Great. That's just what we needed.

Don't get me wrong. I agree that such products should be available. As long as communications software offers evildoers a red carpet to infiltrate our systems, we'll need sentries like Zone Labs IMSecure Pro and Symantec's Norton Internet Security (NIS) Professional Edition to watch our flanks.

But, as more of these communications channels --- e-mail, instant messaging, short message service, etc. --- are adapted en masse, and in turn require some form of protection, it won't be long before the cost of security actually exceeds the cost of the computing itself. Instant messaging from Yahoo, America Online, and the Microsoft Network (MSN) are free. But to secure them with a fully loaded version of IMSecure costs $20 per workstation.

Whether you're an IT manager looking to protect dozens or hundreds of systems or you've got some systems at home to protect, the question is: Do you really need something like IMSecure or NIS? The justification for securing your instant messaging clients on every workstation is similar to that of having a personal firewall on every workstation. Whether the system is used for business or personal use, having protection at the desktop/notebook level is imperative if the next firewall upstream --- be it a residential gateway or an enterprise-class device --- allows any of the instant messaging protocols through (which most businesses and homes do).

Even for IT managers who think they have their premises locked down by a corporate firewall (thereby preventing external IM, which some companies do), notebook computers represent a vulnerability -- they're bypassing that firewall when attaching to the Internet while "off-campus." These systems are vulnerable even when your users tuck themselves behind your corporate firewall using a virtual private networking (VPN) client. Those systems are routinely exposed to the Internet without protection, and it's easy for them to catch something while out from under your watchful eyes. The same goes for desktop systems that are used for telecommuting from home.

Malicious code getting inside your firewall is another reason to think about protecting all personal systems. Shame on the end-user if bad habits let one system get infected. Shame on you if the rest of your systems are exposed as well.

So, what do you get for $19.95 from Zone Labs? For starters, IMSecure is messaging client neutral. Running transparently in the background, it covers the AOL, Yahoo, or MSN instant messaging protocols regardless of whether one, two, or all three of them are running simultaneously (including when the Trillian universal IM client is used in place of the service-specific clients). Company officials claim to have research showing that there are over 15 million Internet users who routinely use more than one service simultaneously. Maybe you or your users qualify. I know I do. IRC-based chat is not covered.

Should the free, heavily stripped-down and downloadable version of IMSecure become as popular as Zone Labs personal firewall, its proliferation could turn one of its features --- message encryption --- into an Internet de facto standard. Either the free or Pro version has to be loaded on both ends of the "line" in order for the encryption to work, and the free version only supports the encryption of messages generated by one user ID under one service-- a decision that has to be made at time of installation. America Online recently introduced an encryption option to its instant messaging service, but at $9.95 per year, it costs half as much as all of IMSecure.

In terms of protecting guarded PCs from infiltration, IMSecure watches for some of the typical attacks such as malformed packets and attempts to trigger a buffer overflow. But it also protects end-users who don't know how to protect themselves. Links and scripts that are otherwise clickable are disabled, thereby forcing the user to cut and paste those links into their browser. This prevents users from clicking on a link that's masquerading as a Web page when it's actually an executable file. Executable files are one of the leading sources of virus and Trojan worm introduction for systems and networks.

If you're prone to instant flaming --- the IM version of politically incorrect (or corporately unacceptable) flame mails --- IMSecure can be programmed to look out for insulting language in an outbound messaging before sending it. Through a feature called MyVault, it also looks out for confidential information such as credit card data. Theoretically, this form of protection would prevent a Trojan horse from extracting your personal information from files and caches found on your system, and "phoning home" with that information through one of the instant messaging protocols.

Another mail-related feature is an IM-based spam-blocking feature. If you ever participate in a public chat with your prized instant messaging ID, you can bet that your ID will find its way to a spammer. However, I wouldn't count on IMSecure's anti-spam technology to successfully combat spam. Like many email-based anti-spam solutions, IMSecure uses forensics to establish the probability that an inbound message is spam. As I have written in many of my columns about spam, the war against spam will not be won with forensics. It's a flawed approach. Even so, IMSecure has another feature that allows you to reject messages from users not listed on your buddy lists (which presumably, only you have control over). One difference between instant messaging (at least in the case of AOL, Yahoo, and MSN) and email that makes this whitelisting idea more effective in the IM environment is that it's much harder to impersonate someone on your buddy list. With e-mail, spammers can easily impersonate anybody.

In the few days I've had IMSecure, I have one complaint. A checkbox option results in the automatic generation of a message that notifies IM recipients that they're interacting with an IMSecure-protected system. I enabled the option to send the message and it worked as advertised, but also contained a shameless promotion (and, ironically, a clickable link) for IMSecure--which can't be modified. The complete line said "[ IMsecure Pro alert: Instant messaging on David's PC is protected by Zone Labs IMsecure Pro. Check it out at http://zonelabs.com/IMsecurePro ]." Company officials acknowledge that it would be useful to customize the message, and have added that to the list of features to be included in the next version.

Finally, in response to my previous coverage of Zone Labs firewall products, ZDNet readers complained loudly about the response time and quality of the company's technical support. According to Zone Labs marketing vice president Fred Felman, the company was aware of the problem and has since moved all support staff to a new facility in Oregon and quadrupled the staff.

Does instant messaging need to be locked down at your premises or do you run things like in the Wild West? Share your thoughts and opinions about IM's vulnerabilities with your fellow readers using TalkBack. Or write to me at david.berlind@cnet.com. But don't waste your time instant messaging me; IMSecure won't let you through. If you're looking for my commentaries on other IT topics, check the archives.