| View previous topic :: View next topic |
| Author |
Message |
techwraithx
n00b
Joined: 17 Sep 2004
Posts: 2
|
 Posted: Sat Jan 29, 2005 5:14 pm Post subject: Skype: Is it safe? |
 |
|
I've been hearing some talk about skype recently and just thought of giving it a run. Installed it in windows first (couldn't trust the company after what I've heard about kazaa). Adaware detected two spyware Alexa registry keys after the installation, apart from that everything seems ok. So I was just thinking of installing it in Gentoo, has anyone been using skype on Linux? Is it safe - I mean does it come with any spyware or open any backdoors or anything. I really can't afford to break my linux box right now.
PS: Are there any open source alternatives to this one; excluding Gaim-vv and Teamspeak |
|
| Back to top |
|
 |
cato`
Guru
Joined: 03 Jun 2002
Posts: 430
Location: Norway, Trondheim
|
| Posted: Sat Jan 29, 2005 5:18 pm Post subject: |
|
|
It is safe, but it uses OSS, not ALSA 
I could not make Skype work with dmix.
_________________
Don't mess with the Penguin. |
|
| Back to top |
|
|
zerojay
Veteran
Joined: 09 Aug 2003
Posts: 1033
|
| Posted: Sun Jan 30, 2005 12:15 am Post subject: |
|
|
| Skype is safe. |
|
| Back to top |
|
|
Sith_Happens
Veteran
Joined: 15 Dec 2004
Posts: 1807
Location: The University of Maryland at College Park
|
| Posted: Sun Jan 30, 2005 5:56 am Post subject: |
|
|
Gotta love the cool "l33t" answer | DarkStalker wrote: | | Skype is safe. |
Terse, as if to say, accept my answer without any explanation because I said so, and like it. I looked into it a while back when it came out, and if you read there end-user terms of use, they swear up and down that it contains no spyware. I tend to believe them, simply because with kazzaa (or however you spell it), the only way for them to make money was spyware, where as with skype, they charge you for skype to landline calls. I see skype as akin to the the mafia getting into vegas casinos, there trying to go legit.
_________________
"That question was less stupid; though you asked it in a profoundly stupid way."
I'm the brains behind Jackass! | Tutorials: Shorewall |
|
| Back to top |
|
|
zerojay
Veteran
Joined: 09 Aug 2003
Posts: 1033
|
| Posted: Sun Jan 30, 2005 6:14 am Post subject: |
|
|
| Sith_Happens wrote: | Gotta love the cool "l33t" answer | DarkStalker wrote: | | Skype is safe. |
Terse, as if to say, accept my answer without any explanation because I said so, and like it. I looked into it a while back when it came out, and if you read there end-user terms of use, they swear up and down that it contains no spyware. I tend to believe them, simply because with kazzaa (or however you spell it), the only way for them to make money was spyware, where as with skype, they charge you for skype to landline calls. I see skype as akin to the the mafia getting into vegas casinos, there trying to go legit. |
There was nothing cool or 'l33t' about the answer at all. It was direct and to the point. If you don't like it, too bad. Get over it.
Skype would be completely shooting themselves in the foot if they were including spyware or backdoors with their software and I'm pretty sure that if they were, it would be found out so quickly by the much less trusting security researchers out there, which would cause a major alarm to be raised over it. Also, including backdoors on programs that would be running as an unprivileged user anyways is pretty much pointless.
As far as anyone knows, skype is clean of anything that would cause us harm. I couldn't even imagine the backlash the open source community would have against the first company to attempt to include spyware or backdoors in their Linux programs. Hell hath no fury like a geek scorned. |
|
| Back to top |
|
|
Sith_Happens
Veteran
Joined: 15 Dec 2004
Posts: 1807
Location: The University of Maryland at College Park
|
| Posted: Sun Jan 30, 2005 3:09 pm Post subject: |
|
|
Actually, it looks as if I got the attitude just right. I was only kidding though, no need to get your panties in a bunch.
_________________
"That question was less stupid; though you asked it in a profoundly stupid way."
I'm the brains behind Jackass! | Tutorials: Shorewall |
|
| Back to top |
|
|
techwraithx
n00b
Joined: 17 Sep 2004
Posts: 2
|
| Posted: Sun Jan 30, 2005 3:27 pm Post subject: |
|
|
| cato` wrote: | It is safe, but it uses OSS, not ALSA
I could not make Skype work with dmix. |
What happened? I just installed it and it's working fine with oss emulation. The one in portage (0.93.0.3) and the latest dynamic binary (0.94.0.1) from their site both work automagically out of the box for me. |
|
| Back to top |
|
|
Sith_Happens
Veteran
Joined: 15 Dec 2004
Posts: 1807
Location: The University of Maryland at College Park
|
| Posted: Sun Jan 30, 2005 7:55 pm Post subject: |
|
|
Thats because your using OSS emulation, it doesn't work with just plain ALSA.
