AOL's AIM update alert bothers upgrade holdouts

Some AIM users are angry about a recent alert message AOL displays on their screens urging them to upgrade to the newest version of the instant messaging software.

The alert, delivered in a rectangular box that appears on the screen's lower right hand corner, can't be turned off.

If a user closes the box, the alert will pop back up minutes later. If left alone, the alert will periodically position itself as the primary active window, interrupting the user's current activity.

AOL acknowledges that, unless users go through the upgrade process, there is no way to get rid of the alert.

"Normally, upgrades are optional. However, in this case we are highly encouraging users to upgrade from 6.0 to 6.1 because of some security updates that are included in the new release," an AOL spokeswoman said via e-mail.

The alert, titled "Active Update," reads: "The following update is ready to install. AIM Software - 6.1 GM Update: This version delivers new features and important security updates. Select 'Install Now' and upgrade today."

The alert provides no information about the security updates. The AIM Web site doesn't appear to contain any information about the security fixes either.

The AOL spokeswoman explained that the main security fix in version 6.1 addresses file sharing, which requires the sender and recipient to establish a direct PC-to-PC connection.

"Essentially, if you used file sharing to send a folder -- as opposed to sending a single file -- there was the potential for a hacker to access your computer," she wrote.

Beyond the security fixes, AIM 6.1 is the Vista-compatible client software and provides faster performance, she wrote.

If users don't want to update to 6.1, they must either learn to live with the alert on their desktop or turn off AIM altogether. But some users want a middle ground: declining the update and getting rid of the alert.

In this discussion forum thread, several users report being on the verge of abandoning the AIM service altogether if AOL doesn't stop the insistent alerts, which they find overly intrusive and, as one user wrote, "a royal pest."

On May 29, AOL started beaming the alert to a small portion of users, and expanded the scope of recipients over the following two weeks. Since June 11, the alert has been hitting all AIM users who haven't upgraded, according to the spokeswoman.

The situation highlights the often difficult balancing act vendors face when their software products need to get updated in order to address security issues, industry analysts said.

"Vendors are trying to reach a compromise between improving the security of their software and making updates as unobtrusive as possible," said Michael D. Osterman, president of Osterman Research Inc.

IM vendors in particular are becoming more aggressive with their security patches in response to increased activity from malicious hackers, Osterman said.