Sunday, May 08, 2005

Skype

I last tried Skype about a year ago, but kicked it off my home system after I started getting random calls from strangers. Bogus and/or commercial calls on my landline are bad enough. More of the same via the internet was one step to far. And my Skype contact list at that time was pretty small anyway.

Lately I have been using MSN Messenger for voice and a bit of video conferencing. However, to get this to work I have to reconfigure the NAT services on my ADSL router to a much less secure configuration (unfortunate lack uPnP implementation on the ADSL router). Messenger traffic is not secured either, so it was time to reconsider alternatives.

So I am back with Skype. Only just. As soon as I installed it on my new AMD Athlon 64 box, it reliably crashed immediately on startup with some sort of memory access violation reported in the Windows event log. As pointed out by this article, the reason turned out to be an aggressive data execution prevention (DEP) configuration. Turning DEP off for Skype solved the problem. Tomorrow I'll find out whether it really works across my symmetric NAT configuration.

Update [17/05/2005]: Unlike MSN Messenger Skype seems pretty happy with my NAT configuration. After some initial problems with my contact list it now works reliably and is likely to stay as my voice client.

5 Comments:

Bob Gladon said...

Gerke,

If you like to have a more secure MSN Messenger connection you should look at the SIMP software of a company names Secway.

You can find it here:
http://www.secway.fr/products/simplite_msn/home.php?PARAM=us,ie

Grtz,
Bob Gladon

Wed May 25, 01:53:00 AM  
Anonymous said...

Just curious. How do you know Skype isn't doing something it shouldn't? I mean who do you trust? Personally, I can live without free software that tries to access memory it shouldn't. The attitude I see everywhere regarding skype "Oh, just disable DEP for Skype so Skype will work" with no other explanation subverts the whole purpose of DEP. I like DEP. I trust that DEP accurately detects illegal memory accesses. Until someone provides a convincing and verifiable explanation of why Skype triggers a DEP block, I'll live without Skype.

Sun Jan 15, 04:07:00 PM  
Gerke Geurts said...

Anonymous, the question you raise is a valid one. The fact that Skype needs DEP disabled is not laudable, and something that would deserve correction. However, for me it is not sufficient to put me off using Skype and finding an alternative.

DEP primarily prevents the injection of unhealthy code by 3rd parties. Regardless of the DEP setting, you have to trust Skype to run their software. Therefore Skype without DEP is indeed more vulnerable if security holes are discovered and used.

However, Skype allows me to communicate with others without having to fiddle with my firewall and NAT settings. A product like MSN Messenger is an absolute nightmare to get voice and video to work in this scenario. When using MSN Messenger I finally had to open up my firewall in the end. That is a far greater security risk than disabling DEP for Skype alone.

For me going without an internet-based voice solution would either be a lot more expensive (I am part of an international virtual team) or a lot less productive. Meanwhile I mitigate security risks on my pc as much as possible by working as a standard user on my Windows systems.

Sun Jan 15, 07:48:00 PM  
Djerk Geurts said...

DEP breaks my system point, in fact I wasn't able to run any software without it moaning at me and disallowing stuff.

Maybe it's just that most Windows software is badly written maybe it's DEP being too picky. Disabling DEP per application didn't work either so the nly option for me was to disable DEP right after I got my system and was installing software...

my .02$

Wed Jan 18, 06:07:00 AM  
Gerke Geurts said...

Other than Skype I have not had problems with applications violating DEP. I believe that 64-bit Windows will enforce DEP much more rigorously, especially on device drivers, so application vendors had better clean up their act!

Wed Jan 18, 11:52:00 AM  

Post a Comment

Links to this post:

Create a Link

<< Home