Some security experts doubt that Skype is the best way to go for businesses. According to Gartner research director Lawrence Orans, Skype’s reliance on a proprietary signaling protocol makes it vulnerable, as standard firewall products cannot be used to secure it. The code, he said, has problems and Skype “has not shown enterprise-level capabilities in timely development and distribution of patches, workarounds and guidance.” A 2005 independent study by cryptographer and security expert Tom Berson would dispute Oran’s opinion: the analysis showed Skype’s protocol is difficult to crack.
Mark Osborne, chief information security officer at carrier Interoute, said Skype can be used to spread viruses and be exploited by keyword loggers in malware. Antivirus company F-Secure warned Skype users to be careful of chat messages telling them to click a link, which would cause downloading of the Warezov worm.
Vishing is another risk. The March 2007 Symantec Internet Security Report showed a survey of information stolen through identity theft, including Skype passwords available from “underground economy” servers. Passwords go for $12 each, while the price of stolen credit card details with card verification values ranges from $1 to $6. A full identity information including US bank account, credit card, date of birth and government issued identification number is sold for $14 to $18.