AOL's AIM update alert bothers upgrade holdouts
Some AIM users are angry about a recent alert message AOL LLC displays on their screens urging them to upgrade to the newest version of the instant messaging software.
The alert, delivered in a rectangular box that appears on the screen's lower right hand corner, can't be turned off.
If a user closes the box, the alert will pop back up minutes later. If left alone, the alert will periodically position itself as the primary active window, interrupting the user's current activity.
AOL acknowledges that, unless users go through the upgrade process, there is no way to get rid of the alert.
"Normally, upgrades are optional. However, in this case we are highly encouraging users to upgrade from 6.0 to 6.1 because of some security updates that are included in the new release," an AOL spokeswoman said via e-mail.
"Active Update"
The alert, titled "Active Update," reads: "The following update is ready to install. AIM Software - 6.1 GM Update: This version delivers new features and important security updates. Select 'Install Now' and upgrade today."
The alert provides no information about the security updates. The AIM Web site doesn't appear to contain any information about the security fixes either.
The AOL spokeswoman explained that the main security fix in version 6.1 addresses file sharing, which requires the sender and recipient to establish a direct PC-to-PC connection.
"Essentially, if you used file sharing to send a folder -- as opposed to sending a single file -- there was the potential for a hacker to access your computer," she wrote.
In addition to the security fixes, AIM 6.1 is the Vista-compatible client software and provides faster performance, she wrote.
If users don't want to update to 6.1, they must either learn to live with the alert on their desktop or turn off AIM altogether. But some users want a middle ground: declining the update and getting rid of the alert.
In this discussion forum thread, several users report being on the verge of abandoning the AIM service altogether if AOL doesn't stop the insistent alerts, which they find overly intrusive and, as one user wrote, "a royal pest."
On May 29, AOL started beaming the alert to a small portion of users, and expanded the scope of recipients over the following two weeks. Since June 11, the alert has been hitting all AIM users who haven't upgraded, according to the spokeswoman.
Balancing act
The situation highlights the often difficult balancing act vendors face when their software products need to get updated in order to address security issues, industry analysts said.
"Vendors are trying to reach a compromise between improving the security of their software and making updates as unobtrusive as possible," said Michael D. Osterman, president of Osterman Research Inc.
IM vendors in particular are becoming more aggressive with their security patches in response to increased activity from malicious hackers, Osterman said.
"The IM vendors have realized they have to get serious about security and about getting users to upgrade their software. The downside is that it can be irritating to users, but, unfortunately, it's necessary," Osterman said.
Last week, IM security vendor Akonix Systems Inc. reported tracking 36 malicious code attacks in IM networks during June, an 80 percent increase over May.
Regular updates
Beyond the specific AIM situation, it's recommended that end users in general get into a habit of updating their PC software, said Chris Taschner, a vulnerability analyst at the Computer Emergency Response Team (CERT) Coordination Center of Carnegie Mellon University's Software Engineering Institute.
Whenever possible, vendors should deliver the updates in the background, as transparently as possible to end users, Taschner said. "End users shouldn't have to be security experts to use software."
If vendors will not update their software automatically in the background, they should make their policies for notifying end users about new versions very clear, he said. This way, end users will know how to distinguish between a legitimate and fraudulent security alert, Taschner said.
IDG News Service
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
Enterprise 2.0 Implementation
By Aaron C. Newman, Jeremy Thomas
Published by McGraw-Hill
Learn more!
Deploying Cisco Wide Area Application Services
By Zach Seils, Joel Christner
Published by Cisco Press
Learn more!
This is one of the reasons
This is one of the reasons why AOL is not doing well. Doing what's wrong for the customer seems to be embedded in their culture. They keep piling bad decisons on top of more bad decisions. Perhaps if they really listened to their customers, they could begin to start growing market share again.