Microsoft buys Skype. What does that mean for security?

Filed Under: Featured, Microsoft, Privacy, Social networks, Vulnerability

Editor's note: Since this article was first published, it has been confirmed that Microsoft has agreed to buy Skype.

If you were paying attention to the rumour-mill last week, you may have heard the story that one of Facebook or Google might well be about to buy Skype.

Scrub that story.

Today's rumour is that Skype may be about to be acquired by Microsoft. The Wall Street Journal headlined the deal as "near", and quoted a price between seven and eight billion dollars.

The WSJ cautions, though, that the deal may end up with a value of $8.5 billion when Skype's long-term debt is taken into account. (When I was in primary school, I thought it was pretty nifty that a negative multiplied by a negative became positive. But nowhere near as nifty as an economist's trick of adding in a great raft of debt and describing it as increasing value.)

For those not familiar with Skype, it's an interesting sort of beast - loosely speaking, it's an internet telephone company without much of a telephone company. Much of its operation is peer-to-peer, so that much of its bandwidth and infrastructure - not unreasonably, you must agree, for its free services - is provided directly by the users of the service.

One uncertainty - indeed, to some, it's a controversy - about Skype's proprietary software is whether it includes any sort of "lawful interception" system.

Most countries require landline and mobile phone operators to provide a vehicle by which duly-authorised law enforcement agents can intercept calls on their networks. Indeed, phone carriers spend a lot of money maintaining lawful interception systems, something which is as useful to law enforcement as it is worrying to privacy.

But since most Skype calls are peer-to-peer, and encrypted end-to-end, Skype isn't a traditional phone carrier. Either it doesn't have a lawful interception capability - which could be considered unfair to mainstream phone companies, who have to provide one - or, one can argue, it must contain some sort of network-independent backdoor - which could be considered a serious security risk.

So, if the Microsoft deal goes ahead, what's likely to happen from a software and a security point of view? Here are my guesses:

* The Linux version of the Skype software will wither and die.

* The OS X version of the Skype software may wither and might die.

* Microsoft will add some sort of lawful interception system into the Skype software, assuming there isn't one already. But they'll be honest about doing so.

* You'll need to get a Windows LiveID to create a Skype account.

* Skype will come under greater scrutiny from cybercrooks keen to find saleable vulnerabilities.

* Skype for Windows will come under the Microsoft Active Protections Program, which will balance out or defeat problems caused by the previous issue.

Of course, so far this is just rumour and speculation. And Microsoft's official comment on rumour and speculation is that it doesn't comment on rumour and speculation.

, , , , , ,

You might like

14 Responses to Microsoft buys Skype. What does that mean for security?

  1. Shane Brady · 1608 days ago

    If this happens skype may not be so free anymore... but the security would be nice along with higher quality.

  2. deadbell1989 · 1608 days ago

    i want see apple users must pay to get skype coz mac application facility are to mac user only others cant use it so why should others let then mac users to enjoy other software eg - ms office

    • maxrosecollins · 1607 days ago

      That's ridiculous, what about all the games and apps that NEVER come to mac. We might have a few good applications that you can't have but you have a LOT more that we can't use.

      It's more unfair for an apple user that never gets some of the applications available to windows users. We are limited with the applications we have.

      Also, microsoft office for mac is not as feature loaded as the windows version. They leave features out on purpose.

  3. Ben Lambert · 1608 days ago

    I have to say, you sound a bit cynical about some of your points. Specificially, about the Linux/OSX versions. I'm not even sure what that has to do with security per say, especially since MS has been doing a much better job with releasing inter-platform software.

    I'm also not sure why cybercrooks would suddenly start targeting it. It's not like Skype is a new start up company, they're well known and widely used.

    My personal guess would be that the Skype services would be integrated into their IM client (which already does pc-pc voice/vid calls)

  4. As there is already and existing cross platform ability MS would be rather short sighted to limit there options especially as the dev cost involved in keeping that functionality and customer base now would be far less than re-developing later. Not to mention the loss of customers by pulling support for OSX and Linux.

    Although I'm not a MS fan Skype have been slacking for some time and this could be a good thing. I would much rather have MS own Skype than Facebook who have little regards for security. I would rather my voice data wasn't in the hands of FB. Personally I would like to have seen Google get it and run with it but Google have little experience in marketing such a program and could just as easily make a mess of things. is claiming that the purchase is now confirmed. Look on the brightside at lease Sony didn't buy all that information to lose.

    Integration into live could have various pros. At least its only a single log in for a whole variety of systems.

  5. Compudoc · 1608 days ago

    Apparently the deal has been CONFIRMED...

  6. Letu · 1607 days ago

    Skype did release a version of Skype software to Chinese users through to allow the Chinese government to intercept the calls and arrest anti-government activists. However, most Chinese who knew about this just ignore the version and get the official version from internet, although the official website is blocked by GFW in China to prevent ppls from getting the official version.

  7. Guest · 1607 days ago

    What a bunch of FUD. Skype is full of malware and junk anyway, what makes you think MSFT won't clean it up? And why won't it stay free? hotmail is free? Sorry guys, but this blog post is a bunch of biased junk that has nothing to do with security.

    • Paul Ducklin · 1607 days ago

      Hmmm. Some observations. As for "cleaning up" Skype, didn't I suggest that if the software comes under the ambit of MAPP, security would improve? And I didn't say anything about whether it would be "free" or not.

      (The issue of whether services like Hotmail, Gmail, Facebook, Twitter, etc., are "free" in any real sense is one for another time. But as for Skype becoming a "paid a fee to use" service - I didn't even allude to that.)

  8. Guest · 1607 days ago

    PS: MSFT still supports Messenger, terminal server, office, etc etc for mac os x. cmon guys. jeez.

    • Another guest · 1607 days ago

      Stop moaning. Windoze is pants even after having 30 years to get it right and microsoft is on the way out. Get over it.

  9. butibum · 1607 days ago

    While Skype might remain free, it will almost certainly end up a non starter for Linux users. And not, before the MS fanboys jump in yelling and screaming, because it is now owned by MS. We have had a "Beta" version of Skype on Linux for years, with very few improvements or updates - certainly in regard to the Windows version. I acknowledge that, until now at least, this was just a question of user base, but from this point on there will be a philosophical thing involved - why would MS want to promote the use of other OS.

  10. Jacques · 1607 days ago

    To be fair to MS, which I rarely am when it comes to MS, Skype haven't gone out of their way to support the linux client, which is dogs years in functionality behind the windoze client. Anyway, if they decide to bugger linux, no biggie, we'll just move on to the next big thing. Everything is fluid, nothing can stop the linux community, especially Micro$oft (or the new evil that is Apple, for that matter).

  11. Mark · 1607 days ago

    Guys, it's worse than you all think....

    Skype + Microsoft.NET = SkyNet!


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog