Skype - a security risk?

Discussion in 'Computer Security' started by Chris Webster, Sep 4, 2005.

  1. Hi,

    Is installing and running Skype from workstations in a corporate network
    considered a security risk for the network, servers and workstations?

    Of course I mean using Skype binaries downloaded directly from www.skype.com

    Thanks for comments on this issue

    regards

    Chris
    Chris Webster, Sep 4, 2005
    #1
    1. Advertising

  2. Chris Webster

    Imhotep Guest

    Chris Webster wrote:

    > Hi,
    >
    > Is installing and running Skype from workstations in a corporate network
    > considered a security risk for the network, servers and workstations?
    >
    > Of course I mean using Skype binaries downloaded directly from
    > www.skype.com
    >
    > Thanks for comments on this issue
    >
    > regards
    >
    > Chris


    I have not heard of any security issues with Skype. I would check out some
    of the vulnerability databases out there to see if there are any known
    issues. Also, you did not specify what OS you are talking about...

    Im
    Imhotep, Sep 5, 2005
    #2
    1. Advertising

  3. Chris Webster

    hatschi Guest

    Good question.

    At least nobody knows what skype is doing. They use a protocol, which is
    proprietary and kept secret. However, Skype uses a mechanism, which
    allows the software to get through any firewall by using the https port.

    The guys from skype were the formerly kazaa people. That prog had a bad
    reputation by installing spyware on your pc. I dont think they would do
    that kind of buisness now, because they want to spread skype and earn
    money with in- and outgoing calls to pstn.

    At least, my company decided not to install Skype. But we have a very
    restrictive policy.

    At least, I would feel uncomfortable to use a software and not knowing
    what it is doing in a sensitive enviroment.

    Regards
    hatschi
    hatschi, Sep 5, 2005
    #3
  4. Chris Webster

    Imhotep Guest

    hatschi wrote:

    > Good question.
    >
    > At least nobody knows what skype is doing. They use a protocol, which is
    > proprietary and kept secret. However, Skype uses a mechanism, which
    > allows the software to get through any firewall by using the https port.
    >
    > The guys from skype were the formerly kazaa people. That prog had a bad
    > reputation by installing spyware on your pc. I dont think they would do
    > that kind of buisness now, because they want to spread skype and earn
    > money with in- and outgoing calls to pstn.
    >
    > At least, my company decided not to install Skype. But we have a very
    > restrictive policy.
    >
    > At least, I would feel uncomfortable to use a software and not knowing
    > what it is doing in a sensitive enviroment.
    >
    > Regards
    > hatschi


    You have good comments but, think about this. With any commercial software
    do you really know whats "under the hood"? How many commercial software
    vendors use proprietary protocols? Maybe 85%?

    Just a thought,
    -- Imhotep
    Imhotep, Sep 5, 2005
    #4
  5. Chris Webster

    hatschi Guest


    > You have good comments but, think about this. With any commercial software
    > do you really know whats "under the hood"? How many commercial software
    > vendors use proprietary protocols? Maybe 85%?
    >
    > Just a thought,
    > -- Imhotep


    Yes you are definetly right, but when you are using SIP or any other
    protocol a sniffer can decode you can see what is going on. At least an
    open source software would be the best decision from that point of view.

    The other thing is how much you trust a company or how much knowledge
    you have about their security issues. Actually Cisco seems to have a big
    problem to get their stuff hardend.

    If I have the choice between Skype, or for instance a SIP thing, I would
    choose the last one. But that means a lot of work and sometimes a pain
    in the ... Skype is a wonderful out of the box experience.

    Greetings
    hatschi
    hatschi, Sep 5, 2005
    #5
  6. Chris Webster

    Gerard Bok Guest

    Gerard Bok, Sep 5, 2005
    #6
  7. hatschi <> wrote:

    > Yes you are definetly right, but when you are using SIP or any other
    > protocol a sniffer can decode you can see what is going on. At least
    > an open source software would be the best decision from that point of
    > view.


    The usual dilemma in corporate IT: The security guys want to encrypt
    all traffic to protect the company from corporate espionage, but
    Management will never agree to that because you wouldn't be able to
    check for security leaks anymore...

    Juergen Nieveler
    --
    Blackout drive + autobahn + 0345 = polizei.
    Juergen Nieveler, Sep 5, 2005
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Steve Young

    Windows Media Player 9 is a security risk

    Steve Young, Oct 22, 2003, in forum: Digital Photography
    Replies:
    230
    Views:
    3,158
    Mxsmanic
    Nov 10, 2003
  2. Wireless Devices - Security Risk?

    , Jun 9, 2004, in forum: Computer Security
    Replies:
    1
    Views:
    435
    Colonel Flagg
    Jun 9, 2004
  3. Rob Slade, doting grandpa of Ryan and Trevor

    REVIEW: "Information Security Risk Analysis", Thomas R. Peltier

    Rob Slade, doting grandpa of Ryan and Trevor, Jun 21, 2004, in forum: Computer Security
    Replies:
    0
    Views:
    699
    Rob Slade, doting grandpa of Ryan and Trevor
    Jun 21, 2004
  4. Anonymous

    VPN over WiFi: How Much of a Security Risk?

    Anonymous, Nov 3, 2005, in forum: Computer Security
    Replies:
    4
    Views:
    646
    TaranFX
    Nov 7, 2005
  5. RJK

    Neighbours' unprotected wifi - security risk ?

    RJK, Mar 26, 2007, in forum: Wireless Networking
    Replies:
    5
    Views:
    810
Loading...

Share This Page