Microsoft Windows, Skype Integration Poses Security Challenges

Microsoft's proposed Skype acquisition will require security vendors to pay close attention to how the software will be integrated with existing Windows products.

The extent to which Microsoft will integrate Skype into its existing products remains unclear and will give security vendors some headaches after the acquisition.

If Microsoft's $8.5 billion deal for Skype goes through, the VOIP (voice-over-IP) provider will become a business division within Microsoft headed by Skype CEO Tony Bates. Skype's services will be meshed with a variety of products in Microsoft's portfolio, including its Lync unified-communications platform, Outlook and Xbox Live.

The level of "meshing" is what security vendors should be alert for, Matt McKinley, U.S. director of product management for security vendor Stonesoft, told eWEEK. His gut feeling is that it will be a big part of the mobile platform, especially considering the general perception that Microsoft is falling behind in that space against Apple and the iPhone. Skype services will also be part of Windows Phone, Ballmer said at a May 10 press conference.

Regardless of whether Skype is integrated at the "lowest level" with Microsoft products, such as in the same way that Internet Explorer is part of the Windows operating system, Microsoft must make sure that Skype is protected, McKinley said. There's "not a lot of documentation" available that reliably states how well antivirus software protect Skype communications, and considering the increase in mobile security threats, this is a big area of concern, according to McKinley.

Skype will likely be a big part of Microsoft's mobile strategy down the road, especially in light of the recent deal with Nokia. Microsoft and security vendors need to address mobile security aggressively.

Skype will come under "greater scrutiny" from cyber-attackers after it becomes part of the Windows ecosystem, Paul Ducklin, head of security at Sophos, predicted on the Naked Security blog.

McKinley pointed out that Skype has had its own share of security problems in the past, with security holes in the software and the recent issue with the Android app not securing user data properly. Even so, McKinley agreed that the announcement "definitely raised the eyebrows of the hacking community." It may turn the hacking community to concentrate more on Skype, but it's hard to say how or with what, according to McKinley.