AIM from Wikipedia

AOL Instant Messenger

From Wikipedia, the free encyclopedia

• Find out more about navigating Wikipedia and finding information •

Jump to: navigation, search

AOL Instant Messenger
Developer:	AOL LLC
Initial release:	May 1997
Latest release:	6.5.4.16 / 10/03/07
OS:	Windows (older versions for Mac and Linux)
Genre:	Instant messaging client
License:	Proprietary
Website:	www.aim.com/

AOL Instant Messenger (AIM) is an advertisement-supported free proprietary instant messaging and presence computer program which uses the OSCAR instant messaging protocol and the TOC protocol. It was released by AOL in May of 1997. It is the most popular instant message program in the United States^[1].

Contents [hide] 1 About 1.1 History 1.1.1 AIM Express 1.1.2 Apple iChat 1.2 AIM Phoneline 1.3 Protocol 1.4 Weaknesses 1.5 Configuration 1.6 Terminology 2 Versions 3 Bots 4 URI scheme 5 Malware 6 Advertisements 7 See also 7.1 Other clients 7.2 Other links 8 References 9 External links

//

[edit] About

AOL Instant Messenger is an instant messaging application that allows registered users to communicate in real time via text, voice, and video over the Internet. It is maintained by AOL LLC. The official website is www.aim.com.

[edit] History

Since version 2.0, AIM has included person-to-person instant messaging, chatroom messaging, and the ability to share files peer-to-peer with one’s buddies. Versions 4.3 and later of the client software store one’s contact information on AOL’s servers, so one can keep track of up to 600 buddies from any computer with Internet access. In addition, somewhere in the 4.x versions, the AIM client for Microsoft Windows added the ability to play games against one another using the WildTangent engine. The first version released with WildTangent did not warn the user that it was going to be installed. Newer versions, however do, due to the fact that many users were frustrated with AOL, as many SpyWare scanners pick-up WildTangent as SpyWare, though it seems to be relatively harmless, outside of slowing system performance.^[2] Stand-alone official AIM client software is available for free for Microsoft Windows, Mac OS, Mac OS X, Linux, Windows CE, and Palm OS.

AIM version 5.5 allowed Windows users to video conference with each other and with Apple Computer iChat users (which came out before version 5.5) when it was released in February 2004.

The successor to the AIM 5.9 versions became known as AIM Triton, which began with a complete code rewrite and a brand new UI engine, known as Boxely. The first renaming of the client was seen with the Beta 1 release 0.1.12 on April 25, 2005, and supported only Windows XP.^[3] For the first time in AIM’s development, these preview releases were made publicly available on the AIM home page for any user to test and provide feedback.

On September 29, 2006, the newest release of the AIM Triton 1.5 Beta was renamed to AIM 6.0, with a Beta 1 release made available. This version again changed the UI (albeit slightly). The final stable version of AIM 6.0 was released on December 15; new features included connection to AIM Pages, updates that make profile, away message, and general user updates into RSS feeds, new customization, the ability to send messages to users who are offline , buddy list capacity being increased to 1000 buddies, and compatibility with address book programs and sites through a “Universal Address Book” powered by Plaxo. The upgrade also added missing features from the first release including the ‘Get File’ function, global font customization, and a smaller size cache usage. Along with the release of AIM 6.0, AOL opened AIM to developers which allowed anyone to create a plug-in, or custom AIM client for Windows, Macintosh or Linux.

Version AIM 6.1, which was officially released on March 27, 2007, introduces over AIM 6.0 Buddy List docking, support for inserting images into Buddy Info, Color Picker for changing the highlight colors of the UI, improvements to how Linked Screen Names are displayed, the ability to sign on as invisible, several bug fixes, and improved Windows Vista support.

