As with all online communication, security is an issue, and many users desire secure instant messaging. Because of the nature of competitive corporations, the most popular instant messaging protocols are proprietary to the companies that manufacture the instant message software. Microsoft Messenger uses the .NET protocol, the instant messaging protocols used by aol instant messenger are OSCAR & TOC, and Yahoo! messenger uses the YMSG protocol.
What this means for the average user is that using one of the three clients listed above precludes communication with users of another client, in much the same way that in the past a user of a PC could not exchange information with a MAC user. The most common reason that security becomes an issue is because these clients were designed for the home user, and data exchanged is rarely encrypted, and the machine is often left vulnerable to outside access. The main instant messaging protocols work as follows:
1) Yahoo!: In this system, users log into a central Yahoo server which tracks which other users are online. One logged in, a user may then initiate chat with other users directly. By default the protocol will use port 5050, but, like other instant messaging protocols, it will look for other open ports if 5050 is blocked (usually HTTP ports.)
2) MSN Messenger: Like Yahoo!, this instant messaging protocol works with a central server that the user logs into to find other users. By default this instant messaging protocol works on port 1863, but like Yahoo! it will search for other ports if this one is blocked.
3) OSACR: This stands for Open System for Communication in Real-Time, and is the instant messaging protocol used by AOL Instant messenger. This instant messaging protocol is slightly different in that users log into a central server, but the messages themselves also pass through this server, as opposed to going between each user directly. The default OSCAR port is 5190, and again the client will search for other ports if this is blocked.
So what does this mean for the user concerned with secure instant messaging? Primarily, this means at PC with instant messaging software becomes exposed to viruses. For example, there has been an aol instant messenger virus, which worked by creating a fake link in someone's profile, and when clicked this link took the user to a website where a virus was downloaded. Another recent aol instant messenger virus alert described a virus that can track keystrokes, which could include passwords and credit card information. Once infected with the virus, a 'back-door' is created whereby someone could gain control of the infected machine.
Security is an issue with all internet communication, and instant messaging clients are no exception. It is important for the user to heed this, and understand that instant messaging protocols are not secure: personal and / or important data should never be sent through these clients. If you follow this advice and also use up to date virus software, however, security issues in instant messaging protocols should pose little concern.