MSN Messenger Access To Be Restricted

linuxwrangler writes "According to Infoworld, Microsoft has announced that as of October 15 some third-party software and older versions of MSN Messenger will no longer be able to log in to their Instant Messaging service. Microsoft cited 'security issues', but declined to offer specifics. The company sent an email alert to Messenger users, but users reported thinking the message was a hoax or virus after receiving over a dozen copies of the email."

Well...

[Exitthree]

It's not vendor lock-in if someone else has the key. So yeah, it is a security measure. ;)

uh huh...

[Penguin+Follower]

.... bullshit!! They just want to close off their service.

Re:uh huh...

[Snoopy77]

The guys at Trillian have been managing just fine over the years, working out how the various IM communicate and successfully implementing the protocols. This is just some MS FUD to get people to stop using the likes of Trillian. But never fear, I bet by OCt 15 I'll be logging into MSN via my updated version of Trillian.

It WILL be reverse engineered

The trillian developers are probably working on it as we speak

Re:It WILL be reverse engineered

[japorms]

Indeed. I remember when AOL tried blocking Trillian. It was only a matter of time before Trillian got it's AIM protocol up and running. What puzzles me though is in the past when MSN upgraded their service, they notified Trillian that they were doing so. I guess the times have changed.

security, eh?

[dema]

Microsoft cited 'security issues', but declined to offer specifics.

The "security issue" is, of course, the "leak" of vital advertisement money they would be getting (:

Re:security, eh?

[nolife]

It's odd that they claim a client can be a security issue. If a rogue client has more or less access to a server and can do things to the server it should not be doing, the problem is the weak security of the SERVER. I don't remember if anyone remembers having fun with WinNuke back in 1997 but I believe the initial responses from MS was Windows itself was not really the problem, it was the rogue software and clients causing it as they were capable of sending OOB packets which would then crash Windows.

Re:security, eh?

[cyril3]

I assumed they meant a security issue for the user of the MSN client ie as a vector. They are saying that the old versions are so hopelessly compromised that they won't allow them to be used in future.

Re:security, eh?

[epsalon]

It can be a security issue. I don't know the details of MSN, but consider a different network: ICQ.

The ICQ network allows anyone to add anyone else to his or her contact list without notification or authorization. The client simply sends the contact list to the server upon connection. If the server is to support older clients, it must allow for clients to be able to add users without confirmation, because the older clients don't do anything to confirm the user allowed them to add him or her.

As the old PROTOCOL is flawed, the only way to fix the problem is to remove support for the protocol from the server. This will consequently lock out older clients.

This is just a guess of a possible security reason. I guess the real security reason is the security of Microsoft's bottom line.

Use AIM/ICQ/YIM instead?

[Wavicle]

Seeing as how the IM market is fairly competitive, and all those work with Trillian as well, is there any reason people wouldn't just leave MSN IM? Or is their service really that popular? (it's the only trillian service I've never used)

Re:Use AIM/ICQ/YIM instead?

[steve_l]

One issue with fragmentation is that metcalfes law works in reverse: exponential loss of value.

If a network is split in two, the value of each network is (.5)^2, or a quarter of the value were the network to be united.

Even though there are now two separate networks, the total value is half what it would otherwise be.

Formal agreements

[Phiz]

"We are very interested in interoperating with all third parties, there just needs to be a formal agreement,"

Requiring formal agreements could be a sly way to keep open source software out. How would an open source project go about making such an agreement?

Re:So sad....but i don't care

A LOT of people use MSN Messenger. It's bundled with Windows, of course.

Security is a bogus reason

[the-banker]

The implication that a network is more secure by only allowing MS developed software to access it is bunk. There is no logical reason why restricting clients and implementing security-through-obscurity will reduce anyone's exposure to network security problems.

Well, I guess it would reduce Microsoft's exposure since everyone using the network would have agreed to a Draconian EULA that stripped them of all their rights.

Be assured, this is not about security, it is about control.

Re:Security is a bogus reason

[malfunct]

The article seems to imply that the issue stems from the fact that currently MS is providing 2 interfaces to messenger, one "old" one that most third-party software is implementing and which MS thinks is insecure, and one new one that MSN Messenger implements that MS thinks is secure. They want to remove the old interface and close the security hole. (whether any of this is true I can't say, thats just what the article seems to say) MS is offering to help third-party software implement the new protocol if the third-party is willing to contact them and work out an agreement.

I put this in the category of "it might be bad" and will wait and see what happens. If MSN locks out third parties then its pretty easy to start using one of the half a dozen IM clients in existance and I can kiss MSN messenger goodbye.

