Some issues facing P2P users include:

The biggest viral threat comes from the sharing, unintended or not, of infected files. Some users do not know that they have been infected and they put up their file collection for the world to download. Others intentionally distribute malware, ranging from the casual script kiddie who wants to feel empowered, to a hacker who shares a Trojan to allow him full control over another computer.

Because anyone can share anything, it is very hard sometimes to tell whether the files being downloaded are indeed the authentic files. Media giants offer apparently popular music or films to sniff out copyright violators in an effort to try to protect their products from being distributed illegally online. Anyone who has recently downloaded popular music tracks from Kazaa and the like can tell you just how many bogus files are out there.

Many P2P clients claim to be free of charge. To subsidise the development cost, some developers partnered up with advertising companies to include spyware and adware in the P2P program.

Not all P2P clients are made the same. Some are developed by ragtag teams following ad hoc plans, resulting in barely functional, extremely buggy clients that are prone to security breaches.

With all the media hype surrounding reports of P2P users being sued by big record companies, one cannot ignore the issue of copyright violations.

P2P networks can never be secure unless drastic measures are taken uniformly at the end user level, something that is very unlikely to happen. Due to their decentralised nature, file sharing on a large scale across P2P networks will likely remain a dicey undertaking. However, there are measures that can be adopted to minimise the risks.

It is always wise to look up a program you are about to install for any security issues; P2P clients are no different. By running a simple search on a reputable search engine like Google with the words spyware, adware or security issues appended to the name of your program can often reveal whether what you are about to install is safe or not. Websites such as Zeropaid.com has extensive reviews of P2P clients and an extremely vibrant and knowledgeable user forum and these sites are likely to expose any issues that might make one think twice before installing.

This explosion of IM and P2P file sharing applications at work is a new security challenge, with employees able to easily download such applications free, without detection on the IT department's radar screen. So, it is important for IT managers to understand the business risks associated with the growth of IM and P2P usage.

The potential in cutting communications costs by adopting P2P networks using VoIP services, such as Skype, has to be balanced against the security threats posed by an unfamiliar, potentially insecure technology.

By November 2005, there had been over 215 million downloads of the free Skype VoIP client. A campaign against the threats offered by Skype has been gaining momentum however, with some analysts calling for companies to adopt an outright ban against its use, labelling it ‘undetectable, untraceable and unauditable’ and even threatening companies' ability to satisfy compliance regulations.

The general advice for organisations planning to use Skype is to ensure it is managed with policies and diligence.

 

Integrity IM Security provides the needed protection against the threats of today and tomorrow.  It is an endpoint-based solution easily enabled on the Integrity client. Integrity IM Security protects IM regardless of the IM service used and enables the central management of the following:

Message encryption - uses 3DES encryption to ensure the privacy of message content.

Harmful content filtering - inspects user text in messages and strips out either executable links or all URL links, based on IT’s configuration. It also inspects the messaging protocol for file attachments and can strip out all attachments or the ones based on IT-specified extensions.

Unsolicited communication blocking - compares contact names, captured from buddy lists at log in, with those of incoming messages. To prevent SPIM, a message will be blocked if there is no matching contact name.

Service and feature usage controls - easily enables or disables IM controls via checkboxes. Features such as blocking audio, video and file transfers are included. IT can also configure which IM services are allowed and the level of access.

Symantec IM Manager seamlessly manages, secures, logs and archives corporate IM traffic with certified support for public and enterprise IM networks, including granular policy enforcement and security controls for files, audio, video, VoIP, application sharing and other real-time communication capabilities.

Symantec IM Manager secures corporate networks against external threats such as IM viruses, worms and malware through usage of real-time content filtering, worm and virus signature detection, behaviour based threat protection and file based anti-virus scanning.

It also provides organisations with the tools to enforce content and regulatory compliance policies for all aspects of IM use, including the ability to selectively log messages based on user attributes, selectively insert message disclaimers and integrate directly with enterprise retention and discovery solutions.

Instant Messaging is fast becoming a critical tool for time sensitive business communication. More organisations are employing IM as a real time collaboration tool with partners, customers and employees. Inherent in these conversations are business critical information, which should be centrally managed.

CA Message Manager IM Link (IM Link), an add-on module for CA Message Manager Archive, is designed to intelligently process IM message logs delivered by CA's IM partner interfaces. IM Link is transparent to the user, requiring no desktop software and no alternation to the user's IM identity.

IM Link integrates seamlessly with CA Message Manager modules and addresses regulatory compliance with regards to the archival of IM, as well as providing a knowledge repository of these real-time communications for use in electronic discovery.

• Works with all corporate and consumer based IM products
•  Captures transcripts of all IM conversations
• Uses Natural Language Processing to contextually scan all IM conversations
• Provides statistical usage reports
• Archives data to virtually any storage device.

Websense Web Security Suite protects against IM security risks, spyware, malicious mobile code and phishing and pharming attacks, alongside blocking spyware and keylogger backchannel communications from reaching their host servers.

In addition, only Websense Web Security Suite offers the Websense Web Protection Services that help protect organisations’ websites, brands and web servers.

• Lowers the risk of intellectual property theft and malicious attacks through IM, IM attachments and protocols, such as P2P, e-mail, file transfer and others
• Proactively discovers web security threats
• Protects against web security threats before they reach the desktop
• Stops resident spyware and keyloggers from doing damage
• Blocks malicious HTTP traffic on all ports
• Swiftly alerts when websites or brands are under attack and reports web server vulnerabilities.

Live Communications Server 2005 delivers IM and presence as part of a scalable, enterprise grade solution offering enhanced security, seamless integration with other Microsoft products and an extensible, industry standard development platform. Organisations can realise cost savings and improved business efficiencies, increased individual productivity and enhanced intellectual property protection with this easy-to-manage, highly available solution.

Collaborate with business partners and other organisations as easily as co-workers while protecting sensitive business information. By providing encrypted and optionally logged transactions between public IM data centers and Live Communications Server internal users, organisations can more securely and effectively connect information workers to the most popular public IM services (MSN, AOL, and Yahoo!).

Trend Micro™ IM Security for Microsoft™ Office Live Communications Server (LCS) delivers advanced protection from malicious code and inappropriate content. IM Security for LCS can be centrally managed and administered and runs with minimal performance impact to LCS. Incident-based archives support quick and easy searches for content violations. Complete with instant notification through LCS and comprehensive real-time reporting, IM Security helps administrators deploy and maintain a virus-free IM environment with secure content.

Trend Micro IM Security blocks viruses and inappropriate content by securing IM traffic travelling through LCS. Administrators also can monitor usage and control messages between groups of internal users, as well as block traffic between users—all with minimal impact on LCS system performance.

The MessageLabs Enterprise Instant Messenger (EIM) Service is designed to optimise corporate IM use. The service eliminates risks and concerns arising from traditional IM and file sharing offerings by providing secure communications, sophisticated administrative features, the ability to map existing enterprise hierarchical structures, IM logging capabilities and interoperability with other consumer messaging networks.

The EIM service has an enterprise class secure EIM client (a Professional Online Desktop - POD) that is installed simply by downloading it to a user’s desktop or ‘pushed’ to the user base using Microsoft Installer (MSI) technology. Administration and configuration of the service is easily managed via a web-based administration and reporting tool. Once enabled, users have the ability to securely chat and exchange files with other users, safely federate with users of leading consumer networks outside of the MessageLabs enterprise IM network such as AOL, MSN and Yahoo!. Administrators also have the ability to monitor use of IM through an extensive reports tool available in an easy to use web-based portal.