. No one you know would knowingly send you a virus, right?
If the person at the other end of your IM conversation has malicious intent, and the knowledge or tools required, they could certainly ask you to accept a file transfer or download that, once downloaded and run, could give them access to your machine.
But let's be clear: that's true of email attachments as well. In fact, just about any way you might accept and run a file from someone else could lead to this.
So, understand the risks of accepting attachments, downloads, file transfers or whatever else from the people you IM with. If you're not sure, don't.
With that out of the way, about the only thing that someone you're IM'ing with might be able to get is your internet IP address. And once again, as long as you're following normal security recommendations that actually gets them nothing. If you're behind a firewall of some sort they can't access your machine. In fact, if you're behind a router, they can't "see" your machine at all. All they might be able to see is the router, and nothing beyond it.
But once again, this type of attack is something we're actually all constantly under - various infected machines on the internet are pretty much constantly attempting to do exactly that: connect to machines at various IP addresses, including yours, in order to infect them.
So as long as you're protected from that, you're likely to be protected from your IM'ing friend.
The real and more likely risk is more of a social one.
Chances are you've said more than you think, shared more than you might have realized, or there's more information about you publicly available on the internet than you might know. Armed with that information your IM'ing friend might seem like they're scouring your hard disk when in fact they're simply very good at grabbing information you've made available in other ways.
Comments on this entry are closed.
If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.
If you don't find your answer, head out to http://askleo.com/ask to ask your question.