How to prevent skype's violation-Skype bypasses Firewall

[Guest]

The skype messenger is violating the XP security/Firewall. Even after
removing from the exception list, skype automatically launches by adding
itself to the exception list.
Another bad thing, even after denying the privilege to launch, skype
launches itself during startup.
The worst thing is there is no way to prevent Skype launching automatically
during startup.

They’re no other option other than uninstalling Skype.
You have to fix these security holes if people have t o use your software.

 

[Carey Frisch [MVP]]

"Skype" is not a Microsoft product.

Submit a Support Request to Skype
http://support.skype.com/?_a=tickets&_m=submit

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User
Microsoft Newsgroups

Get Windows XP Service Pack 2 with Advanced Security Technologies:
http://www.microsoft.com/athome/security/protect/windowsxp/choose.mspx

-------------------------------------------------------------------------------------------

:

| The skype messenger is violating the XP security/Firewall. Even after
| removing from the exception list, skype automatically launches by adding
| itself to the exception list.
| Another bad thing, even after denying the privilege to launch, skype
| launches itself during startup.
| The worst thing is there is no way to prevent Skype launching automatically
| during startup.
|
| They’re no other option other than uninstalling Skype.
| You have to fix these security holes if people have t o use your software.

 

[Shenan Stanley]

The skype messenger is violating the XP security/Firewall. Even after
removing from the exception list, skype automatically launches by
adding itself to the exception list.

So - ask the Skype people, not the OS people.

Another bad thing, even after denying the privilege to launch, skype
launches itself during startup.

Perhaps you just didn't get rid of the startup properly?

The worst thing is there is no way to prevent Skype launching
automatically during startup.

I highly doubt that.

They're no other option other than uninstalling Skype.
You have to fix these security holes if people have t o use your
software.

So.. Why are you complaning in the Windows XP Security_Admin newsgroup?

Windows XP (Home or Professional? Which are you using, anyway?) is the
Operating system - Skype is the third-party software you voluntarily
downloaded and installed onto your system on top of (utilizing) your
operating system. Therefore - logic dictates that if you have a complaint
about somtheing a piece of software you voluntarily downloaded/installed
onto your system, you should complain to the proper individuals - which is
clearly those who created said software in this case. You gave it
permission to install and do whatever it deemed necessary to run. If you do
not want it - uninstall it.

How to stop Skype starting up with windows?
http://forum.skype.com/viewtopic.php?t=29560

Since they have this:
http://www.skype.com/help/guides/firewall_winxpsp2.html

I must think something is wrong with your install of Skype - or you have
left out parts of the story..

You may want to ask your question in their forums:
http://www.skype.com/community/forums.html

 

[Guest]

Hi Shenan,

So - ask the Skype people, not the OS people.

Shouldn’t the OS catch the Apps trying to breach. I mean Skype or any
others. The OS should be take the responsibility to stop the intruders.

The XP's SP2 never caught.

 

[Shenan Stanley]

The skype messenger is violating the XP security/Firewall. Even
after removing from the exception list, skype automatically
launches by adding itself to the exception list.

So - ask the Skype people, not the OS people.

Shouldn't the OS catch the Apps trying to breach. I mean Skype or any
others. The OS should be take the responsibility to stop the
intruders.

The XP's SP2 never caught.

You installed it, you gave it permission. It's not like you went to some
web page and it suddenly appeared on your machine - and if that had
happened - if you have Windows setup correctly (or even just at default
settings) - it would have warned you something was about to install - would
you like to allow it? Is the OS supposed to assume everyone is a moron all
the time (although Windows is one of the best at this) or - should the
end-user take some responsibility for his/her actions? How many times have
I cleaned up a system where the end-user swore not to know "how" something
happened, then part-way through you show them a few pop-up questions and
they admit that they did not know they weren't supposed to "just click
'yes'" to those questions.

If you purposely installed the application - which I assume you did, and
knowing the software a bit that is a pretty safe assumption - you gave it
permission to do so, whether by directly answering a question or two or not.
If you do not like what the application you gave permission to install is
doing now - get rid of it. There are ways of uninstalling it, even their
web page points these out - and their support forum would look kind of bad
if you asked for help there and did not get it. Admittedly - your
installation is acting strange if it *is* doing everything you are saying it
is - but again - your complaint is with the software you gave permissions to
install and run (run properly would be assumed here) on your system - not
with the OS.