The software has a large share of the instant messaging market (with 52% of the total reported as of 2006), placing it ahead of the combined total userbase of the two closest rivals.^[4]

[edit] AIM Express

The online version of AIM, AIM Express, is implemented in DHTML and runs in a web browser; it is intended for use by people who are unable or unwilling to install an executable client on their machines but still wish to use AIM. AIM Express supports many of the standard features included in the stand-alone client, but does not provide advanced features like file transfer, audio chat, or video conferencing.

[edit] Apple iChat

Main article: iChat

Apple‘s iChat software was released in June 2003 for Mac OS X and was the first AIM-compatible client to allow for audio and video conferencing over the AIM protocol. While introducing it, Apple CEO Steve Jobs announced that iChat was the first AIM client not made by AOL to be officially recognized by AOL.

[edit] AIM Phoneline

Main article: AIM Phoneline

AIM Phoneline is a Voice over IP PC-PC, PC-Phone, and Phone-to-PC service ^[5] provided by AOL via its AOL Instant Messenger (AIM) application.

[edit] Protocol

The standard protocol that AIM clients use to communicate is called OSCAR. Most AOL-produced versions of AIM and popular third party AIM clients use this protocol. However, AOL also created a simpler protocol called TOC that lacks many of OSCAR’s features but is sometimes used for clients that only require basic chat functionality. The TOC/TOC2 protocol specifications were made available by AOL, while OSCAR is a closed protocol that third parties have had to reverse-engineer.

[edit] Weaknesses

AIM is known for security weaknesses that have enabled exploits to be created that use third-party software to perform malicious acts on users’ computers. Although most are relatively harmless, such as being kicked off the AIM service, others perform potentially dangerous actions such as harvesting IP addresses and sending viruses over a direct connection. Some of these exploits rely on social engineering to spread by automatically sending instant messages that contain a URL accompanied by text suggesting the receiving user click on it, an action which leads to infection.

Since August 2005, AOL has also launched the webmail service AIM Mail; it is free and can be accessed by all AIM users.

[edit] Configuration

AIM is different from other clients such as Windows Live Messenger and Yahoo Messenger in that it does not require approval from one buddy to be added to another’s buddy list. As a result, it is possible for users to keep other unsuspecting users on their buddy list to read their profiles or see if they are online (if the other user had blocked them before). However, one can block another user from communicating and also enhance privacy by selecting a menu option allowing communication only with those on one’s buddy list.

[edit] Terminology

AIM and AOL use several terms for elements of their instant messaging, which are different from other messengers. These include:

• Away message: A function of some instant messaging applications whereby a user may post a message that appears automatically to other users if they attempt to make contact when the user is unavailable. It is analogous to the voice message on an answering machine or voice mail system.
• Block: If a user is feeling threatened or annoyed by someone, he can “block” the sender, which prevents the sender from contacting the user with his or her current screenname. If a user is blocked by someone, the blocking user will always be offline for them, even though they might actually be online.
• Buddy List: The centerpiece of AIM, a list containing the status of up to 1000 buddies stored on an AIM server so you can access this list from any instance of AIM. The status of the buddies can be seen as ‘online’, ‘away’, ‘idle’, ‘mobile’, or ‘offline’.
• Direct connection: AIM users can, instead of relaying messages through the AIM server, connect to each other’s computers directly via this method and send various forms of media.
• Screenname: Term for user name with AOL origins. These are available for free with registration at the AIM website.
• Spim: Spam over Instant messaging. The spam problem in e-mail has the potential to spread to Instant Messaging, in the form of on-line advertisements. As a closed network, AOL has been able to block most spam, but some still passes through to users.
• Rate limiting, which prevents a user from sending too many messages in a short amount of time. Once a user is rate limited, they are temporarily unable to send messages, but may still receive messages.
• Warning: If a user feels a received instant message is inappropriate, he can “warn” the sender, which increases the sender’s warning level. Warning levels reduce the rate at which users can send messages and can eventually cause a given screen name to be unable to sign-on for a period of time. Since it was often abused, the feature is no longer supported in AIM Triton or AIM 6, although warnings have not been disabled serverside, meaning that older AIM clients, third-party clients, or user-written add-ons may still allow users to bypass the “soft” removal of warning capabilities.
• An AIM Closed List, Allow Only, Buddies Only, or Privacy refers to the option on the AOL Instant Messenger client to allow only users on a user’s buddy list to contact them. This is to prevent harassment or spamming and is also a secure way to chat.
• Icon A small, personalized picture that a user can set up to appear whenever they message another user.

[edit] Versions

The official versions of the AIM software are as follows:

Note: This list may be incomplete.

• AIM 1.5.234, with an unknown release date (for various Linux distributions)
• AIM 1.5.286, with an unknown release date (for various Linux distributions)
• AIM 4.3, with an unknown release date (for Mac OS 8.6 and earlier)
• AIM 4.3.2229, released in 2000, included with Netscape Communicator.
• AIM 4.7.1333, released on February 18, 2004 (for Mac OS X and Mac OS 9)
• AIM 4.8.2790, released on November 26, 2001 (for Windows 95)
• AIM 5.0.2829, released in September 2002 (for Windows 98/NT4/ME/2000/XP)
• AIM 5.1.3101, released in November 2002 (for Windows 98/NT4/ME/2000/XP)
• AIM 5.2.3292, released in July 2003 (for Windows 98/NT4/ME/2000/XP)
• AIM 5.5.3595, released in May 2004 (for Windows 98/NT4/ME/2000/XP)
• AIM 5.9.3702, September 2004 (for Windows 98/NT4/ME/2000/XP)
• AIM 5.9.3797, unknown release date (for Windows 98/NT4/ME/2000/XP)
• AIM 5.9.3844, unknown release date (for Windows 98/NT4/ME/2000/XP)
• AIM 5.9.3857, unknown release date (for Windows 98/NT4/ME/2000/XP)
• AIM 5.9.6089, released on August 31, 2006 (for Windows 98/NT4/ME/2000/XP)
• AIM 6.0.28.1, unknown release date (for Windows 2000/XP/XP/Vista x64)
• AIM 6.1.32.1, released on March 27, 2007 (for Windows 2000/XP/XP/Vista x64)
• AIM 6.1.41.2, released on May 3, 2007 for Windows 2000/XP/XP/Vista x64)
• AIM 6.5.4.16, released on October 3, 2007 for Windows 2000/XP/XP/Vista x64)

• AIM Pro 1.3 build 260, released on November 1, 2006 (for Windows 2000/XP)
• AIM Express, unknown release date, online version.
• AIM ET / LAIM / AIM Lite 0.31 Beta, released on June 9, 2007 (for Windows 2000/XP/Vista)

[edit] Bots

AOL and various other companies supply robots on AIM which can receive messages and send a response based on the bot’s purpose. For example, bots can help with studying, like StudyBuddy. Some are made to relate to children and teenagers, like Spleak or AOLSafetyBot, an AOL-run bot that provides information about staying safe online. Some like FashionCF give advice, and some are general purpose, like Smarterchild or the popular AIM Bot FriendBot. Other capabilities include games, calculators, sports results, web search, and much more. Prior to the inclusions of such bots, the bots DoorManBot and AIMOffline provided features provided today by AOL for those who needed it. Many AIM users utilize bots such as Smarterchild to take verbal abuse.

[edit] URI scheme

AOL Instant Messenger’s installation process automatically installs an extra URI scheme (“protocol”) handler into some web browsers, so that URIs beginning “aim:” can open a new AIM window with specified parameters. This is similar in function to the mailto: URI scheme, which creates a new e-mail message using the system’s default mail program. For instance, a web page might include a link like the following in its HTML source to open a window for sending a message to the AIM user notarealuser:

<a href="aim:goim?screenname=notarealuser">Send Message</a>

To specify a message body, the message parameter is used, so that the link location might look like this:

aim:goim?screenname=notarealuser&message=This+is+my+message

To specify an away message, the message parameter is used, so that the link location might look like this:

aim:goaway?message=Hello, my name is Bill

When placing this inside a URL link, an AIM user could click on the URL link and the away message “Hello, my name is Bill” would instantly become their away message.

