Skype - 3.0 beta Guide de l'utilisateur télécharger pdf (Page 17)

Skype Network Administrator’s Guide Skype 3.0 Beta 17

2006-10-31 Document version 2.0 Beta

While Skype’s file-transfer capability provides a convenient and secure channel for

sending and receiving digital files, along with this newfound capability, comes the risk of

inadvertently downloading a file that contains a virus, Trojan horse, or spyware.

So, in much the same way that enterprise users must be thoughtful about opening email

attachments or downloading files from the Internet, users must take special precautions

when accepting file transfers from other Skype users.

Anti-Virus Shields and Real-time Scanning

All major antivirus software vendors provide anti-virus “shield” capabilities which should

be configured to perform real-time scanning. As you recall, all Skype network traffic is

encrypted end to end. The Skype client decrypts incoming file transfers only when the user

accepts to receive them.

In real-time, as Skype decrypts each file, the anti-virus software on a Skype user’s

computer will scan it. Therefore, if people in your organization are using or intend to use

Skype, it is important to:

• Configure anti-virus software to scan all incoming files,

• Be vigilant about keeping anti-virus definitions up to date, or

• Turn off the file transfer capability as described later in this document.

Doing these things will prevent your Skype users from inadvertently saving an potentially

infected file to the file system (that is, as long as an anti-virus product is running, the virus

or Trojan horse is known).

Note: The current version of Skype does not yet support centralized anti-virus scanning.

When any software program wishes to read from or write to a file on disk, the application

wishing to access the file calls the open() primitive from the kernel to attempt the

appropriate access, as is shown in the left panel. When Skype, for instance, reads a file the

user wishes to transmit, or when Skype writes the file on the receiving end, the Skype

client requests to create, open, read from or write to the file as appropriate.

Antivirus tools make use of the fact that all file access is done through a small number of

kernel primitives by employing one of several techniques, depending on the type of

operating system in use, to “shim”, wrap or intercept all calls to all file access kernel

functions.

Therefore, if a user attempts to use Skype to send or receive a file, the antivirus program

will detect the attempt to read or write a file containing and deny the Skype client the

permission to continue writing.

As is shown in the right-hand panel of figure 6, the antivirus (AV) program inserts itself in

the file access chain, which gives it the opportunity to watch for file contents which match

known virus signatures.

1 2 ... 12 13 14 15 16 17 18 19 20 21 22 ... 36 37

Pas de commentaire

Skype - 3.0 beta Guide de l'utilisateur Page 17