Monday, June 26, 2006

Skype is not spyware, even if looks like it

A few days ago my wife complained that her windoze box is so slow, that she suspects that she has a virus. It also made strange, 'whooshing' noises. So I examined her internet traffic for suspicious connections with tcpdump. And bingo, there was a strange connection to some private comcast customer in Utah, using ports in the upper ten thousand range. So I blocked that host in the firewall. And immediately other connection attemps appeared, always to consumer DSL and cable networks. After some time I got the idea to block all new tcp connections to ports greater 10000, but then udp connections popped up. I blocked all of those, the desktop has no business using udp for other puposes than dns. Still, I tried to play catchup, but it always found another way, using https for example. In my imagination I fought a futile, desperate war against a giant bot net.

My wife tried a few anti virus programs, and indeed a few spyware programs were found, but the connection attempts did not stop. And then I had the brilliant idea to stop her skype program - a few weeks ago I suggested to her to use it so she can make free calls to Germany (it didn't work. When we tested it, she could hear me, but I heard only noise). Anyway, after stopping skype, the connection stopped as well. The behaviour is explained here and here.

And I nearly convinced her to use a decent Operating System, like Linux or MacOS...


Post a Comment

Links to this post:

Create a Link

<< Home

Site Meter