Things heated up between the two companies in July, when Microsoft (MSFT) first launched its messenger service that allowed any Internet user to get a free Hotmail account and a free AOL (AOL) Instant Messenger account through MSN. AOL then blocked MSN users from accessing its services and a fight between the companies began. Microsoft ended up hacking into AOL’s servers, and AOL worked to stop the intrusion.
Citing security concerns, Microsoft Wednesday launched version 2.0 of its MSN Messenger service. Yusuf Mehdi, director of marketing for Microsoft’s consumer and commerce group, said that by blocking Microsoft, AOL exposed a serious security bug.
“Over the past several months AOL has used a variety of tactics to block
consumers from exchanging instant messages with their friends who have
chosen to use different messaging services,” he said. “Unfortunately,
it has come to the point where AOL is not only choosing to send spam instant
messages to their own authorized users and disconnect them from the service
in order to block interoperability, they’re also putting users at risk.”
The bug, a “buffer overrun,” allows code to be run on a PC without the user’s approval or knowledge, Mehdi said, adding that Microsoft did not want to put its users at risk by providing interoperability.
Microsoft claims to have a MSN messenger user base of 4.5 million.
“Our hope is that AOL will address this serious security issue for the sake of their users and begin to support interoperability rather than just talk around it and, in practice, endanger their users in order to restrict it.”
AOL could not be reached for comment.
Microsoft has called for an open standard in the instant messaging arena, itself publishing the MSN Messenger protocol as a reference for others to use. AOL has said previously that it favors an open standard but openness would open a variety of privacy and security concerns.
The The Internet Engineering Task Force (IETF), with which Microsoft is working on open standards,
has preliminary specifications drawn up for a messaging interoperability standard, which should be ready for implementation by this summer.
IETF Instant Messaging and Presence Protocol Chair, Vijay Saraswat, said that although it’s recommended, vendors
are under no obligation to adhere to the standard.
“This is the Internet. It’s the power of the marketplace that drives this. The IETF is not a police force that says ‘do it or else,'” said Saraswat.