Re:Third parties not totally cut off...yet

[the-banker]

I am sure this has less to do with exorbitant fees and more to do with licensing restrictions. Do you really think MS will allow a GPL'd piece of software to access their network after the anti-GPL campaign they have conducted?

MS is stifling interoperability. Just like they have in the past, and just like they will do in the forseeable future.

Re:Third parties not totally cut off...yet

This is probably a stupid question, but how do they cut off all other clients? Surely any client could tell MSN's servers that it's the latest Messenger version?

Maybe they'll encrypt the data, also making any attempt to circumvent it a violation of the DMCA. Genius!

Only on slashdot...

[barryfandango]

... do you see something like this:

uh huh... ... bullshit!!

(Score: 2, Insightful)

What is it about microsoft articles that cause the average IQ to plummet around here?

Re:Wasn't it MS who was fighting to make AOL open

[archen]

This is pretty typical of Microsoft though, so it isn't really any surprise is it?

[1] Attempt to crack market with new software
[2] Bundle software with OS - make pain in ass to remove
[3] wait for large user base to build
[4] close off to other vendors (you are here)
[5] wait for competition to die off

[6?] China decides to make it's own impementation =P

Re:Oh shit, it's the end of the world

I couldn't google recent numbers but I am pretty sure that AIM is still well in the lead on unique users and they have been trying to restrict interoperability for years. If anything, doing that has driven people to other programs.

You know...

[GeekGirlie]

the only reason I use Trillian to access MSN Messenger in the first place is because the newest upgrade of Messenger locks up my computer. Maybe if MS could make something more stable than Trillian, they wouldn't have to worry about their competition.

Re:It doesn't matter

[Overly+Critical+Guy]

How funny and clever it is to randomly reference SCO for no reason other than to get a "Funny" mod. Especially since it's done in every single article, every day.

Re:Third parties not totally cut off...yet

[fermion]

It is not even a matter of cost. It is a matter that MS can dictate any arbitrary aspect of the functionality or distribution of anything. Some possibilities:

1. All software is property of owner, but cannot be open sourced and must be distributed under a standard MS license.

2. MS has a need to collect personal informations. All clients of MSN Messenger must supply any requested information.

3. MS has the right to cut off access at any time or demand an upgrade.

4. All clients must support ads that cannot be turned off, including pop ups.

5. The API only works in .NET. No other development environment can be used.

6. The messager requires IE.

7. The users of the client must accept email from MS and any associates.

I am sure that others can think of many others.

Not about open-source, about profit

[SuperBanana]

Requiring formal agreements could be a sly way to keep open source software out.

It's not a "sly way to keep open source software out"*, it's a not-so-sly way to counter OTHER people getting ad revenue/sales off YOUR network service, among other things.

MSN messenger only really makes money off:

• ads
• way to get people to use MSN instead of AOL- after all, if all your buddies are on MSN messenger, you're not going to sign up for AOL no matter how many free hours, right?
• Way to let MSN users stay in touch with MSN buddies, without running the full MSN client(say, at work)

(last two being market-share 'enhancers')...which is pretty much why AOL offers AIM independently too. When a client like Trillian is a)letting people use your service without showing you ads and b)letting users talk to anyone on any network...well, now, you've just shot 2 out of 3 reasons for MSN messenger's free-ness, haven't you?

Not to mention, someone at MSN's sales deparment finally realized "Hmm,, people are making money SELLING a client for our network! Hey! I bet WE can get a piece of that money!" They probably approached Trillian, Trillian probably told them to go screw, and MSN said "hah, watch us pull the plug". So, basically, Trillian etc will be forced to sign an agreement forking over xx% of their [gross/net/whatever] sales, the business world will perhaps do a little more than yawn, and the sun will rise tomorrow...meanwhile, Instant Messaging Planet will generate a dozen news stories and at least one conference over the whole thing ;-)

* let's drop the persecution complex, for crissakes- companies do things for one reason, and one reason only- to MAKE MONEY, not join The Man in fucking open source over.

Re:I didn't get a message

[Lemmeoutada+Collecti]

All of which were retractions to prior bulletins because of flaws in the patches for the flaws, like I got?

MS02-040 REVISED: Microsoft Security Bulletin MS02-040: Unchecked Buffer in MDAC Function Could Enable System (Q326573)
MS03-030 REVISED: Microsoft Security Bulletin MS03-030: Unchecked Buffer in DirectX Could Enable System Compromise (Q819696)
MS03-029 REVISED: Microsoft Security Bulletin MS03-029: Flaw in Windows Function Could Allow Denial of Service (Q823803)

And people wonder why I won't install a MS Patch on a production system without thorough testing.

