[muppetmaster]

Quote:

Originally Posted by Skype Admin Guide pg27

Provided you have installed an anti-virus product and keep the virus definitions updated, Skype introduces no more risk of allowing the spread of viruses than through e-mail or other file transfer services.

http://www.skype.com/security/guide-...ork-admins.pdf

This either shows willful oversimplification or a lack of knowledge on corporate security issues by Skype (the latter is actually more worrisome as this document is focused on enterprises). Indeed Skype bypasses all edge security in place in a corporate network as it is encrypted end to end.

For example, many organizations deploy anti-virus at the email gateway to catch any possible viruses before they enter into the organization. Most times the organization will use a different anti-virus on the gateway from that at the desktop (and sometimes even 2 to 3 different filters at the gateway) in order to maximize the possibility of catching a new virus before it harms the enterprise. This is because different anti-virus engines have different performances at different times (ie - one may update in 10 minutes to a new threat while another takes an hour).

So, indeed this is a mis-statement as Skype file transfers bypass any such protection and leave an organization at the mercy of a single desktop anti-virus scanning engine. Which presents an increased risk to the enterprise.

Any professional organization is uber-worried about viruses, as one virus slipping through may decimate an organizations IT infrastructure.

[mberlant]

I am sure that in their eyes they believe that they are guiltless simply because they have not included a Trojan Horse in Skype, as they did in Kazaa.

As you mention, too, multilayered defenses from different anti-virus vendors is wise because each anti-virus package approaches its task in a slightly different manner. This increases the chance of catching an unexpected virus at one of these barriers.