Security Basics mailing list archives
RE: FW: Your opinion on Skype
From: "Joe George" <j.george () conservation org>
Date: Tue, 30 Aug 2005 08:46:40 -0400
I sincerely appreciate all of your feedback in the last couple of weeks. I plan to use your statements to nudge them a bit more against allowing end-users from using such noisy and uncertain software. I was positive my sentiments were not off-base. I don't wish to cast off the Skype developers as bad, but in my experience (as I'm sure many of you agree) when things are too good to be true, it probably is. Deploying it over the enterprise so haphazardly is so risky. I discovered one statement in Skype's EULA that confused me quite a bit. Please see below: No warranties. THE SKYPE SOFTWARE IS PROVIDED "AS IS", WITH NO WARRANTIES WHATSOEVER; SKYPE DOES NOT, EITHER EXPRESSED, IMPLIED OR STATUTORY, MAKE ANY WARRANTIES, CLAIMS OR REPRESENTATIONS WITH RESPECT TO THE SKYPE SOFTWARE, INCLUDING, WITHOUT LIMITATION, WARRANTIES OF QUALITY, PERFORMANCE, NON-INFRINGEMENT, MERCHANTABILITY, OR FITNESS FOR USE OR A PARTICULAR PURPOSE. SKYPE FURTHER DOES NOT REPRESENT OR WARRANT THAT THE SKYPE SOFTWARE WILL ALWAYS BE AVAILABLE, ACCESSIBLE, UNINTERRUPTED, TIMELY, SECURE, ACCURATE, COMPLETE, AND ERROR-FREE OR WILL OPERATE WITHOUT PACKET LOSS, NOR DOES SKYPE WARRANT ANY CONNECTION TO OR TRANSMISSION FROM THE INTERNET, OR ANY QUALITY OF CALLS MADE THROUGH THE SKYPE SOFTWARE. (Article 10.1 - Disclaimer of Warranties. Skype EULA, 2004). I'm not sure how disclaimer of warranties are written with most trusted software, but the fact that they claim to be secure (refer to http://www.skype.com/products/explained.html) but state in the EULA that it may not always be so seems a little misleading, no? Time will tell... Thanks again. If anyone has anymore experiences or knowledge that might even dispel any "myths" and apprehension of Skype, I am open to all opinions. I feel it is better to approach it with an open-mind but with steadfast prudence. Best Regards, JG -----Original Message----- From: cc [mailto:cc () belfordhk com] Sent: Friday, August 26, 2005 10:06 PM To: security-basics () securityfocus com Subject: Re: FW: Your opinion on Skype Joe George sighed and wrote::
I've been reading several articles including the link to one below
regarding Skype software. We have several users in our HQ office as well as field offices who were recommended to use Skype to keep in communication. Several of us in our IT department are very apprehensive about it for many reasons including the fact it's not been through a pilot phase. Aside from the VoIP functionality, I do not understand why they need it, because we have an enterprise IM client available, which you can integrate several other IM clients with. A VoIP solution is not far away from being deployed throughout organization as well.
Skype's claim of being secure does little to ease my mind. Skype is
not on the list of our supported applications, and as a low on the totem pole I am within the organization; I would be remiss by not mentioning my apprehension to the end-user of it being on their computer. I just wanted to get your thoughts on it. I've installed Skype on my own computer and haven't seen any adverse effects, but I do not use it often due to lack of time. Have any of you deployed it successfully within your network? What is your opinion on the application?
The reason for my company using Skype was that we use a 3rd party software which requires constant modifications from the 3rd party. Due to the long distance involved(they had moved their operations to China), phone calls or ICQ'ing wasn't as efficient(in their eyes) as having Skype running. Communication is a little easier. You are experiencing the exact same apprehension as I do. When they (user and 3rd party) installed Skype behind my back, I was furious, especially when I was monitoring the firewall and seeing so many incoming and outgoing traffic at 1am in the morning. (Can you believe it? A user ALLOWING a 3rd party installing software on a company machine... MAN... was I hot under the coller.) The next day, I had Skype uninstalled and fired off an email imparting my utter caution in using these products. Then recently, they had another meeting (they being the director, business manager, user and the 3rd party) with me on a conference phone with them. The 3rd party completely thought my paranoia was uncalled for and that if I were so paranoid, why not block the http port, or the ftp port or the smtp port? That got me riled up. Anyway, me being not present at the meeting was a good thing, as they'd be watching me seething with anger. But at the end of the conference, I buckled under combined pressure of the user, the business manager and the director. That I was blocking their progress in getting things done. The compromise was that when they needed to use Skype, they'd turn it on. If not, they turned it off. But to me, it's pretty much just a facade. Anything can happen during usage and since the source is closed, it makes me even more jittery. So my advice, unless your organization vitally needs it, stay away from it. If your organization needs it, READ THE LICENSING AGREEMENT. Edmund
Current thread:
- FW: Your opinion on Skype Joe George (Aug 22)
- Re: Your opinion on Skype Chandrashekhar Mullaparthi (Aug 23)
- Re: Your opinion on Skype Shawn Merdinger (Aug 30)
- Re: FW: Your opinion on Skype cc (Aug 29)
- Re: FW: Your opinion on Skype Michael Puchol (Aug 30)
- RE: FW: Your opinion on Skype David Gillett (Aug 30)
- Re: FW: Your opinion on Skype Michael Puchol (Aug 30)
- <Possible follow-ups>
- RE: FW: Your opinion on Skype Joe George (Aug 30)
- RE: Your opinion on Skype Roger A. Grimes (Aug 30)
- Re: Your opinion on Skype Shawn Merdinger (Aug 31)
- Re: Your opinion on Skype Shawn Merdinger (Aug 31)
- Re: Your opinion on Skype Shawn Merdinger (Aug 31)
- Re: Your opinion on Skype Chandrashekhar Mullaparthi (Aug 23)