# Skype: Is it safe?

## techwraithx

I've been hearing some talk about skype recently and just thought of giving it a run. Installed it in windows first (couldn't trust the company after what I've heard about kazaa). Adaware detected two spyware Alexa registry keys after the installation, apart from that everything seems ok. So I was just thinking of installing it in Gentoo, has anyone been using skype on Linux? Is it safe - I mean does it come with any spyware or open any backdoors or anything. I really can't afford to break my linux box right now.

PS: Are there any open source alternatives to this one; excluding Gaim-vv and Teamspeak

----------

## cato`

It is safe, but it uses OSS, not ALSA   :Crying or Very sad: 

I could not make Skype work with dmix.

----------

## zerojay

Skype is safe.

----------

## Sith_Happens

Gotta love the cool "l33t" answer  *DarkStalker wrote:*   

> Skype is safe.

 Terse, as if to say, accept my answer without any explanation because I said so, and like it.  I looked into it a while back when it came out, and if you read there end-user terms of use, they swear up and down that it contains no spyware.  I tend to believe them, simply because with kazzaa (or however you spell it), the only way for them to make money was spyware, where as with skype, they charge you for skype to landline calls.  I see skype as akin to the the mafia getting into vegas casinos, there trying to go legit.

----------

## zerojay

 *Sith_Happens wrote:*   

> Gotta love the cool "l33t" answer  *DarkStalker wrote:*   Skype is safe. Terse, as if to say, accept my answer without any explanation because I said so, and like it.  I looked into it a while back when it came out, and if you read there end-user terms of use, they swear up and down that it contains no spyware.  I tend to believe them, simply because with kazzaa (or however you spell it), the only way for them to make money was spyware, where as with skype, they charge you for skype to landline calls.  I see skype as akin to the the mafia getting into vegas casinos, there trying to go legit.

 

There was nothing cool or 'l33t' about the answer at all. It was direct and to the point. If you don't like it, too bad. Get over it.

Skype would be completely shooting themselves in the foot if they were including spyware or backdoors with their software and I'm pretty sure that if they were, it would be found out so quickly by the much less trusting security researchers out there, which would cause a major alarm to be raised over it. Also, including backdoors on programs that would be running as an unprivileged user anyways is pretty much pointless.

As far as anyone knows, skype is clean of anything that would cause us harm. I couldn't even imagine the backlash the open source community would have against the first company to attempt to include spyware or backdoors in their Linux programs. Hell hath no fury like a geek scorned.

----------

## Sith_Happens

Actually, it looks as if I got the attitude just right.  I was only kidding though, no need to get your panties in a bunch.

----------

## techwraithx

 *cato` wrote:*   

> It is safe, but it uses OSS, not ALSA  
> 
> I could not make Skype work with dmix.

 

What happened? I just installed it and it's working fine with oss emulation. The one in portage (0.93.0.3) and the latest dynamic binary (0.94.0.1) from their site both work automagically out of the box for me.

----------

## Sith_Happens

Thats because your using OSS emulation, it doesn't work with just plain ALSA.

----------

## zerojay

Correct, the current version of Skype requires OSS emulation. I believe they are working on getting ALSA to work also.

----------

## seidren

hmmm... I have been using skype for a while now. And I dont have OSS-emulation installed. I have to edit the /usr/bin/skype file and tell it not use a sound wrapper and it works fine. Of course while using skype other apps wont be able to use sound, but I am working towards getting dmix to work. 

The skype script at /usr/bin should work with sound daemons like arts and esd but it always crashes when i make a call so I disabled sound daemon wrapping and it works. So I think skype works with alsa.

Correct me if I am wrong.

----------

## truekaiser

just wait for skype lite.

----------

## j-m

OK, just wondering how can anyone say "Skype IS safe" without having ever seen its source code... Hmmm.   :Rolling Eyes:   :Twisted Evil: 

----------

## zerojay

There's been enough people banging away on the binary to know.

----------

## j-m

 *DarkStalker wrote:*   

> There's been enough people banging away on the binary to know.

 

Excuse my ignorance, but I simply disagree. Safety is not only about preventing attacks from outside, so are you really 100% sure that this tools does not "phone home", e.g.?   :Rolling Eyes: 

Moreover, every time I was trying this one I received an enormous number of firewall hits (like portscans, attempted ssh root logins, etc., etc.), so this is definitely not something I would call safe. YMMV. 

 :Twisted Evil: 

----------

## zerojay

 *j-m wrote:*   

>  *DarkStalker wrote:*   There's been enough people banging away on the binary to know. 
> 
> Excuse my ignorance, but I simply disagree. Safety is not only about preventing attacks from outside, so are you really 100% sure that this tools does not "phone home", e.g.?  
> 
> Moreover, every time I was trying this one I received an enormous number of firewall hits (like portscans, attempted ssh root logins, etc., etc.), so this is definitely not something I would call safe. YMMV. 
> ...

