Does Your Employer Ban Skype?

neutralino asks: "This morning, we received an company-wide email stating that the Max Planck Society (a German government funded research organization) has outlawed the use of P2P software at all of its institutes (including ours). The statement specifically singled out the use of Skype for internet telephony. The reasons given for this were that 'the exchanged data cannot be controlled' (therefore it might be illegal) and that 'Max-Planck or research resources in general might be abused, if "only" for commercial purposes.' This caught us by surprise, since many of us use VoIP to communicate with friends and family and collaborators, in our respective home countries. Is it now standard practice for companies, government organizations, and universities to outlaw Skype? Should it be?"

If Skype went evil

[Beryllium+Sphere(tm)]

then it would be the perfect spyware.

The perfect spyware would punch through firewalls. Skype does just that for its legitimate purposes.

The perfect spyware would encrypt its outgoing communication. Skype does also.

The perfect spyware would be a program with plausible-sounding reasons to connect to unknown computers without notice. Skype has to do just that to take advantage of its supernode system.

The perfect spyware would be hard to reverse engineer. Skype refuses to run under SoftICE (apparently to inhibit development of competing clients).

In our own real world, Skype's been minding its own business. Nobody's lost a machine due to having Skype on it (at least not since the callto: buffer overflow). Nobody's reported suspicious activity in filemon while Skype was running. By normal standards it's trustworthy. But to a business which lives by "you can EXpect what you INspect" Skype is a terrifying unknown.

Re:Of course they do ...

[cayenne8]

"Nobody is surfing aimlessly, nobody is emailing for non-company business, nobody is being interupted with non-company IM chat, and people get their work done. Remove the temptation and work gets done."

I guess it works for you. I personally couldn't work at a place that didn't treat me like a responsible adult. I do Oracle admin, and the good sign of a good DBA is when things are working, and you have some 'free time'. I often use this free time to not only surf for Oracle related topics, but, other general topics that interest me. Often, these topics are technical in nature, and have led to suggestions to try new things for our group or project...such as trying linux on our test computers. And this has been on DoD computers!! Someone that IS anal about security.

Also, if I can take some time during the day, when you have to get things done...pay a bill here or there, or contact people for personal reasons, it helps to allow the use of company/gov. computers to do this. I can do this there quickly, or I can take time off from work, leave, or stay home to do this, and that time away is time I'm missing to do work related things. I mean sure, if you're surfing porn and such at work, yeah, you should be canned. And if you're not responsible enough to not do something stupid like bring in a worm or virus (not a problem so far, as that I rarely use windows on my workstations, usually on my Linux boxes.

I guess my philosophy, is treat people like adults, if someone blows it, can them, but, don't penalize everyone just 'in case' someone might do something wrong or naughty.