AIM (software)

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by 76.185.10.76 (talk) at 01:45, 6 December 2006 (→‎AIM terminology: changing to reflect earlier things in article). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

AOL Instant Messenger
Developer(s)AOL LLC
Operating systemWindows (older versions for Mac and Linux)
TypeInstant messaging client
Websitewww.aim.com/
"AIM" redirects here. For other uses, see AIM (disambiguation).

AOL Instant Messenger (AIM) is an ad-supported instant messaging and presence computer program, released by AOL in May of 1997, which uses the OSCAR instant messaging protocol and the TOC protocol. AOL instant messenger (AIM) is often used by teenagers.

Versions

AIM has had the following current official versions available at http://www.aim.com :

You can also obtain past (windows) AIM versions at oldversion.com.

About

AIM allows users to communicate instantly through text to their "buddies" (or bots such as SmarterChild, ZolaOnAOL, AOLSafetyBot) around the world, provided they have the AIM software. AIM has 53 million users (March 2003)[1], with a large portion using Internet slang. Advocates claim that it is easy to locate these users by visiting chatrooms that AOL has set up solely for those purposes. Chat topics range from being "alone at home" to "current affairs." AOL also has a member directory where AIM users can locate others online who share their interests. AIM is also noteworthy for its use of buddy icons and buddy profiles, allowing its users to construct a personal avatar and small personal information page.

AIM's setup varies greatly from Windows Live Messenger in that it does not require approval from one buddy to be added to another's buddy list (MSN's default settings notify its users after someone has added them to their list and let them choose whether or not to block that user). As a result, many users keep other unsuspecting users on their buddy list to read their profiles or see if they are online (if the other user had blocked them before), A user can block another user from all communications, but some users keep extra usernames for avoiding these blocks.

Since version 2.0, AIM has included person-to-person text messaging, chatroom messaging, and the ability to share files peer-to-peer with one's buddies. Somewhere in the 4.x series, the AIM client for Microsoft Windows added the ability to play games against one another (This uses the WildTangent engine, which is listed as adware.). Recent (4.3 and later) versions of the client software store one's contact information on AOL's servers, so one can keep track of up to 600 buddies from any computer with Internet access. AIM increased this capacity to 1,000 buddies with the release of AIM 6.0 in November 2006. Stand-alone official AIM client software is available for free for Microsoft Windows, Mac OS, Mac OS X, Linux, Windows CE, and Palm OS. It was believed that versions of AIM including and above 4.0 contained a clause in the software license that disallowed the use of third party clients, so some users still use the 3.0 series of AIM. However, the latest version of AOL Instant Messenger's software license does allow the use of third party clients, subject to the terms and conditions of that third party.

There is also a version of AIM, called AIM Express, that is implemented in DHTML and runs in a web browser. It is intended for use by people who are unable or unwilling to install an executable client on their machines but still want to use instant messaging. AIM Express supports many of the standard features included in the stand-alone client, but does not provide advanced features like file transfer, audio chat, or video conferencing.

The standard protocol that AIM clients use to communicate is called OSCAR. AIM Express uses another protocol called TOC. TOC has also been made available to the public, which some people believe is an attempt to throw a bone to third-party client developers and lure them away from OSCAR. If this is the case, it has not been entirely successful. AOL often changes the details of the OSCAR protocol, which tends to keep third-party clients from working properly. This has resulted in quite a bit of difficulty for programmers of third party clients.

Apple Computer's iChat AV software, released in June 2003 for Mac OS X, was the first AIM-compatible client to allow for audio and video conferencing over the AIM protocol. At that introduction, Apple CEO Steve Jobs announced that iChat was the first AIM client not made by AOL to be officially recognized by AOL. In February, 2004, AIM 5.5 was released, allowing Windows users to video conference with each other and with iChat users. Although AIM is the most feature rich official release of a mainstream instant messenger for the Apple Macintosh, it lacks several features that the latest Microsoft Windows version offers. AOL has announced that they will no longer develop the official AIM client for Macintosh, instead opening the AIM protocol to third parties.

AIM software is the first to use online video streaming advertisements, using ads from EyeWonder.

AOL has recently released its new client software, AIM Triton. Triton is an overhauled version of the AIM client, which has many of the features from the popular third party plug-ins, including tabbed messages and AIM logging. Triton replaces the classic AIM client software. Along with the release of Triton, AOL opened up AIM for developers, allowing anybody to create a plug-in, or AIM custom client for Windows, Macintosh or Linux. People may also embed AIM online presence on their websites.

AOL has also recently released AIM Mail with the latest version of the AIM client, offering 2GB @aim.com e-mail accounts for all users. Beyond the account size, AIM Mail boasts both webmail and IMAP interfaces, as well as AIM presence and Single Log-on.

AIM is known for security weaknesses that have enabled exploits to be created that use third-party software to perform a myriad of malicious acts on users' computers. Although most are harmless and merely annoying, such as being kicked off the AIM service, others perform potentially dangerous actions such as harvesting IP addresses and sending viruses over a direct connection. Some of these exploits rely on social engineering to spread by automatically sending instant messages that contain a URL accompanied by text suggesting the receiving user click on it, an action which leads to infection. This approach typically makes use of a security hole in Microsoft Internet Explorer as the method of infection.

AIM Pages was released in May 2006, allowing the 63 million AIM users to create an online, dynamic profile. The buddy list serves as the basis for the AIM Page social network. An AIM Page is built using modules following the ModuleT microformat. Anyone may create a module to share with other users.

AIM terminology

AIM and AOL use several terms for elements of their instant messaging, which are different from other messengers. These include:

  • Away message: A function of some instant messaging applications whereby a user may post a message that appears automatically to other users if they attempt to make contact, and he or she is not available. It is analogous to the voice message in an answering machine or voice mail system. However, away messages are often updated much more frequently than messages in answering machines, and thus may serve as a means of instant, limited "publication" or indirect communication. Away messages are stored on the local hard drive, so if there are multiple computers with multiple instances of AIM, when an away message is added to one instance, AIM does not automatically update the other instances. (Advanced users may want to check out the FAQs to see how to export away messages from the registry.)
  • Buddy List: The centerpiece of AIM, a list containing the status of up to 600 buddies stored on an AIM server so you can access this list from any instance of AIM. The status can be 'online', 'away', 'idle', 'mobile', or 'offline'.
  • Screenname: Term for user name with AOL origins. These are available for free along with software downloads from AOL
  • Spim: Spam over Instant messaging. The spam problem in e-mail has the potential to spread to Instant Messaging, in the form of one-line advertisements. As a closed network, AOL has been able to block most SPIM, but some still passes through to users.
  • Warning: If a user feels a received instant message is inappropriate, he or she can "warn" the sender, which increases the sender's warning level. Warning levels reduce the rate at which users can send messages and can eventually cause a given ScreenName to be unable to sign-on for a period of time. The warning system has been controversial, with those opposing it claiming that it can be abused easily, and just as easily avoided by creating a new screenname to continue harassment. The latest changes to AIM resolve some of the abuse. The warning feature is no longer used in AIM Triton or AIM 6.
  • Block: If a user is feeling threatened or annoyed by someone, he or she can "block" the sender, which prevents the sender from contacting the user with his or her current screenname.
  • Direct connection: AIM users can connect to each other on port 5190 and send various forms of media. However, this has security issues.
  • An AIM Closed List, Buddies Only, or Privacy refers to the option on the AOL Instant Messenger client to allow only users on a screen name's buddy list to contact him/her. This is to prevent harassment or spamming, and is also a secure way to chat.

AIM URI scheme

AOL Instant Messenger's installation process automatically installs an extra URI scheme ("protocol") handler into some web browsers, so that URIs beginning "aim:" can open a new AIM window with specified parameters. This is similar in function to the mailto: URI scheme, which creates a new e-mail message using the system's default mail program. For instance, a web page might include a link like the following in its HTML source to open a window for sending a message to the AIM user notarealuser: 

<a href="aim:goim?screenname=notarealuser">Send Message</a>

To specify a message body, the message parameter is used, so that the link location might look like this: 

aim:goim?screenname=notarealuser&message=This+is+my+message


Malware

Viewpoint Media Player is a program that is installed during the installation of AOL Instant Messenger that is a plugin for displaying graphical content in the software's own proprietary format. According to the software's end user license agreement, Viewpoint Media Player collects usage information and forwards it to Viewpoint servers. Each installation of Viewpoint Media Player contains a unique alphanumeric identification number that can be used to uniquely identify an installation of the software.

A successful attempt to remove Viewpoint Media Player while AOL Instant Messenger is still installed will cause AOL Instant Messenger to reinstall Viewpoint Media Player the next time AOL Instant Messenger is run. This advertising can be completely removed however with third-party hacks, including Aim Ad Hack.

It is very difficult to remove Viewpoint by hand. Many files are hidden or hard to find. Deleting the Viewpoint folder and the viewpoint related files in the AIM folder does not remove it, but it will not be able to update.

Since the AOL Instant Messenger protocols do not require the AOL Instant Messenger program, users that are concerned about Spyware/Adware are free to check out other client programs.

Recently, AOL Instant Messenger has suffered from an influx of viruses and trojans, which are transmitted when a user clicks a malicious link. When a user is affected, the link may be inserted into the user's profile or away message, with no way in which to remove it. The worst case is when the trojan causes the user to automatically send messages containing the malicious link to people on the user's buddy list in an instant message conversation window. These links are often well disguised as links to pictures of the user (ie: "Click here to see pics of me from vacation!" or "Is this you?") and since the messages are coming from a user's friend, they assume them to be authentic links. Some of these links will automatically download a malicious .com file to the user's computer, thus infecting it.

On September, 18 2006 research experts led by Christopher Boyd and Wayne Porter at FaceTime Security Labs, the threat research division FaceTime Communications,identified and reported a new worm known as [2] that is propagating over AOL Instant Messenger. The worm delivers an executable file disguised as a JPEG, which in turn calls out to various host computers that download a variety of infection files including rootkits and Trojans that may further propagate the worm through the user's AIM Buddy List. FaceTime researchers believe that the ultimate goal of the W32.pipeline is to create a sophisticated botnet that can be used for a range of malicious purposes.

Once the user's PC is infected, it becomes part of a botnet and is under complete control of the attacker to use for a variety of purposes that could include relaying spam, performing distributed denial-of-service (DDoS) attacks on other computers or committing financial fraud against online advertisers – commonly called click-fraud. In addition, the potential is high for loss of sensitive personal data stored on the user's PC.

Like many IM worms, W32.pipeline first appears as an instant message from a familiar contact, luring users into clicking on a link with a contextual phrase. The IM message "hey would it okay if i upload this picture of you to my blog?" downloads a command file called image18.com, which is disguised as a JPEG. Running the file results in csts.exe being created in the user's system32 folder, part of the Windows operating system.

The infection has the potential to call, via the Internet Relay Chat (IRC) channel, numerous other files that are constantly being updated. Depending on the files downloaded, the infection may create an unwanted service named RPCDB, open up SMTP port 25 (used for email) and attempt to connect to a file upload site. In addition, some files attempt to exploit ADS (alternate data streams). Users may also potentially end up with a rootkit installed on their PC as a result of this chain of infections.

Once the user's PC is infected and under control of the botnet, it can be used to propagate the worm to other users using the same highly refined contextual message, for example "hey is it alright if i put this picture of you on my egallery album? " which will download another command file, again disguised as a JPEG, on additional computers.

FaceTime researchers have noted that this botnet demonstrates much more sophisticated characteristics than any they have seen before, including the ability to authorize only specific IRC clients to log in and manipulate the botnet.

Users can avoid these problems by practicing discretion when clicking any links on AOL Instant Messenger, whether in away messages, profiles, or conversations. If a user were to hold his/her cursor over the link for a second or two, the URL of the link would be displayed. Some of these malicious links are obvious just from the URL alone, as some messages claim to show someone pictures of a user, yet do not end with a .jpg, .jpeg, .gif, .png, .html, .htm, etc. extension. To prevent AOL from being liable for such infections, the window of a user's profile now states "Warning: Links may contain viruses or trojans."

See also

External links

Online versions of AIM
Retrieved from "https://en.wikipedia.org/w/index.php?title=AIM_(software)&oldid=92362591"