twitter
facebook 
| Messenger Update Required |
| Sep. 1, 2003 |
The protocols used by the .NET Messenger instant messaging (IM) service are being changed, forcing users to upgrade older Microsoft IM clients before Oct. 15 to continue using the service. As a result of the change, third-party multi-IM clients, such as Trillian, will be blocked. Microsoft did not explain all the reasons for the change, but did say that the modified protocols will offer better security. Unfortunately, this message was communicated in a way that led some users to believe that Microsoft’s IM clients had an exploitable security vulnerability. (See the sidebar "Security E-Mail Raises Alarm".) Who Is Affected? Users who employ the following desktop IM clients to access the .NET Messenger service (formerly known as the MSN Messenger service) must update their software before Oct. 15 or lose their ability to log on to the service:
Beginning Aug. 18, when users with the affected clients logged on, they saw a pop-up window notifying them of the need to upgrade. In addition, Microsoft has sent e-mails to users whom it believes might have one of these affected clients. Beginning Sept. 15, users with the affected clients will be forced to download and install the appropriate update before they can continue using the service. Beginning Oct. 15, the affected clients will not be able to log on at all. In addition, all current MSN Messenger clients running on Pocket PC or Smartphone devices must be updated, but users cannot take any immediate action—as of press time, no update was yet available for these clients. Microsoft is working with OEMs to make updates available before Oct. 15, when these clients will also be blocked. Customers who use MSN Messenger for TV set-top boxes, such as MSNTV (formerly Web TV), need not take any action, as their clients will be updated automatically. Internal corporate IM services built on Exchange 2000 or the forthcoming Live Communications Server are not affected because they don't access the public .NET Messenger service. However, organizations that use MSN Messenger Connect, a combination of an MSN-provided service and gateway software from IMLogic that allows them to connect their corporate IM systems to the .NET Messenger service, will have to update any older clients. Microsoft is working with IMLogic and reseller partners to inform affected MSN Messenger Connect customers of the necessary changes. Microsoft gave no details about the protocol changes, except to say that the update will offer better security. The .NET Messenger service was originally built to use the Buddy List Server Protocol (BLSP), which was designed to be interoperable with AOL's IM system. AOL blocked interoperability, however, and over time BLSP evolved into the current proprietary protocol, MSNP. Third-Party Clients Disabled Several third-party clients, such as Jabber, Miranda, and Trillian, can access the .NET Messenger service as well as other services run by AOL and Yahoo. Microsoft considers these clients to be unauthorized, and beginning Oct. 15 they will no longer be able to access the .NET Messenger service. Third parties that want to continue building products that access the .NET Messenger service can obtain a license to use the new protocols, but Microsoft did not reveal pricing or licensing terms. Microsoft also said that the licensing terms might not be finalized by the Oct. 15 cut-off date. Resources More information on client upgrades and the appropriate software downloads are available at messenger.msn.com/Help/Upgrades.aspx. Developers interested in creating clients for the .NET Messenger service should contact Microsoft by filling out the form at messenger.msn.com/partners/certification. Information about the latest version of MSNP is available at www.hypothetic.org/docs/msn/research/msnp8.php. For background on MSN Messenger Connect, see "Business-to-Customer IM Solution Planned" on page 18 of the Jan. 2003 Update. For background on why Microsoft has multiple IM clients, see "Instant Messaging Split to Continue" on page 22 of the Apr. 2003 Update. |