They have a proven (and documented) track record of breaking things, both intentionally (DR-DOS) and unintentionally. They have been convicted of anticompetetive practices.

And they expect me to believe that this move is for 'Security'? Sounds to me more like the security of their wallets.

Amazing

[josh+crawley]

I'm amazed that there isn't a single person on Slashdot who can figure this out. I hear plenty of conspiracy theories about how Microsoft wants to maintain their marketshare (for a free piece of software?) or that they don't want the protocol in the public domain (here's a hint: the APIs are all documented at MSDN Library) or that somehow this is some evil ploy to enslave all those people who couldn't just go use another FREE IM network. None of it withstands the test of logic.

The only thing, and I mean the ONLY THING this is about is preventing the sort of widespread IM Spam garbage that permeates other IM networks. Messenger has always been top notch at this in the past, but if they don't lock down the service to known, registered client programs, it's just a matter of time until someone creates a high volume IM spambot (if they haven't already).

Alarmist FUD

[earache]

They are only blocking OLDER versions of the protocol. The article misrepresented the intent of the bulletin.

Bah...

I don't care. The minute amsn stop working I'll give away my @hotmail and @msn accounts.

Re:Gaim?

[FxChiP]

While Microsoft does say that they'll "prevent third-party software from accessing their networks", and while Gaim is third party, I don't think it will take Gaim long to re-implement a protocol.

The only way I can see Microsoft truly breaking third party support, is if they break support with all of their earlier clients - as this is what the third party software emulates.

But even if they do break that support, Gaim'll eventually implement a fix. It may take a while (about a month or longer I'd wager) but I'm damn sure they'll be able to do it.

Besides, breaking MSN support would be monopolistic of Microsoft. Not like that's new however. :)

Why is this such a big deal?

[EvilSporkMan]

It's not like Microsoft's network does a much better job of sending text or files ANYWAY...the text gets across no matter what client you're using.

Re:Pioneer days...

[Jerf]

I'd much rather not have to rely on a remote computer for communicating through other mediums.... 1. Decentralized message transfer. I don't want my message going in whole form off across the network, to run into any old stumbling block like a central server or network outage.

You don't have to rely on remote servers... Jabber is decentralized. To make this happen, run a Jabber server on both the target and destination machines. Voila, only two computers involved in the IM transaction.

If that's not good enough and you're thinking even more decentralized, then you're getting really radical and you're going to find other nice properties of an IM system will suffer; in particular all schemes for even further decentralization will cost you full seconds (or even tens of seconds) for routing, and I think you'd find that largely unacceptable if you actually had it working in front of you right now.

You'll need to run a server on either machine anyhow if you're going to have a "decentralized" system, it's oxymoronic to try to create a "server-free" system, so it might as well be Jabber. (Remember "server" here just means "recieving TCP/IP packets".)

Of course, by running your own server, assuming it's on a machine that isn't always on, you sacrifice the benefits of running the server on an always-on system, like message queueing while you're offline... but if you're like me and don't consider IMs to be critical, that's fine.

2. I want it to be encrypted (by default and as part of the protocol, so my non-techie friends don't have to touch it to be done properly..

Valid criticism, though this is a client problem, not a server or protocol problem.

3. Easily integrated other types of data through use of a paralell decentralized stream (sounds contradictory, doesn't it?). I want to be able to easily put files across to the other user, streamed if I'd like to, for webcam use. Something of an IRC blend in that latter aspect of it.

This is covered in the Jabber protocol, via the OOB specification. I believe some of the clients implement this. Some of what you are saying is sorta contradictory sounding; Jabber is as decentralized as you can reasonably get already.

4. Obviously open source. Not even a question. I want people tinkering with this constantly, making it better and harder to interfere with.

The Jabber server is listed as GPL v. 2 by my Gentoo portage system. It doesn't get much more open source then that. The existance of a commercial branch is a net gain; it makes it that much more likely it will continue to be around.

It would be popular and desireable enough that I wouldn't have any friends on the other mediums to bother with.

Of course there's not a damn thing any IM program can do about that; not even Microsoft can create users by executive fiat.

but a bit quicker due to the message protocol itself, which is vague in my head, but starting to form.

