Ban Skype

Info-Tech Research says you should ban corporate Skype usage ASAP. Should you? Well they cite a few reasons you should such as:
  • Skype is not standards-compliant, allowing it and any vulnerability to pass through corporate firewalls.
  • Skype’s encryption is closed source and prone to man-in-the-middle attacks. There are also some unanswered questions about how well the keys are managed.
  • Enterprises using Skype risk a communication barrier with countries and institutions that have already banned the service.
  • Skype is undetectable, untraceable, and unauditable, putting organizations that are subject to compliance laws at risk.
  • The question of whether VoIP calls constitute a business record is a legal quagmire. Throwing Skype into the communications mix further clouds the issue.
If that doesn’t scare you, consider this:

"Approximately 17 million registered Skype users are using the service for business purposes," says Armstrong. "Unless an organization specifies instances where Skype use is acceptable, and outlines rules for client-side Skype settings, that’s 17 million opportunities for a hacker to invade a corporate network."

I have heard many of these security concerns before so this report is timely. Any time you have encrypted p2p communications you risk spreading who knows what between peers. Is it a matter of time before there is some massive virus or work outbreak? Possibly. Imagine a phone-based denial of service attack for example where American Airlines is shut down. In other words instead of having many computers sending traffic to a site, Skype clients could all SkypeOut to American Airlines at once.

This is a feasible scenario that is not limited to Skype but something we need to be prepared for.

For more check out comments from Tom Keating.

  • Avid Skype User
    November 13, 2005 at 1:04 pm

    Banning Skype? Of course all other VOIP protcols would stand to gain and more even IT staff because all other VOIP technologies requires so much hardwares from a backbone and front end to make it work.
    Skype is the only product that truely lets you talk globally and roam globally without any cost.
    Do you really think other protocols are more secure? Especially when any hacker can get into the standard codes? To the contrary, to keep it secret and non-standard, we have more privacy and more security.
    Skype is undetectable and untraceable is completely false and missleading. Of course they have a record of you call and who calls you. How do you think they can bill for skypeouts and bills the other person calling you?
    It is quite irresponsible for a research company to issue such a childish statement.
    Certain countries and institutions have banned the use of skype just because they are afraid of loosing the income generated from their state-owned telecom companies or even want to listen in and record maybe your conversations illegally.
    So the more power to Skype if you value privacy and FREE communications for all !!! What a better to free people’s speech and encourage people to think and act globally !
    How selfish it is to restrict the use of Skype. !!! It is like restricting people from using emails and telling them to start using more expensive and not-so much more secure ways to communicate !
    To any technology there are always a learning curve or a time to better it. So far no other technology have proven to be better.. The numbers of skype new users speaks for themselves !
    So to all that denounces Skype, shame on you !
    Let people choose what they want to use and stop issuing missleading statements that only demontstrates how backward and stone-aged your level of understanding is.
    Since Skype has launched, millions of people around the world are now closer than ever and have saved hundreds of millions of phone calls bills.
    People that never would call because of lack of resources and money are now regular callers. Skype is the most democratic killer app ever existed so leave it alone !
    Thanks.

  • Student
    January 10, 2007 at 10:30 am

    No it’s not childlish. it’s true. for non-bussiness persons, who doesn’t mind that their computers are over-used, because of too muc CPU resources exploited by scype, it is the main reason i do not use it, and i will not. And for users, using it for bussiness purposes it it highly unsafe to talk through skype.

  • yonah
    September 3, 2007 at 5:13 pm

    This article is the textbook definition of FUD. You don’t understand how Skype works, so you label it insecure. Please. I’ve seen more security problems caused by the stupidity of IT staff more than the sum of all security holes in many different products combined. Your article has no real facts, and only outlines that Skype’s design is unknown to you. As if peering into the source code of proprietary applications was somehow YOUR business. Is Microsoft going to show you the source code to IIS? No, but many people use it. Again, the task of good security rests with the STAFF. Take responsibility for yourself. Then again, you’re upper management, so you wouldn’t know what it’s like to do any real work.
    Furthermore, as Student points out, Skype can sometimes use your computer resources. Yes, of course. As is stated from the very beginning, Skype is a P2P technology. This depends on many different computers sharing the load. Are you so much of a jerk that you can’t spare any CPU cycles while your playing WOW for 8 hours a day? Fine, then don’t. Don’t log onto Skype, don’t even bother, you are of no help, you aren’t wanted, go away forever, we don’t need you. For the rest of us, we will continue to enjoy a great program that is not only affordable but also incredibly useful.

Leave Your Comment