Thank you for a great product !!! My whole family now has SKYPE and I’d started to introduce my co-workers to the idea with already a couple of glad users on-line. See we are a tech company traveling al over Scandinavia – just imagine what 11 technicians using mobile telephony in a month calling from country to country costs? Talk about savings !
We now also have our first end customer receiving support from us throw SKYPE and there are especially happy about the file transfer function for downloading tech logs etc that way. It’s very convenient.
But like all other programs ( eg Windows it’s self ? ) – The more success SKYPE has in their growing no. of users, that more interesting it will be for virus programmers to taget it. – KAZAA is proof of that.
There is a security issues there in the file transfer option, that we discussed: It's VERY important that the SKYPE team see to it that it's safe to use file transfer and that its NOT misused to "spam" people with unwanted ads - or worse - virus throw the function. EG - a smart virus guy creates a virus that spreads throw the file transfer system.
Here are a couple of suggestions to secure that.
1. Viruses that uses that uses standard. In/out library of file transfer programs like KAZAA to spread or/and spam already exist!. It’s just a matter of time before the next one is also written for SKYPE. To avoid this: In the personal setup ask ( force ) the user to set ( or make ) the library to use for SKYPE incoming/out going files. Do not set up a standard library for this like you do now with “My skype pictures” and “My Skype Received files” in the installation. By asking the user to do so a virus hasn’t a chance, because the library name is country specific and varies. – and make sure the ini file or dll you store these setup’s in IS VERY secure, so that it cant be just read by a virus.
2. When that virus comes for Skype ( and it will ), you as a user would want to keep the contact to the poor guy, that has got infected – but you don’t want his file transfers. Today all you can set up is either block fully or allow communication.
May I suggest in the right click menu on a user where you have the “rename” facility – put in a whole new setup that on each user in the contact list, that enables to control how you communicate with this user.:
a. Name visible – like now the “rename”
b. Check if Voice com is allowed
c. Check if IM is allowed
d. Check if File transfer is allowed.
- if not checked, simply ignore incoming communication on that issue. This gives you full control on how you want a user to be handled and is also practical in other issues of privacy. It’s not always you want a person to communicate throw all facilities seen from a private security point of you
Again thank you for a product that really makes the phone companies wake up !!! They can’t ignore you any longer. I knew, when I tried it out first time a year ago that their era of ripping people off for decades was over. I like the role of “a rebel” and I’m one of your greatest ambassadors always demo’ing SKYPE and convincing people to join.
Full Version: Security - File transf.
You can only get files through file transfer from people you have authorized!
Yes - but you missed the point !!! I'm talking about a virus attacking a user you already HAVE aut. !!! You want to avoid that situation - thus my suggestions. 1. pevent a virus from using the std. lib's ( was what made KAZAA being misused in NETSKY ) - 2: if it happens anyway: prevet it from spreading throw block of file trans, but still keep the person in your list with out blocking totally.
Sorry, I skimmed your post only.
You are right and I agree with you.
You are right and I agree with you.
I don't really get what are you saying about standard libraries vs file transfer? The transferred files don't have much to do with libraries.
Indeed, we are thinking of making file transfer more waterproof, but it's pretty good as it is already:
* you can only transfer files to people who have authorized you.
* when you start to get file transfers, you get this standard warning box. It is possible to disable it for the future, but every user sees it at least once.
* you explicitly have to accept each file sent to you (click Save As and select save location). If you accept files that look strange and execute them, you can only blame yourself.
Indeed, we are thinking of making file transfer more waterproof, but it's pretty good as it is already:
* you can only transfer files to people who have authorized you.
* when you start to get file transfers, you get this standard warning box. It is possible to disable it for the future, but every user sees it at least once.
* you explicitly have to accept each file sent to you (click Save As and select save location). If you accept files that look strange and execute them, you can only blame yourself.
I think he means a virus using Skype .dll's without skype being opened.
Though there is only one problem with that theory, Skype does not have dll's. Well I haven't found any that's for sure.
Hope I got it this time right
Though there is only one problem with that theory, Skype does not have dll's. Well I haven't found any that's for sure.
Hope I got it this time right
Sure – this is academic right now and hasn’t happened yet to my knowledge, but never the less a problem ! – or it’s a language problem on my part ? … maybe I’m using the wrong word?
1: using std. Liberia’s ( Path of file storage/file upload) in the installation process makes it easier to make a virus that mis- uses that !
2: If a Skype user is infected by a future virus, you would get the file transfer request all the time, while on-line, right ?? You authorized the user and therefore allowed file transfer pop-up ? yes, you can throw the current process reject it – but if it comes up 10 times a minute due to the virus genius programming, you would be forced to block the user ( that’s your frind ! ) totally to escape the irritation.
Maybe I’m seeing ghosts ? – but I’v seen so many examples of just such aggressive virus/adware programming throw my daily work, that actually make people stop using the programs because of that …. And that would be sad ?
1: using std. Liberia’s ( Path of file storage/file upload) in the installation process makes it easier to make a virus that mis- uses that !
2: If a Skype user is infected by a future virus, you would get the file transfer request all the time, while on-line, right ?? You authorized the user and therefore allowed file transfer pop-up ? yes, you can throw the current process reject it – but if it comes up 10 times a minute due to the virus genius programming, you would be forced to block the user ( that’s your frind ! ) totally to escape the irritation.
Maybe I’m seeing ghosts ? – but I’v seen so many examples of just such aggressive virus/adware programming throw my daily work, that actually make people stop using the programs because of that …. And that would be sad ?
Ok, I think I finally get it. (If not I'm going to take a vacation to clear my mind )
Kazaa has, as you said, standard in and out folders. The out folder is a shared folder, which means that somebody can get that file without the computer owner's (user's) active involvement.
Skype does not work that way!
Sending a file needs the user's action to send and the other users action to receive.
It doesn't have an out folder or sending folder cause the user has to specify form where and which file to send.
You also can save the received file anywhere on your hard drive. That 'Skype Received Files' folder is just there for you convenience.
Anyway, sorry that I have misunderstood you this many times, the problem was that I don't use library in this context cause I refer to it as folder or directory(as it was called in DOS).
)
Kazaa has, as you said, standard in and out folders. The out folder is a shared folder, which means that somebody can get that file without the computer owner's (user's) active involvement.
Skype does not work that way!
Sending a file needs the user's action to send and the other users action to receive.
It doesn't have an out folder or sending folder cause the user has to specify form where and which file to send.
You also can save the received file anywhere on your hard drive. That 'Skype Received Files' folder is just there for you convenience.
Anyway, sorry that I have misunderstood you this many times, the problem was that I don't use library in this context cause I refer to it as folder or directory(as it was called in DOS).
Thanks for understanding - but that stills leaves my suggestion no. 2 open ???
Your second suggestion is a great one.
Now you can only block and allow that means if he gets infected you have to block and communicate through other channels to find out if his/she disinfected the PC.
But it is not only about a virus. It can be an annoying contact whom you authorized my mistake or only later turned out to be that annoying.
I agree that a far more complex privacy feature should be enabled.
Thus we should be able to separately allow or disallow voice, IM, transfer from users.
Per user invisibility should also be added to the equation.
Now you can only block and allow that means if he gets infected you have to block and communicate through other channels to find out if his/she disinfected the PC.
But it is not only about a virus. It can be an annoying contact whom you authorized my mistake or only later turned out to be that annoying.
I agree that a far more complex privacy feature should be enabled.
Thus we should be able to separately allow or disallow voice, IM, transfer from users.
Per user invisibility should also be added to the equation.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.