Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > VOIP > ZA SECURITY ALERT: "Skype 3.0 Extras Manager is trying to access the Internet"

Reply
Thread Tools

ZA SECURITY ALERT: "Skype 3.0 Extras Manager is trying to access the Internet"

 
 
Robin Colleen Moore
Guest
Posts: n/a
 
      12-30-2006
On Sat, 30 Dec 2006 12:54:04 +0100, Drake wrote:
> Apparently SkyPE is trying to reach an NTP (Network Time Protocol) server:


The wierd thing is that the time is not one of the (very many) items in the
drop-down list for the Skype 3.0 Tools->Do More listing.
 
Reply With Quote
 
 
 
 
Mr. Arnold
Guest
Posts: n/a
 
      12-30-2006
Robin Colleen Moore wrote:
> On Sat, 30 Dec 2006 10:51:33 GMT, Mr. Arnold wrote:
>
>>That's for you to make that determination if it's legit or not.
>>It's on you to make contact with Skype or NIST and find out what is
>>happening. It's on you and no one else. It's your machine and no one
>>else's machine.

>
>
> I've determined the program (skypePM.exe) is optional.
> Worse, it provides features I don't want and don't even know what they are
> as listed in a previous post.
>
> I've permanently denied this program from accessing the trusted zone, from
> accessing the Internet, and from being a server.
>
> I post this so that the next Skype user can benefit from the information.


I'll lay dollars to a donut that program will beat ZA to the punch, get
out to the Internet and make contact. It will happen when you boot the
machine and logon, because ZA is not an integrated part of the XP O/S.
If ZA was an integrated part of the O/S and it's not, then the O/S would
not allow any TCP/IP connections by programs, until such time the O/S
started ZA, which it can't do as the O/S does not have any dependencies
waiting on ZA.

What you should be doing is either removing the program off of the
machine by deleting it or if the file system the O/S is using is NTFS,
then you go to the O/S and set the program's permissions to not
(execute) - not run period.

The buck stops with the O/S and not ZA.

 
Reply With Quote
 
 
 
 
B. Nice
Guest
Posts: n/a
 
      12-30-2006
On Sat, 30 Dec 2006 12:49:49 GMT, Robin Colleen Moore
<(E-Mail Removed)> wrote:

>On Sat, 30 Dec 2006 10:49:03 GMT, B. Nice wrote:
>> You have decided to intstall/run Skype - which means you have decided
>> to trust the Skype program. Then why don't you just let it do what
>> it's designed to do instead of worrying about ZA alarms?
>> If you don't trust Skype, use something else.

>
>Without being too direct, I would say your attitude needs a serious
>adjustment in my very humble opinion.


You are very welcome to have that opinion. In my very humble opinion
you need to reconsider your security concept.

>You TRUST every program you install?


Of course. Otherwise I would'nt install it.

>Do you know what RealPlayer is doing behind your back?


No. Because I'm not using it.

>Do you realize that Adobe Acrobat phones home constantly?


Really? Except looking for program updates that could be security
related - exactly what does it phone home about? What personal related
info does it send out of your system?

>Do you suspect that almost every
>program you install has the potential to report back to the maker your
>day-to-day actions?


Your point being?

>You're obviosly not a security expert if you trust every program you choose
>to install to do what IT thinks is the right thing to do.


Since you rely on something like ZA to protect you from programs
"phoning home" you obviously are'nt either.
 
Reply With Quote
 
Jim Ford
Guest
Posts: n/a
 
      12-30-2006
Robin Colleen Moore wrote:

> You're obviosly not a security expert if you trust every program you choose
> to install to do what IT thinks is the right thing to do.


Not only that, there are folk on this forum that profess to be security
experts, that are running Thunderbird 1.0.7 - 15 critical security fixes
behind the current issue!

Jim Ford
 
Reply With Quote
 
Death5
Guest
Posts: n/a
 
      12-30-2006
Jim Ford wrote:
> Robin Colleen Moore wrote:
>
>> You're obviosly not a security expert if you trust every program you
>> choose
>> to install to do what IT thinks is the right thing to do.

>
>
> Not only that, there are folk on this forum that profess to be security
> experts, that are running Thunderbird 1.0.7 - 15 critical security fixes
> behind the current issue!
>


Not only that, you got people running around in the NG needing to nit
pick. Apparently, this person doesn't seem to know that a program and
the machine have to be put into a position to be attacked.

One place I am currently working, they are still running a version of
IE 6 that's three years old and I don't know that last time it was
updated. I don't even know when the last time XP Pro on the machines has
been updated with security fixes, although they do take care of those
servers. The XP Pro machines and IE itself are NOT being attacked due
to this, because IT has a big old proxy setting there blocking user
access to damn near everything on the Internet, even though most of its
end-user base jobs are to be on the Internet, dealing with out side
clients, with the solution. Its end-user base is educated on the use of
computers in a work environment and everything is locked down. Those
users go where IT wants them to go and nowhere else.

I'll give you a little hint on this too, I am running a version of XP
Pro on this laptop that's not a legal copy and has NOT received a
critical update and in ages. It's not being attacked because it has not
received the updates, because the machine is NOT put into a position to
be attacked.

Again, the program and the machine have to be put into a position to be
attacked. If neither one of them are in that position, then your point
here is moot.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cisco Security Manager, how does the policy manager handle precedence? kippb Cisco 0 09-18-2007 04:34 PM
How to access DVD extras Caroline DVD Video 6 08-18-2005 04:17 PM



Advertisments