Your house isn't going to tell you the bright green and fluorescent orange
exterior was a bad choice - but your neighbors probably will. Your
equipment/tools are only as smart as the person using them.. Yes - Windows
XP has gone to great lengths to make computing accessible to everyone - too
far in many aspects in my opinion - but it isn't and never will be
foolproof. You have to learn how to use it/maintain it and not abuse it and
blame the inanimate object when it breaks. ;-)

 

[Torgeir Bakken \(MVP\)]

Shouldn't the OS catch the Apps trying to breach. I mean Skype
or any others. The OS should be take the responsibility to stop
the intruders.

The XP's SP2 never caught.

Hi,

Actually, this is by design. Microsoft decided that an application
that already was running on your computer was allowed to add itself
to the FW exception list without the FW warning you about it. But
Microsoft recommends that the developer adds code that asks the user
for permission before doing it.

See this article by Christian Huitema [MSFT] for more on the reasoning
behind this decision:

The Windows XP/SP2 Firewall
http://www.huitema.net/sp2-firewall.asp

 

[cquirke (MVP Windows shell/user)]

On Sun, 19 Jun 2005 23:42:04 -0700, Jim Clark

Shouldn’t the OS catch the Apps trying to breach. I mean Skype or any
others. The OS should be take the responsibility to stop the intruders.

Well, it's like the Maginot Line; defences face outwards. The view is
that once a program is running within the system, it's presumably
supposed to be there so everything is done to "help" it.

Consider that many apps, Skype included, require the use of
non-standard ports. When users choose to install these, they expect
them to work; in fact, Windows usually gets blamed if they do not.

Part of the installation process for such apps is to reconfigure the
firewall to be compatible with what they are trying to do - in the
case of Skype, perform Voice over IP (VoIP) phone calls.

This is a erlatively unfamiliar application that Skype aims to make
commonplace, in part by making it easier. Expecting users to dabble
with custom firewall settings does not meet that goal.

Consider also that if the user finds Skype doesn't work unless the
firewall is disabled, they will either not use Skype (bad for Skype,
and the user who hoped to do what Skype can do) or disable the
firewall altogether (disasterous for the user).


Now I've seen the point made that allowing programs running on XP to
change firewall settings is a Bad Thing, and I agree up to a point,
but then again, many malware routinely smite down a long list of
firewalls, av, and other defensive tools. If you had Norton Internet
Security, or Kerio, or Sygate Pro etc. and these were disabled by
resident malware, you'd be just as dead.


On the historical Maginot line, see...

http://www.smithsonianmag.si.edu/smithsonian/issues97/jun97/maginot.html

....and then think about how easy it is to sit in a car with a laptop
and tune into someone else's wireless LAN via their wireless broadband
NAT router. Join the dots from there (hint: admin shares).

-- Risk Management is the clue that asks:

"Why do I keep open buckets of petrol next to all the
ashtrays in the lounge, when I don't even have a car?"

 

[cquirke (MVP Windows shell/user)]

On Mon, 20 Jun 2005 17:23:16 +0200, "Torgeir Bakken \(MVP\)"

Microsoft recommends that the developer adds code that asks the user
for permission before doing it.

Oh, please. Can we still afford this stupidity in 2005?

Look how today's web sites and software vendors operate. Leave it to
them to do the right thing is crazy; I'd say let them do the setting,
but the firewall should alert. Weight the dialog towards acceptace if
you like, but I agree; the OS should alert.

Look at the software and web industry's track record...
- competitive (sorry, "co-operative") multitasking in Win 3.yuk
- stealing revenue through redirection of ads, etc.
- non-use of Win95+ multi-app file association co-operation
- non-use of driver signing for XP
- non-use of PnP-initiated driver installs
- non-support for less than admin rights in XP
- pop-ups that appear as fake system dialogs
- pop-ups that run when you click Cancel or [x[] close
- trivial software automatically pulling down "updates"
- non-Internet apps calling home over the Internet
- leveraging the DRM opportunity to drop commercial malware

You can't trust these guys as far as you can throw them, and you
daren't even pick half of them up to throw them because they may well
infect you on contact. Letting them "police" themselves is a CWOT
unless your intention is to collude with them.

------------------ ----- ---- --- -- - - - -

The rights you save may be your own