Skype a security problem?

Messages
5,573
Location
earth
OK, at my office you can get fired for installing skype, becasue my boss said "it is a security risk". is this true? I just installed it at home so that my parents (in another country) could see my kids over the computer.
 
Messages
1,723
Location
Virginia
Please correct me if I'm wrong, but I think you're only looking at one aspect of the security issue. I believe based upon your question that you're asking if installing the application could compromise the security of your system. However, I believe your office is more concerned with the fact that you can be using its secure connection to distribute company information. So their rule may not be because they believe the application itself is insecure, but rather that it can be used by a disgruntled employee to perform undesirable acts. I could be wrong though. I haven't looked into Skype in a while, but I don't recall it being a major point of vulnerability or anything. I have it installed on my computer, but like most applications I make sure it doesn't load with the computer (for security and efficiency), I only want things to start when I'm going to use them. I'm sure some google searching will bring up plenty of articles discussing the security of Skype
 

crinkles

Thread starter
Messages
5,573
Location
earth
his words were "it leaves the back door wide open" he is not an IT expert, and I also feel it is a threat to stop people wasting time on it. at my previous job people actually used it FOR the business so i was a bit suspect when my boss said this. thanks for your help mate
 
Messages
8,711
Location
Nothern USA
I know just enough about computers to let my SIL take care of mine. He has a degree in computer engineering and several years experience at a major university. He has set up Skype for his son and grandparents. I don't think he would compromise our security.
 
Messages
1,010
Location
South East Asia
yes, it could be. If you see how the skype works, there is no way you know that the skype traffic going on your network connection is only for you, buut it could be conversation/data traffic communicated between other parties. So if the company does not pay unlimited bandwidth and with skype the bandwidth could be utilized by unauthorized third party, and this is considered security problem.
 

crinkles

Thread starter
Messages
5,573
Location
earth
 Originally Posted By: Pablo
I have no idea as to security of Skype, but what employer would let individuals install it for their own uses???
it was a small company though.. even the boss used it.
 
Messages
16,125
Location
Silicon Valley
I'd think it is as insecure as a telephone line. Do you have telephone at work? That can cause security issue too. Seriously, if this bothers your boss, and you don't want to get into trouble, don't use it and don't argue with him. In the end the most you can do is proof him wrong and makes him look like an idiot and you a smart [censored], or makes him think that you are trying to use company resources/time for personal matter (phone call). I think he is trying to use "security" as an excuse to prevent workers from using company time for personal stuff.
 
Messages
2,820
Location
Southeast Alabama
A Google search will give you some info about Skype Security issues. I am retired but where I worked you could not install any software without written permission. Bandwidth is another issue. Using a Thumb Drive, CD, DVD = no job! Not allowed! Security issues at work will be going away as many employers will be going to an intranet which will allow no Internet access. Those few that will have internet access will be going through a proxy server with a computer that has no access to the company intranet. We had some folks get it trouble too for surfing at work. IT folks report those activities to the boss. + employers are starting to realize how much time some employees spend surfing.
 
Messages
5,948
Location
Texas Hill Country
The boss just wants to monitor your telephone calls. Your skype call is encrypted. Plus it eats bandwidth. I bet they are most concerned about the bandwidth you would eat with the voip..
 
Messages
1,904
Location
Canada
Yeah its a security issue. Users downloading, and installing software from any source that is not verified to be authentic and authorized by license is a 'security risk'. I am a computer engineer, and I would not permit that software to be installed a in a workplace environment. Also, it undermines management's ability to perform surveillance of employees as is often legally mandated, or required by regulation. Skype is no substitute for a legitimate and appropriate business telephony solution. I help a lot of people in my family with computers. The only 'rule' I have with them is that they not install anything that's 'freely downloaded' on the Internet, or open any email attachment that executes (if they do -- then I assume that they don't need my help, because they're now computer 'experts'). I've seen lots of programs that seem to be benign, such as P2P file sharing, scanner to laser printer 'photocopier' apps, software license cracks, etc. -- actually carry payloads of spyware and adware (its the 'business model' of many of these software developers to live on the income generated by spyware's activities). Its one thing for a power-user, computer scientist/engineer/experienced techie to download something and install it on their computer, its quite another for a computer-neophyte secretary to install some downloaded app, oblivious to the extra adware/spyware payload that is often found in such software, and the extra costs cleaning up such messes impose on business.
 

crinkles

Thread starter
Messages
5,573
Location
earth
so, any malware in Skype? thanks for all the replies, but note, i am installing it at home, not work, its just that at work it is not allowed.
 
Messages
11,454
Location
Illinois
Probably not in Skype, but how can any employer guarantee an employee won't get a hacked version of Skype? Just because the file you install is "clean" doesn't mean someone will not obtain something that was hacked. Someone who writes spyware, malware, viruses, etc could embed such a thing in any application and re-package it for folks who don't suspect. They think they are getting Skype, but inside the Skype is a trojan ready to do it's work when installed. Heck, you really wouldn't even need to modify the original program, just the installer to install some extra goodies. So the best policy is to not allow users to install software, period.
 
Messages
549
Location
New Mexico, U.S.A.
Most users on my networks have no install privileges, period. Software is doled out by the stingy admin via GP. All LAN <--> WAN traffic is monitored, filtered for content and by protocol in realtime at the network perimeter, and logged. External e-mail is blocked, and company e-mail is archived and filtered--unprofessional content is blocked and copied to the audit server. Encrypted connections are only available to approved remote hosts. Corporate IM chats are all archived and machine-audited for content; third-party IM traffic is blocked at the perimeter. Users' surfing habits are not restricted much, but remote host names, amount of data transferred, protocols used, and time spent there are logged for each user. The only thing more frustrating than being a user on a network like this is being the one responsible for it.
 
Messages
2,820
Location
Southeast Alabama
 Originally Posted By: tropic
Most users on my networks have no install privileges, period. Software is doled out by the stingy admin via GP. All LAN <--> WAN traffic is monitored, filtered for content and by protocol in realtime at the network perimeter, and logged. External e-mail is blocked, and company e-mail is archived and filtered--unprofessional content is blocked and copied to the audit server. Encrypted connections are only available to approved remote hosts. Corporate IM chats are all archived and machine-audited for content; third-party IM traffic is blocked at the perimeter. Users' surfing habits are not restricted much, but remote host names, amount of data transferred, protocols used, and time spent there are logged for each user. The only thing more frustrating than being a user on a network like this is being the one responsible for it.
Only a start! Folks in the business world are just now starting to realize how much time that employees spend doing other than what they are being paid for. More and more company intranets will come into being without internet access. Where there is internet more monitoring and restrictions will be imposed. Only takes a few which make it bad for others.
 
Top