_________________
"That question was less stupid; though you asked it in a profoundly stupid way."
I'm the brains behind Jackass! | Tutorials: Shorewall |
|
| Back to top |
|
|
zerojay
Veteran
Joined: 09 Aug 2003
Posts: 1033
|
| Posted: Sun Jan 30, 2005 8:46 pm Post subject: |
|
|
| Correct, the current version of Skype requires OSS emulation. I believe they are working on getting ALSA to work also. |
|
| Back to top |
|
|
seidren
n00b
Joined: 29 Sep 2004
Posts: 9
|
| Posted: Fri Feb 04, 2005 11:20 pm Post subject: |
|
|
hmmm... I have been using skype for a while now. And I dont have OSS-emulation installed. I have to edit the /usr/bin/skype file and tell it not use a sound wrapper and it works fine. Of course while using skype other apps wont be able to use sound, but I am working towards getting dmix to work.
The skype script at /usr/bin should work with sound daemons like arts and esd but it always crashes when i make a call so I disabled sound daemon wrapping and it works. So I think skype works with alsa.
Correct me if I am wrong. |
|
| Back to top |
|
|
truekaiser
l33t
Joined: 05 Mar 2004
Posts: 810
|
| Posted: Fri Feb 04, 2005 11:49 pm Post subject: |
|
|
| just wait for skype lite. |
|
| Back to top |
|
|
j-m
Retired Dev
Joined: 31 Oct 2004
Posts: 975
|
| Posted: Fri Feb 04, 2005 11:57 pm Post subject: |
|
|
OK, just wondering how can anyone say "Skype IS safe" without having ever seen its source code... Hmmm.   |
|
| Back to top |
|
|
zerojay
Veteran
Joined: 09 Aug 2003
Posts: 1033
|
| Posted: Sat Feb 05, 2005 3:31 am Post subject: |
|
|
| There's been enough people banging away on the binary to know. |
|
| Back to top |
|
|
j-m
Retired Dev
Joined: 31 Oct 2004
Posts: 975
|
| Posted: Sat Feb 05, 2005 9:09 am Post subject: |
|
|
| DarkStalker wrote: | | There's been enough people banging away on the binary to know. |
Excuse my ignorance, but I simply disagree. Safety is not only about preventing attacks from outside, so are you really 100% sure that this tools does not "phone home", e.g.?
Moreover, every time I was trying this one I received an enormous number of firewall hits (like portscans, attempted ssh root logins, etc., etc.), so this is definitely not something I would call safe. YMMV.
|
|
| Back to top |
|
|
zerojay
Veteran
Joined: 09 Aug 2003
Posts: 1033
|
| Posted: Sat Feb 05, 2005 9:31 am Post subject: |
|
|
| j-m wrote: | | DarkStalker wrote: | | There's been enough people banging away on the binary to know. |
Excuse my ignorance, but I simply disagree. Safety is not only about preventing attacks from outside, so are you really 100% sure that this tools does not "phone home", e.g.?
Moreover, every time I was trying this one I received an enormous number of firewall hits (like portscans, attempted ssh root logins, etc., etc.), so this is definitely not something I would call safe. YMMV.
|
Probably unrelated. I never once have been portscaned or had any root ssh connections while using it. |
|
| Back to top |
|
|
j-m
Retired Dev
Joined: 31 Oct 2004
Posts: 975
|
| Posted: Sat Feb 05, 2005 9:36 am Post subject: |
|
|
| DarkStalker wrote: |
Probably unrelated. I never once have been portscaned or had any root ssh connections while using it. |
It´s probably NOT unrelated since those attacks stopped in a few minutes after terminating Skype and started again once Skype was launched. That´s all from me. Howgh! |
|
| Back to top |
|
|
zerojay
Veteran
Joined: 09 Aug 2003
Posts: 1033
|
| Posted: Sat Feb 05, 2005 9:55 am Post subject: |
|
|
Keep spreading the FUD.
Skype runs as an unprivileged user. If Skype had a backdoor installed, they wouldn't need to do any portscans or ssh root attempts on you since they would just go through the backdoor anyways. What it might be, if you are telling the truth, is someone on the network scanning Skype's users for IP addresses and attempting to connect to people, which wouldn't be a Skype security problem to begin with.
Skype's really popular in the Linux community. If there were backdoors and major security issues, they would have been found already and all sorts of hell would have been raised about it. |
|
| Back to top |
|
|
j-m
Retired Dev
Joined: 31 Oct 2004
Posts: 975
|
| Posted: Sat Feb 05, 2005 10:06 am Post subject: |
|
|
| DarkStalker wrote: | Keep spreading the FUD.