In addition, these can be placed and used within AIM.

[edit] Malware

AOL Instant Messenger (along with other networks such as Windows Live Messenger and Yahoo! Messenger) is often used as a conduit or “vector” for delivering malicious software such as spyware, viruses, worms, and trojans to unsuspecting computer users. The two methods used by hackers to deliver malware over the IM vector are (1) sending a file transfer with a virus-infected file, and (2) delivering a message with socially engineered content containing a web address (URL) containing active malicious code. Viruses and worms with colorful names such as W32/Vanebot-AA or WORM_NUGACHE.G have been identified as targeting users of the AIM network over the past few years.

The threat of infection by these two methods is substantial and growing. The IM Security Center, a collaboration between security companies and corporations, has tracked attacks over IM since 2003 and shows well over 1000 distinct attacks over the public IM networks. The first half of 2007 saw an 84% increase in IM attacks over the first half of 2006. While IM-specific attacks remain a small percentage of overall virus and malware threats, the continued growth in usage of IM, along with the rapid adoption of IM in the workplace (See Instant Messaging) make IM an attractive vector for hackers, and both individuals and companies must take precautions to avoid infection.

The most common method of delivering a malicious payload is the use of social engineering to construct a message that appears to be coming from a Buddy on the Buddy List. A socially engineered message is one that is written in a friendly, informal manner, that could easily be mistaken as coming from a friend. The message usually will say something like “Click here to see pics of me from vacation!” or “Is this you?” with a web address — known as a “poison URL” — for the recipient to click. Upon clicking the web address, the recipient is directed to a web page containing active content, which is immediately downloaded to the recipient’s computer. In most cases, the payload contains an installer, a number of hidden files containing text, and code which causes the same socially engineered message with poison URL to be sent to every buddy on the Buddy List. When the message is sent to all buddies, the cycle starts again, as each buddy believes they are receiving a message from a trusted friend. In this manner, IM-borne malware is capable of propagating very rapidly through company and external networks.

Worms and viruses are discovered on a regular basis by security companies, particularly by the three companies with IM-specific security products, Akonix Systems, FaceTime Communications, and Symantec. According to IM security researchers at Akonix, the number of new threats identified each month is 30 to 35, with a high of 88 in October, 2006.

As one example of an IM threat, on September 18, 2006, research experts led by Christopher Boyd and Wayne Porter at FaceTime Labs, the threat research division FaceTime Communications, identified and reported a new worm known as W32.Pipeline that was propagating over AOL Instant Messenger. The worm delivers an executable file disguised as a JPEG, which in turn calls out to various host computers that download a variety of infection files including rootkits and Trojans that may further propagate the worm through the user’s AIM Buddy List.

Shortly thereafter, researchers at Akonix identified a new worm called W32.Spybot.ALRD propagating primarily over the AIM network. W32.Spybot.ALRD is a worm that opens a back door on the infected computer and attempts to spread to network shares protected by weak passwords.

Another example of software that uses AIM to deliver information back to a third party is Viewpoint Media Player, a program that is installed during the installation of AOL Instant Messenger that is a plugin for displaying graphical content in the software’s own proprietary format. According to the software’s end user license agreement, Viewpoint Media Player collects usage information and forwards it to Viewpoint servers. Each installation of Viewpoint Media Player contains a unique alphanumeric identification number that can be used to uniquely identify an installation of the software.

[edit] Advertisements

On the buddy list window of AIM, there are many advertisements that load upon startup of the program. However, there are many ways to stop these ads from showing.

For example, in the Hosts file, you would enter this line of text:

You can also use 127.0.0.1, which your computer pings itself to try to find the ads. With 0.0.0.0, your computer would search the IP 0.0.0.0 to find ads, even though the IP is nonexistent.