 

Probably unrelated. I never once have been portscaned or had any root ssh connections while using it.

----------

## j-m

 *DarkStalker wrote:*   

> 
> 
> Probably unrelated. I never once have been portscaned or had any root ssh connections while using it.

 

It´s probably NOT unrelated since those attacks stopped in a few minutes after terminating Skype and started again once Skype was launched. That´s  all from me. Howgh!

----------

## zerojay

Keep spreading the FUD.

Skype runs as an unprivileged user. If Skype had a backdoor installed, they wouldn't need to do any portscans or ssh root attempts on you since they would just go through the backdoor anyways. What it might be, if you are telling the truth, is someone on the network scanning Skype's users for IP addresses and attempting to connect to people, which wouldn't be a Skype security problem to begin with.

Skype's really popular in the Linux community. If there were backdoors and major security issues, they would have been found already and all sorts of hell would have been raised about it.

----------

## j-m

 *DarkStalker wrote:*   

> Keep spreading the FUD.
> 
> Skype's really popular in the Linux community. If there were backdoors and major security issues, they would have been found already and all sorts of hell would have been raised about it.

 

I´m not spreading FUD, I am spreading my personal experience.  :Rolling Eyes: 

 *Quote:*   

> 
> 
> Windows is really popular in the Windows community. If there were backdoors and major security issues, they would have been found already and all sorts of hell would have been raised about it.
> 
> 

 

You get my point? No? Your shame.   :Razz: 

----------

## zerojay

 *j-m wrote:*   

>  *DarkStalker wrote:*   Keep spreading the FUD.
> 
> Skype's really popular in the Linux community. If there were backdoors and major security issues, they would have been found already and all sorts of hell would have been raised about it. 
> 
> I´m not spreading FUD, I am spreading my personal experience. 
> ...

 

Ever heard of BugTraq? 

Skype is a hell of a lot smaller than Windows and therefore a lot easier to check through for problems. Since you seem to have so many problems with ssh connections and all that, why don't you run skype under gdm and show us where all these backdoors are? I'm almost certain the portscans and ssh connections you are getting are related to the ssh worm/script/whatever that's been going around taking over machines since the beginning of last summer. And all that your experiences have shown is that ssh's security is being tested, not skype. There's nothing related.

----------

## j-m

 *DarkStalker wrote:*   

> 
> 
> Ever heard of BugTraq? 
> 
> Since you seem to have so many problems with ssh connections and all that, why don't you run skype under gdm and show us where all these backdoors are?

 

Not necessary if source code was available. I am not willing to debug closed source proprietary apps, sorry.   :Evil or Very Mad: Last edited by j-m on Sat Feb 05, 2005 12:24 pm; edited 1 time in total

----------

## zerojay

Of course you're not, that might prove you wrong. There's a lot of people that don't trust binary closed source apps out there and they do run programs like skype through gdb so that they know if the program is trustworthy or not. There hasn't been any info anywhere about anything related to any skype backdoors at all. If skype had backdoors, there would be no need for ssh logins to root or portscans whatsoever and even if there were backdoors, skype runs as an unprivileged user anyways. Like I said before, if skype allows people to view other users IP addresses, someone might be running a script to grab those IPs and test them, but that wouldn't be a skype client security risk to begin with.

Before you accuse anyone of putting backdoors in their programs, you better have proof and so far you've produced none and haven't been willing to produce any, therefore FUD.

----------

## Lore

Hm, I've examined the traffic with ethereal for some time and there were no hints towards any spyware activity. Here is a more detailed report how skype works: http://www.cs.columbia.edu/%7Elibrary/TR-repository/reports/reports-2004/cucs-039-04.pdf

They've also found no suspicious activity.

A open source skype would be great and I would join such a freeSkype project.

----------

## Baalz

The people who created skype are the people who created the fasttrack protocol/kazaa but then they sold everything to Sherman Networks who added the spywares. While we should not trust them blindly there is no reasons to be paranoiac about them either...

----------

## doublehp

 *j-m wrote:*   

> OK, just wondering how can anyone say "Skype IS safe" without having ever seen its source code... Hmmm.   

 

you dont need the source : all systems provide a file/soket activity monitor.

Under Linux, you open /proc/<PID>, or heavily use lsof. if you never see skype opening files different than /dev/dsp or glibc or ~/.Skype or its own listening v4 TCP port, then there cant be spyware.

The definition of spyware is a software that either forwards backdors (thus open new TCP ports), or scan your box for security issues (thus open disk files). If you see no file or network activity, there cant be spyware.

But I never personally examinated sype file activity. I just believe/hope some other geek did it, and if they did, and had find any thing strange, I hope they would report.

----------