I don't think you dislike Jabber... I think you tried one or two, probably half-baked, clients and disliked those. Sounds to me like Jabber is 90% of the way to what you want, except for the "number of people using" it issue which really can't be held against the IM system itself. Please don't try to create a competing protocol; you'd be much better off spending your time polishing up one of the more-mature Jabber clients to add the last couple of features you want, not creating an IM system from scratch.

(My other desire is better compression of the stream; apparently SSL gives you this in addition to security, so I guess that kills two birds with one stone if you get more people to use that automatically.)

Re:Gaim?

[edwdig]

You're forgetting that Microsoft has to play catchup with AOL when it comes to IM market share.

If Linux users want to do all the work of support MSN for them, I don't see MS having anything to lose right now. If MS was in AOL's position, then I could see them shutting out the Linux people making sense. But if someone is willing to help you fight a war that you're losing, why fight them?

Re:Not necessarily

[NortWind]

What would really surprise me is if they actually use some GPLed public/private key encryption!

You know that they could use a GPL'ed encryption scheme, and still it would not be crackable unless MS gave^B^B^B^B sold you a valid secret key. I'm betting they just make the price of a valid key for your IM program a) secret (to find it out, you have to promise not to tell) and b) horrifically high.

System requirements to run a chat program

[KiwiEngineer]

Confession: I am a cheap b@st@rd with my home PC. It is a P-100 running Win98, and it does all I ask of it - IRC, web surfing, and occassional light MS office work.

Why does a text based chat program have a recommended system that is at least a Pentium running at 500MHz+?

If it was doing PGP encryption on the chatting, or was doing something more impressive than parsing text at a rate far less than 100 words per minute I could see the need for some processing power, but this looks like (yet another) bloat for no great increase in utility.

System Requirements for Version 6.0Minimum System Requirements:
Multimedia PC with 233MHz processor or faster (500MHz recommended)
Microsoft Windows 98, Windows 2000, Windows Millenium, or Windows XP operating system
Minimum 64MB of RAM (128MB recommended)
Up to 50MB of hard disk space needed to install -- after install, up to 15MB may be needed
256-color VGA or higher resolution graphics card (SVGA recommended)
Minimum 800x600 screen resolution
Microsoft(R) Internet Explorer version 5.01 or later must be installed on your computer, though it does not need to be your default browser

Re:Gaim?

[Feztaa]

The code to GAIM is freely availeable for Microsoft to audit, so theres at least a small chance they will certify it as not being a "security risk".

No offense, but are you smoking crack?

MS will never, ever endorse gaim. You see, Microsoft is something of a Monopoly, and they have demonstrated many times over that if they are given a choice, they will always try to tie things into their own OS and screw over the users of other OS's.

What I'm getting at here is that gaim is a product that allows you to use MSN messaging without having to pay for Windows. Therefore, Microsoft hates gaim. MS has tried in the past to constantly break their IM protocol so that gaim (and other third party IM users) would be SOL. I think they've mostly given up on that tactic lately, as it has been largely futile (the open source developers have been able to reverse engineer it too quickly for it to be worth the bother).

Frankly, I'd be glad if MS prevented me from having MSN on my gaim list. All it means is one less ugly, proprietary messaging protocol on my contact list. I'll just tell all my friends to use Jabber if they really want to contact me (or email for that matter).

Now I just need to convince that one guy that uses AIM to get Jabber, and I'll be able to take AIM off my contact list too :)

Re:Gaim?

[cshark]

Why are your co-workers using a consumer messaging client at work? Do you have any idea how dangerous that is?

Aside from the fact that you could be leaking propriatary information to the world (via microsoft product, who's have thunk?), it's NOT designed for that.

If you're concerned about asking people to change their client, they should probably change their client anyway. Microsoft logs everything on their consumer networks, and they make no promises to keep your information confidential.

Read their TOS.

For this purpose, you're much better off with the
Novell instant messenger, I think lotus has one too, or something that was specifically designed for a work place situation. Unless you like the risks associated with running on a consumer oriented network.

Abandon Microsoft

[NSupremo]

How may stupid decisions can a company make, and just how terrible a company must one be before the people that support you get the picture and leave.

it should have happened to ms a long time ago -- every competitor they have makes a better product then them

How long till MSN Subscription is needed then?

[koniosis]

Thats right along with Hotmail it's just a matter of time till M$ decide you need to PAY to use the services. It seems hotmail keeps losing features everyday, until eventually you won't even be able to read e-mails with it unless you pay... I can see IM going the same way, then it wouldn't matter which client you use, you'd still need a subscription. It's ok though, they'll say its for security reasons, I mean, if everyone's paying, it MUST be secure, right?