Skype has licensed application programming interfaces to just one security vendor, FaceTime Communications Incorporated, which specializes in instant messaging and peer-to-peer network security technology. The APIs allow FaceTime Internet Security Edition for Skype to control several aspects of Skype. It can control who is allowed to use Skype, whether those users are allow to use the VOIP, chat and instant messaging functions, and whether or not older versions of Skype with known vulnerabilities can be used.
Skype uses an encrypted protocol that's been updated at least 35 times since last year to avoid detection by security products, said Sarah Carter, who works in FaceTime's marketing department. That poses a risk for businesses, since Skype's chat and file-sharing feature could potentially be used to transfer confidential information. Security managers would not even know the application is on one of their user's machines. Skype is capable of using most ports on a machine and can also bypass firewalls and "tunnel" using HTTP. Those evasive techniques may inspire confidence among users concerned about privacy and eavesdropping, but don't translate well to businesses. Skype officials estimate about 33% of its 170 million users are business users.
FaceTime's product uses a Linux appliance, RTGuardian, to detect and block Skype sessions and block unsanctioned versions of the application. It also uses a server, the Greynet Enterprise Manager, which manages who uses specific functions. Pricing starts at US$7,000 for 50 users per year.
News source: PC World