Skype can't fix a nasty security bug without a massive code rewrite

[Delicieuxz]

5 hours ago, GoodBytes said:

I agree on the performance of the UWP app version of Windows 10. What a joke.. Funny thing is that when it was first released, it was nice, fast and responsive. It lacked many features, but you you had the core essentials up and running. It showed lots of potentials for the future. Then it felt like they outsourced the whole thing on the cheap, with people that never heard of the word "optimization", and got bloated mess.

 

However, for the minimize to tray, actually, when you close Skype UWP, it still runs on the background (assuming you didn't disable Skype from running on the background from the Windows Setting panels). You will still get messages (you'll get the notification pop-up).

I have the action centre disabled in Windows 10, so Skype is effectively useless, since there's no way to know when new messages have been received. In Windows 7, Skype minimizes to the system tray, and when new messages are received, a little orange cue is displayed on the icon. In Windows 10, there's no way to know whether, or when messages have been received, and so the program needs to be loaded periodically to check - and loading it takes way too long.

 

Exclusively conditioning Skype's notifications, or anything on the action centre in Windows 10 (which is optional, and annoying because of all the redundant and excessive notifications it spawns for meaningless things) was a terrible idea and design, since it breaks Skype when the action centre is turned off. The action centre is an example of a feature for the sake of making more features - AKA, bloatware. It's what happens when designers need their fingers to be doing something, but have no real direction or vision.

[Crunchy Dragon]

Something I would like to make sure of, is this bug exploitable remotely or does the exploiter have to physically be at my machine?

[captain_to_fire]

Hangouts > Skype

 

 

[Beskamir]

10 hours ago, SC2Mitch said:

Why are people still using Skype? It's fucking ancient 

Never underestimate the power of the tech illiterates

[Mooshi]

Lol who uses Skype?

[AlTech]

15 hours ago, WiViW said:

What's even more supprising is that windows 10 likes to push it's products to the machines. Bit worrying if I open Skype for that risk.

The windows 10 version of Skype isn't affected by this issue.

15 hours ago, CMYKninja said:

Skype can't fix a nasty security bug without a massive code rewrite

By the way, your title could be a lot more clear that this only applies to Skype Classic Edition and not Skype for Windows 10.

15 hours ago, CMYKninja said:

The bug grants a low-level user access to every corner of the operating system.

By Zack Whittaker for Zero Day | February 12, 2018 -- 21:28 GMT (13:28 PST) | Topic: Security

 

source: http://www.zdnet.com/article/skype-cannot-fix-security-bug-without-a-massive-code-rewrite/

 

 

I feel that there are so many ways into systems now, that you have to assume that you are on an insecure system, unless you know it's secure.
For personal it's one thing, but as someone who has sensitive embargoed designs comes across his desk, I get a little worried about the business disruptions, and industrial espionage opportunities.

Even more alarming is this it's too hard to fix, and we're all doomed to getting hacked anyway mentality this seems to be evlolving...

Even Linus says he uses Skype... 

 

This only affects people on Windows 7, Windows 8.1 and people on Windows 10 using traditional skype classic edition for whatever reason.

12 hours ago, Ryan_Vickers said:

 

Yeah they use it but Linus has been quite clear about how he uses it only because others do, and he'd much rather use something else.  I think it's still around for the same reasons as VGA, Windows XP, and other things like that.  People are used to it, it's everywhere, etc.

 

I mean they even did a comparison of some chat programs and concluded (to paraphrase) that Skype should not be used for any reason

It's basically the Internet Explorer of chat programs

What else is normie friendly that the average person can use other than FaceTime (limited to Apple device)?

 

WhatsApp? There's no audio or video calling features on the mediocre PC app (these features are only on phones).

Discord? It's distinctly for gamers and not most people. Besides, discord doesn't respect user privacy.

Signal? Same as whatsapp.

 

13 hours ago, Cheezdoodlez said:

Who uses Skype these days? Well. Tech companies and reviewers do. I've had contact with reps from various hardware tech companies and resellers over the years. Afaik LMG also uses Skype for stuff. Linus has complained about the separation issues with Skype and Skype for business on wan show atleast two times.

Yes. The problem is Skype for Business is nothing to do with Skype proper.

13 hours ago, Cheezdoodlez said:

But is it a platform for personal use anymore? Not so much. 

Actually yes. And until there is an equivalent to Skype which is normie friendly and that lots of people have or use, people will still use Skype or FaceTime.

13 hours ago, GoodBytes said:

Skype is still widely used. It is currently still the best platform for audio and video chat between countries, for most countries, where you have great audio and video quality if both sides have good/decent internet connection and of course webcam/mic.

Well, I'd argue it's mainly popular due to brand awareness and recognition.

 

That and the lack of any serious competitior in the non gaming space.

 

[Hiitchy]

4 hours ago, Mooshi said:

Lol who uses Skype?

I sadly have to use it when I'm at work because they bought Skype for Business and I'm expected to be on it every day for at least an hour. I hate it and would prefer if they invested in something like the Cisco Videoconferencing soft/hardware.

[GoodBytes]

10 hours ago, Delicieuxz said:

I have the action centre disabled in Windows 10, so Skype is effectively useless, since there's no way to know when new messages have been received. In Windows 7, Skype minimizes to the system tray, and when new messages are received, a little orange cue is displayed on the icon. In Windows 10, there's no way to know whether, or when messages have been received, and so the program needs to be loaded periodically to check - and loading it takes way too long.

 

Exclusively conditioning Skype's notifications, or anything on the action centre in Windows 10 (which is optional, and annoying because of all the redundant and excessive notifications it spawns for meaningless things) was a terrible idea and design, since it breaks Skype when the action centre is turned off. The action centre is an example of a feature for the sake of making more features - AKA, bloatware. It's what happens when designers need their fingers to be doing something, but have no real direction or vision.

I don't know why you get "an excessive amount of notification". But it is all controllable. You can mute notifications per app, you can set priorities, you can make app have no pop-up, but sound, etc.

[Doobeedoo]

Heh, it definitely needs some rework. I use Skype rarely for a while now though, I have the latest Skype for Desktop on W10 cause I don't use Store one.

Also, Skype for Business runs through Office 365 so it's not as affected?