A new security product has been released that manages certain aspects of Skype's VOIP (voice over Internet Protocol) application, which may assuage fears from IT managers that the Skype program may save on phone bills but pose a security risk.
Skype has licensed APIs (application programming interfaces) to just one security vendor, FaceTime Communications, which specializes in instant messaging and peer-to-peer network security technology. FaceTime is promoting its product, FaceTime Internet Security Edition for Skype (FISE), at the InfoSecurity Europe show in London this week.
The APIs allow FISE to control several aspects of Skype use. At the top level, it can control who is allowed to use Skype. At a finer level, it can control whether those users are allow to use the VOIP, chat, and instant messaging functions, said Sarah Carter, who works in FaceTime's marketing department. FISE can also block the use of older versions of Skype with known vulnerabilities.
Skype has concerned security analysts -- it uses an encrypted protocol that's been updated at least 35 times since last year to avoid detection by security products, said Carter.
That poses a risk for businesses, since Skype's chat and file-sharing feature could potentially be used to transfer confidential information. Security managers would not even know the application is on one of their user's machines.
"Skype tends to be brought into organizations by end users," Carter said.
Security researchers have been able to reverse engineer some versions of Skype to detect its protocol, but it's difficult, said Kanwar Loyal, U.K. sales manager for FaceTime. Skype is capable of using most ports on a machine and can also bypass firewalls and "tunnel" using the HTTP (Hypertext Transfer Protocol) protocol.
"It's so well written -- very clever ," Loyal said.
Those evasive techniques may inspire confidence among users concerned about privacy and eavesdropping, but don't translate well to businesses. And Skype, which is owned by eBay, is eager to capture part of the growing business VOIP market. Skype officials estimate about 33 percent of its 170 million users are business users.
FaceTime's product uses a Linux appliance, RTGuardian, to detect and block Skype sessions and block unsanctioned versions of the application. It also uses a server, the Greynet Enterprise Manager, which manages who uses specific functions. Pricing starts at $7,000 for 50 users per year.
FaceTime officials didn't have immediate details on how long they will have an exclusive relationship with Skype. Their deal was reached in February. However, the company hopes Skype will eventually share other APIs that would allow for URL (Uniform Resource Locator) filtering during chat sessions to prevent phishing, antivirus scanning and blocking spam via instant messaging.