Is it possible for a friend in MSN messenger (or a supposed good friend) to
tap into my hard drive once a connection is established with this person? There
is one who is an old flame and I wonder at her occasional conversations if
indeed she could be snooping such as in My Pictures folders, etc. I do not save
any conversations so that could not be found.
Not if you’ve set things up properly and follow normal security precautions,
And even then, in most cases, it’s still extremely difficult.
In reality there’s nothing all that special about instant messaging. As long
as you take into account all the appropriate cautions for security the most the
other person might be able to get is your IP address. And as we’ve spoken of
time and time again, that’s not very useful.
Let’s review what you need to do to stay safe.
There’s no known “tunnel” through any of the IM protocols that would allow someone access to your machine if you were chatting with them. If there were (even accidentally) it would get shut down pretty darned quick for all the obvious security implications.
So in that regard, IM programs are, themselves, pretty safe.
One of the most important things when it comes specifically to instant messaging programs is to never accept a file transfer that you don’t expect, or don’t completely trust. There are viruses that routinely propagate by using file transfers to trick you into downloading something that’s not at all what it would seem.
That’s relevant here for two reasons:
you may be accepting a virus and your machine may become infected.
You may be accepting spyware that could allow someone access to your machine.
Typically, I’m sure you think of spyware as something much like viruses – you get them from sources unknown, almost as a surprise. No one you know would knowingly send you a virus, right?
If the person at the other end of your IM conversation has malicious intent, and the knowledge or tools required, they could certainly ask you to accept a file transfer or download that, once downloaded and run, could give them access to your machine.
But let’s be clear: that’s true of email attachments as well. In fact, just about any way you might accept and run a file from someone else could lead to this.
So, understand the risks of accepting attachments, downloads, file transfers or whatever else from the people you IM with. If you’re not sure, don’t.
With that out of the way, about the only thing that someone you’re IM’ing with might be able to get is your internet IP address. And once again, as long as you’re following normal security recommendations that actually gets them nothing. If you’re behind a firewall of some sort they can’t access your machine. In fact, if you’re behind a router, they can’t “see” your machine at all. All they might be able to see is the router, and nothing beyond it.
But once again, this type of attack is something we’re actually all constantly under – various infected machines on the internet are pretty much constantly attempting to do exactly that: connect to machines at various IP addresses, including yours, in order to infect them.
So as long as you’re protected from that, you’re likely to be protected from your IM’ing friend.
The real and more likely risk is more of a social one.
Chances are you’ve said more than you think, shared more than you might have realized, or there’s more information about you publicly available on the internet than you might know. Armed with that information your IM’ing friend might seem like they’re scouring your hard disk when in fact they’re simply very good at grabbing information you’ve made available in other ways.
7 comments on “Can someone I'm IM'ing with see my machine or hard disk?”
Thanks Leo! Now that is what I call a solid answer. Thank you! The IP does not concern me as I am not worried at all about anyone knowing the area I live in as myspace displays that anyway. This indeed answered my question quite thoroughly/
I agree with everything you said. A word to the wise is sufficient but most people need a longer explanation. You said
never accept a file transfer that you don’t expect, or don’t completely trust. There are viruses that routinely propagate by using file transfers to trick you into downloading something that’s not at all what it would seem.
That is 100% correct but some people might not understand what that means and feel safe in running an attachment sent by a trusted friend. However, most viruses I’ve received were from trusted friends whose email program had been hijacked by a trojan. I actually ran the first one thinking it was a program sent by a friend. So I would take the warning one step further. Don’t run any email attachments unless the sender specifically contacted you and told you they were sending this progam, otherwise it might be sent from their computer without their knowledge.
We recently had a client call us for exactly that reason. She kept getting complaints from her friends, wondering why she was sending all these porn e-mails. It turned out her computer was infected with a program that harvested her address book and spammed to it. (Fortunately, it appears that it didn’t forward the address book back to the “real” spammer, as cleaning her system stopped the e-mails.)
Given the following comment — “I wonder at her occasional conversations if indeed she could be snooping such as in My Pictures folders” — could he perhaps be set up to share pictures with the other person? (see also http://help.live.com/help.aspx?mkt=en-us&project=WL_Messengerv9&querytype=keyword&query=nogol)
Since he mentions this is an “old flame”, isn’t it more likely that at one time he accessed his IM account on her computer and it saved his password? My current boyfriend told me once that he had used his ex’s pc and when the pop-up window came up to remember the password, he accidentally clicked yes. I suggest this guy change his password and see if the strange conversations stop.
An important side note…I fell for this one…it’s quite possible to be spammed through IM’s…please read on.
I’m an IT guy and my friend is also an IT guy. While chatting about something technical in Google Talk, we were sending each other links. We also routinely make fun of very bad English (aka “Engrish”). This particular day, in the midst of our tech chat, I get a message through Google Talk from him, it’s written in very bad “Engrish” and it has a link. Thinking my friend is just being goofy, I clicked the link and it took me to a very strange web page. I looked around on that page and then replied in Google Talk to my friend, “What is this?” At that point, he was completely confused how that message was sent to me because he DID NOT SEND IT. This is a close friend and I trust he was just as confused as I was. Our conversation was somehow hijacked and this simple spam message and link were inserted into it. I got off lucky because it did not ask me to “log in”. If it had been a Google-style login, I very possibly would have tried logging in because again, it was a perceived good link from a trusted friend. He and I both reported this too Google on a message board along with many others…so apparently I’m not the only victim of this sort of thing.
Someone is reading my IM’s while they are logged off and are telling me everything I am saying to someone else. They are doing this with my emails as well. What do I do to fix the problem.