Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Gartner: Skype Bugs Bad News For Enterprise

The most recent bug in Skype is another clue to enterprises that they should steer clear of the VoIP service, research firm Gartner recently warned.

Two weeks ago, Skype patched a critical vulnerability that could let an attacker send a file to another user without his or her consent, and potentially obtain access to the recipient's computer and data.

"This vulnerability follows three in 2005 (two high-risk, one low-risk) and highlights the risk of not establishing and implementing an enterprise policy for Skype," wrote Gartner research director Lawrence Orans in an online research note. "Because the Skype client is a free download…most businesses have no idea how many Skype clients are installed on their systems or how much Skype traffic passes over their networks."

The problem, said Orans, is that Skype doesn't demand that vulnerable clients be updated, and sans administrative management controls to force this, the VoIP client leaves corporate networks open to attack.

"In contrast, Microsoft immediately restricted access to its MSN Messenger instant messaging (IM) service in 2005 when it discovered a vulnerability in its IM client. Only users with an updated and nonvulnerable [sic] client were allowed to access the service, which meant Microsoft essentially performed the vulnerability management process on behalf of businesses. Skype provides no such protection," Orans added.

  • 1