AOL.ca - AIM 5.5

Get AIM
Home
New Users
Download Now

About AIM
AIM 6.0
AIM Chat
AIM Express

Support
Starting Out
Using AIM
Online Security
Advanced Tips
Error Messages
Forgot Password
Report a Bug

CAUTION: Security vulnerability in Windows when viewing JPEG images
A serious security vulnerability has been found in Microsoft Windows that can be exploited by simply viewing a picture on your computer. This problem only affects JPEG images.

Because the vulnerability can be exploited simply by viewing an image, users should be cautious before clicking on any hyperlink--whether that hyperlink is in an Instant Message or an AIM profile. We recommend that you not click on any link sent by IM or found in an AIM profile unless you know specifically where the link will lead you. Even if a link is sent to you from a friend, take the time to IM them back and ask about the link before you click.

This vulnerability is not limited to AIM. The vulnerability can be exploited in many programs that display JPEG images regardless of how you obtained those images. You must patch Windows and other vulnerable software to protect yourself. To patch Windows, click on the Start menu, located in the lower left corner of your screen, and click on the Windows Update menu item. Internet Explorer will start up and automatically take you to the Microsoft Windows update web site. Follow the instructions on that page to patch your operating system.

You will need to contact your other software vendors to determine if the software is affected by this vulnerability and if a patch is available. The AIM client is not affected by this vulnerability.

Frequently Asked Questions about Security

Can I get a virus through AIM? How do I safely share files with AIM?
How can I protect my AIM account?
Can I control who sees me when I'm online?
What do I do if I receive an IM that I don't want?
Are there any known security issues which might affect AIM?
Why are there links in my profile, my away message, or in my IM window that I did not put there?

Can I get a virus through AIM? How do I safely share files with AIM?

Viruses can't be transferred through an Instant Message itself, but it is possible that files attached to an IM may contain viruses or trojans. Also, links sent in an IM may point to webpages that contain viruses and trojans. Even if you know who is sending you a file or a link, you should use caution in opening it. Some viruses/trojans can send harmful links that appear to be from a buddy you know. You should always use good virus protection software, such as McAfee VirusScan, for automatic scanning of all attachments. See AOL Keyword: AOL Virus Protection Center for more information or visit McAfee's Website.

How can I protect my AIM account?

Make sure you have a password that is difficult to guess but easy to remember, and that you change it frequently. Do not tell anyone your password. If you use a shared computer, you may choose not to use the Save Password feature on the sign-on screen.

There may also be security flaws in your operating system, web browser, or other software. These may allow a remote user to take control of your computer and capture your passwords or other personal data. There are several measures you can take to protect yourself from these security flaws, such as:

Keep your virus software up to date.
Keep your operating system software up to date by installing all security updates/critical updates:

Microsoft Windows: http://windowsupdate.microsoft.com
Apple Macintosh: http://www.info.apple.com

Install personal firewall software, which will alert you to possibly dangerous data transmissions.
Before clicking any hyperlink, even in an email or IM, move your mouse pointer over the link so that you can see the actual URL (web address) that the link is pointing to. This can give you a good idea of whether the link is safe to click. If you are not sure, ask the sender if they meant to send it to you (some viruses/trojans will send dangerous links in emails or instant messages to users in the infected machine's Buddy List or Address Book, so that the recipient thinks the link is safe because it came from you).
If you are going to visit an unfamiliar web site, first take a moment to go to the Security preferences for your web browser and change the security level to High for the Internet Zone.
For more safety and security tips, visit McAfee's tips page.

Can I control who sees me when I'm online?

You can control who sees you by setting up a block or allow list. These privacy controls are available in the "privacy" area of the AIM Preferences.

What do I do if I receive an IM that I don't want?

You can set up AIM to show a "knock-knock" message for people not on your Buddy List. This allows you to choose whether or not to accept messages from people who you may not know. If you accept the message, and do not wish to receive further messages from a particular screenname, you can block this screenname right from the IM form. Alternatively, you can Warn the other person. When you issue a warning to another AOL Instant Messenger user, the recipient's warning level increases and that user's ability to send and receive messages decreases. With enough warnings, the user can be prevented from exchanging any messages with anyone and may even be signed off. However, warnings are not permanent; the warning level decreases over time. If a user is warned off the service, the user can return after a "cooling off" period. You can see someone's warning level if you let the cursor hover over the person's screen name in your Buddy List window.

Are there any known security issues which might affect AIM?

A security hole in the Windows version of Internet Explorer allows a malicious web site to run dangerous code on your computer if you visit that web site. The attacker can then control your computer, and sign on with your AIM Screen Name if your password is stored (although your password would not actually be revealed). If you think your computer has been compromised, you should immediately change all of your AIM passwords here. All users should immediately install the security patch, available from Microsoft at http://www.microsoft.com/technet/security.

Why are there links in my profile, my away message, or in my IM window that I did not put there and can't delete?

Some viruses/trojans can send harmful links that appear to be from a buddy you know. They can also replace your member profile with links to websites and replace the links even after you delete them.