Skype's really popular in the Linux community. If there were backdoors and major security issues, they would have been found already and all sorts of hell would have been raised about it. |
I´m not spreading FUD, I am spreading my personal experience.
| Quote: |
Windows is really popular in the Windows community. If there were backdoors and major security issues, they would have been found already and all sorts of hell would have been raised about it.
|
You get my point? No? Your shame.  |
|
| Back to top |
|
|
zerojay
Veteran
Joined: 09 Aug 2003
Posts: 1033
|
| Posted: Sat Feb 05, 2005 10:13 am Post subject: |
|
|
| j-m wrote: | | DarkStalker wrote: | Keep spreading the FUD.
Skype's really popular in the Linux community. If there were backdoors and major security issues, they would have been found already and all sorts of hell would have been raised about it. |
I´m not spreading FUD, I am spreading my personal experience.
| Quote: |
Windows is really popular in the Windows community. If there were backdoors and major security issues, they would have been found already and all sorts of hell would have been raised about it.
|
You get my point? No? Your shame. |
Ever heard of BugTraq?
Skype is a hell of a lot smaller than Windows and therefore a lot easier to check through for problems. Since you seem to have so many problems with ssh connections and all that, why don't you run skype under gdm and show us where all these backdoors are? I'm almost certain the portscans and ssh connections you are getting are related to the ssh worm/script/whatever that's been going around taking over machines since the beginning of last summer. And all that your experiences have shown is that ssh's security is being tested, not skype. There's nothing related. |
|
| Back to top |
|
|
j-m
Retired Dev
Joined: 31 Oct 2004
Posts: 975
|
| Posted: Sat Feb 05, 2005 10:35 am Post subject: |
|
|
| DarkStalker wrote: |
Ever heard of BugTraq?
Since you seem to have so many problems with ssh connections and all that, why don't you run skype under gdm and show us where all these backdoors are? |
Not necessary if source code was available. I am not willing to debug closed source proprietary apps, sorry. 
Last edited by j-m on Sat Feb 05, 2005 12:24 pm; edited 1 time in total |
|
| Back to top |
|
|
zerojay
Veteran
Joined: 09 Aug 2003
Posts: 1033
|
| Posted: Sat Feb 05, 2005 10:42 am Post subject: |
|
|
Of course you're not, that might prove you wrong. There's a lot of people that don't trust binary closed source apps out there and they do run programs like skype through gdb so that they know if the program is trustworthy or not. There hasn't been any info anywhere about anything related to any skype backdoors at all. If skype had backdoors, there would be no need for ssh logins to root or portscans whatsoever and even if there were backdoors, skype runs as an unprivileged user anyways. Like I said before, if skype allows people to view other users IP addresses, someone might be running a script to grab those IPs and test them, but that wouldn't be a skype client security risk to begin with.
Before you accuse anyone of putting backdoors in their programs, you better have proof and so far you've produced none and haven't been willing to produce any, therefore FUD. |
|
| Back to top |
|
|
Lore
Apprentice
Joined: 16 Feb 2004
Posts: 152
Location: Karlsruhe
|
|
| Back to top |
|
|
Baalz
n00b
Joined: 29 Oct 2003
Posts: 20
Location: Montreal
|
| Posted: Wed Feb 09, 2005 1:32 am Post subject: Misunderstanding... |
|
|
The people who created skype are the people who created the fasttrack protocol/kazaa but then they sold everything to Sherman Networks who added the spywares. While we should not trust them blindly there is no reasons to be paranoiac about them either...
_________________
The conquering penguin of the tribe of UNIX... |
|
| Back to top |
|
|
doublehp
Guru
Joined: 11 Apr 2005
Posts: 473
Location: FRANCE
|
| Posted: Sun May 01, 2005 4:25 pm Post subject: |
|
|
| j-m wrote: | | OK, just wondering how can anyone say "Skype IS safe" without having ever seen its source code... Hmmm. |
you dont need the source : all systems provide a file/soket activity monitor.
Under Linux, you open /proc/<PID>, or heavily use lsof. if you never see skype opening files different than /dev/dsp or glibc or ~/.Skype or its own listening v4 TCP port, then there cant be spyware.
The definition of spyware is a software that either forwards backdors (thus open new TCP ports), or scan your box for security issues (thus open disk files). If you see no file or network activity, there cant be spyware.
But I never personally examinated sype file activity. I just believe/hope some other geek did it, and if they did, and had find any thing strange, I hope they would report.
_________________
DEMAINE Benoît-Pierre (aka DoubleHP ) http://www.demaine.info/
>o_/ Coin coin coin \_o<
to contact me (MSN,ICQ, JABBER, Skype ... ) http://benoit.demaine.info/contact.png |
|
| Back to top |
|
|
|
Networking & Security
