Analysts: Skype could pose security problems

27.10.2005
Von 
Jaikumar Vijayan schreibt unter anderem für unsere US-Schwesterpublikation CSO Online.

As a result, Skype could provide a backdoor entry into otherwise secure networks for Trojans, worms and viruses, Newton said. It could also provide a channel for corporate data to be freely shared between users without any of the usual security considerations.

Also, like other P2P applications such as KaaZaa, the connection sharing permitted by Skype makes the the host computer and the network available to others as well, said Robin Bloor, an analyst at Hurwitz & Associates in Waltham. Mass.

As a result, "Skype can use a lot of network bandwidth, which may interfere with business applications and services," said Andrea Wuchner-Bruhl, head of global IT security at Novartis Pharma AG, in Basel, Switzerland.

The fact that Skype uses a proprietary protocol instead of a standard one such as the Session Initiation Protocol (SIP) also makes it an "unknown from the point of view of the vulnerabilities that might be there," said John Pescatore, a Gartner analyst.

"Every nonstandard application can add unnecessary risks to your environment," Wuchner-Bruhl said. "In the end no one really knows what all is built into such an application."

So far at least, there have been no major attacks directed against Skype. But its growing popularity and installed base will inevitably make it a hacker target, analysts said.