Web portal and instant messaging giant Yahoo! has been busy of late -- improving security in its consumer instant messaging client and server protocols, while exploring new features to include in its IM software.

Early last week, security researcher Tri Huynh reported a vulnerability in Yahoo! Messenger versions 5.6.0.1351 and earlier.

According to Huynh, an attacker could gain the ability to run malicious code on a victim's machine by sending the user a file with an overly long filename. The long filename could cause a buffer overflow when the user's IM client tries to download the file. Security firm Secundia also carried Huynh's report of the vulnerability, which it rated "highly critical."

Yahoo! responded to the vulnerability shortly by making changes on its end.

"Upon learning of this issue, we immediately began working towards a resolution and implemented a server-side fix early Thursday morning, eliminating the need for users to download a patch or a new version of Yahoo! Messenger," said spokesperson Mary Osako. "We are not aware of any active exploits that have affected our users."

That's not the only server-side change that Yahoo! made in recent days. Last week, the company tweaked its server protocols that had the effect of prohibiting a number of unauthorized, third-party IM clients from connecting to its network.

The change is bad news for consumers looking to chat with friends on multiple networks using one application. However, it's even worse for the growing number of fledgling businesses in the enterprise IM space that provide multi-network connectivity -- who, in the absence of formalized interoperability deals with Yahoo!, are cut off unless they can implement hacks to restore connectivity.

Yahoo! said the changes were taken to clamp down on the possibility of the system being abused by IM spammers.

"To enhance the overall quality of the Yahoo! Messenger service, we are implementing even more aggressive measures to protect users from potential spammers," Osako said. "It is our expectation that spammers will be blocked from hacking into our protocol to potentially spam our users. Protecting users from spam is a top priority for Yahoo!, and we are employing preventative measures to help keep Yahoo! Messenger the high-quality environment our users have come to expect."

According to sources familiar with the matter, Yahoo!'s tweak consisted of a new authentication challenge to IM clients to verify their legitimacy, which relies on a method implemented in an earlier system-wide change. Third-party IM clients like Cerulean Studios' Trillian were able to circumvent the initial challenges made under this new method, but last week's change took many by surprise.

Since then, however, IM clients including Proteus for Mac OS X and multi-platform clients Gaim and Zion Software's JBuddy Messenger have negotiated the challenge. Trillian Pro version 2.01 was not impacted by the change.

At the same time that Yahoo! is taking steps to protect its network from unauthorized use, the portal also is considering adding a slew of new features to its instant messaging client. In a survey sent to users, the company asked whether Messenger users would be interested in listening to music in the IM client (with the current song's title and artist appearing in users' status messages.)

It also inquired as to whether users wanted the ability to sounds that could be sent to others during conversations (similarly to graphical "smileys,") as well as user-customizable avatars, integrated contact list management tools, and more advanced invisibility controls built into the IM client.

The company has relied on similar surveys prior to launching products in the past. For instance, Yahoo! has questioned users on whether they'd shell out for premium multimedia content -- just before debuting such services.

However, some surveys fielded by Yahoo! concerning IM have yet to pan out in actual product. In September, Yahoo! asked visitors whether they'd be interested in purchasing a multi-network IM client -- similar in functionality to software like Trillian.

For Yahoo's part, Osako said only that the newest survey is part of the company's "continual research on a variety of topics to better our understanding of user needs and behavior."

Christopher Saunders is managing editor of InstantMessagingPlanet.com.