|Practical Computer Advice |
from Martin Kadansky
|Volume 5 Issue 2||February 2011|
| || |
|Skype is a great system for talking to other people over the internet, but it's got a security flaw. Here's my advice on how to fix it.|
|My computer could get infected through Skype?|
Three different clients called me in a panic this past month. Each described a message that popped up on their screens saying "your computer is infected, click on this web site to remove it." At first I thought it was "rogue security software" that had already infected their computers (see "My computer is infected? Or is this a scam?" http://kadansky.com/files/newsletters/2010/2010_11_30.html
), but when I took a closer look, they all turned out to be something else--instant messages that came in through Skype from complete strangers that were trying to trick them into downloading an infection. What is Skype?
Skype is an amazing online service. Pronounced as a single syllable and rhyming with "hype," it gives you free software (which runs on Windows, Macintosh, Linux, and other platforms) that you can use to:
- Make free voice-only calls to other Skype users anywhere in the world over the internet.
- Make free voice calls with video to other Skype users (assuming your computer has a webcam).
- Type free instant messages (text) back and forth with other Skype users (Skype calls this "chatting").
And the advanced features of Skype let you do even more--group video conferencing, screen sharing, calls to regular phones, etc. The security problem
When you install the Skype software, by default it permits anyone who has your "Skype Name" (your username on the Skype system) to contact you through your computer. Unfortunately, thieves are exploiting this "open door" in the following way:
- You've signed up with the Skype service, installed the software on your computer, and you've opened the Skype program, ready to talk with your friends and colleagues.
- A thief finds your Skype Name in the worldwide Skype Directory (or the thief guesses Skype Names at random and happens to come up with yours among others) and sends you a scary Chat (text) message claiming that your computer is already infected with viruses or malware, and that you must go to their web site to download the solution.
- If you let yourself get tricked into going to the thief's web site, you'll probably see a fake "scan" of your computer that (within seconds) finds a number of fake "infections" supposedly on your computer, and it may then manipulate you into downloading their "solution" software that is, in fact, a real infection.
In other words, having Skype running on your computer creates the possibility
of malicious strangers making scary messages pop up on your screen that may in turn trick you into downloading their malware and possibly infecting your computer. The solution
To defeat this mechanism, all you have to do is strengthen your Skype Privacy settings:
- In Skype on Windows, go to Tools->Options; on Macintosh, go to Skype->Preferences
- Click "Privacy"
- You'll probably see settings for "chats," "IMs," "calls," "video," "screen sharing," etc. Change all items FROM allowing "anyone" to contact you TO "only people in my Contact list."
- On Windows, click "Save" at the bottom; on Macintosh, simply close the window
That should "close the door" to any stranger trying to contact you using Skype, especially through its instant messaging feature. Additional ways to protect yourself
Macintoshes are immune, right?
- Beware of "Contact Requests" through Skype from people you don't know. Once you accept such a request, that person gets added to your Contact list, which enables them to see when you're signed into Skype and send you instant messages regardless of your Privacy settings. It also lets them try to "send a file" to you, which is another way to trick you into infecting your computer.
- Review your Skype Contact list and remove anyone you don't recognize, as well as anyone you are no longer in touch with.
- Since you can't remove your Skype Name from the worldwide Skype Directory, I recommend removing any significant personal information from the public portion of your Skype "profile," which is visible in the Directory and therefore to anyone on the internet. Look for "My profile" or "Edit Your Profile" in Skype's menus.
As of this writing, I have seen this mechanism occur on a number of clients' computers, some of which were Macintoshes. As it happens, the software those particular malicious web sites tried to download was designed to infect Windows computers, so those infection attempts were alarming but unsuccessful, but Macintosh users should still follow the advice I've outlined above. Blocking potential thieves is always a good idea, and it's possible, even likely, that a future thief may develop an infection for Macintosh. An infection targeting Windows machines can also infect a Windows emulator running on a Mac, such as Virtual Windows or Parallels. Where to go from here
- All of my advice above also applies to any "instant messaging" or "chat" system you may be using, including Yahoo Messenger, Facebook Chat, iChat, AIM (AOL Instant Messenger), Windows Live Messenger (formerly MSN Messenger), Google Chat, ICQ, etc.
- Be skeptical of any messages that pop up on your screen and claim that your computer is infected. Know the name of your antivirus and firewall software so you can spot fake messages you may get through other programs (e.g., email, web sites, Skype, and others).
- See http://en.wikipedia.org/wiki/Skype for more on Skype, including its history.
- See my related newsletter: "My computer is infected? Or is this a scam?" http://kadansky.com/files/newsletters/2010/2010_11_30.html
- See http://en.wikipedia.org/wiki/Instant_messaging for more on the general topic of instant messaging.
If you're confused or frustrated by something on your computer, I like to say, "You can do it!" You might just need a little encouragement, or information, or change of perspective, and that's where I come in.
How to contact me:
phone: (617) 484-6657
On a regular basis I write about real issues faced by typical computer users. To subscribe to this newsletter, please send an email to email@example.com
and I'll add you to the list, or visit http://www.kadansky.com/newsletter
Did you miss a previous issue? You can find it in my newsletter archive: http://www.kadansky.com/newsletter
Your privacy is important to me. I do not share my newsletter mailing list with anyone else, nor do I rent it out.
Copyright (C) 2011 Kadansky Consulting, Inc. All rights reserved.
I love helping people learn how to use their computers better! Like a "computer driving instructor," I work 1-on-1 with small business owners and individuals to help them find a more productive and successful relationship with their computers and other high-tech gadgets.
Subscribe to this free newsletter
Go to the Newsletter Archive