skype.bin appears to be accessing other files on disk

Area Europa,
you think it's unusual?

If yes so why do you thing that?

Hi :)

https://help.ubuntu.com/community/Antivirus

In the example you showed there were only 3 actual processes running; 5661, 5662 & of course the grep command itself 5689. I don't know enough about skype to know but the fact of it running some java stuff (".js") does worry me a little except that skype is bound to need some java and things. A lot of what is mentioned is the folders that your data gets stored in - dwhelper is where DownloaderHelper in firefox stores all the movies you download with it. It also seems to be accessing individual file such as the CV.

Hopefully someone who knows a lot about skype might be in here later
Good luck and regards from
Tom :)

Hi Vihar

Yes I do consider it unusual to say the least. Why ? well skype has no need to access those files to function.

If my interpretation of the ps -aux is correct, skype is accessing files on the hard disk that it has absolutely no need to access.

Call me suspicious, but the fact that skype is a communications program, and is reading personal files from my hard disk, only leads me to deduce that it is sending those files somewhere to someone.

Until I receive a convincing explanation of what is happening, I have uninstalled the package.

Let me ask you a question, Vihar, do you consider it NORMAL that a comms program is accessing your personal files without asking you first ?

Tom

All those files are files in my home directory, and have nothing to do skype.

That's what makes me worried.

Thanks for your answer.

If you or anyone else out there using skype on linux, could run skype and then in a terminal type
ps -aux | grep skype

and take a look if the same is occuring

Cheers

Hi :)

Is there a configurations file for skype? Something like /home/user/.skype? Did you already delete that or do a complete removal of skype when you un-installed it? Since you have un-installed skype i would at the very least rename such folders that look as though they belong to skype.

If you try looking using the normal file-browser then (obviously) make sure you are set to View hidden folders.

Good luck and regards from
Tom :)

Not that I have an answer, but what filesystem are you using? EXT? FAT?

The output of:

$ df -T

Should tell us, if you're not certain.

Interesting issue BTW. Hopefully it can be defined or explained.

Additionally have you considered putting in a support ticket?

https://support.skype.com/

Also keep in mind that the Skype-MID package is NOT officially supported by Skype. NickF seems to be the maintainer, and it may be worthwhile linking him to this topic. I could not find him myself in launchpad but he's got to be around :)

http://forum.skype.com/index.php?showtopic=265441

Good luck!

Jeruvy

filesystem is ext3

Before making too much fuss, I wanted to find out if this is normal behaviour (don't think so), maybe I have (or had) a rouge package, or something similar

From aptitude, it appears that the maintainer is Brian Thomason, but that could be out of date.

Lol, i can't believe i didn't think about this before but Skype is propitiatory so how about looking for an OpenSource alternative
http://www.libervis.com/wiki/index.php?title=Table_of_Equivalent_Software#Live_communication_.28IM.2FIRC.2FVOIP.29
in this case it's quite a way down this table
VOIP = Voice Over Internet Protocol
i think. So how about trying Ekiga which is already in the basic install of Ubuntu

Applications - Internet - Ekiga

The gui interface often tends to look a little old and off-putting but under-the-bonnet these things tend to be much better anyway, once you have managed to get them setup and given yourself time to get used to them. Worth a try?

Good luck and regards from
Tom :)

Tom

I agree that skype is not open source. Doesn't even use standards compliant protocols such as SIP, as does Ekiga and a whole host of others.

So why, you may ask, do I want Skype in the first place.

Its basically because its easy for non technical users (ie most of my windows suffering family) to set up and use SIP clients.

SIP requires all sorts of juggling tricks to work over the Internet where users are firewalled / natted. Skype doesn't.
I think thats probably why its in the repository in the first place.

Appreciate your comments and help

Cheers

Hmmm, but it shouldn't matter to them what you are using. As long as your end is setup right and using the same protocol that they are using then they shouldn't be able to tell that you are not using skype too? Otherwise Ekiga is pretty useless?

Sorry, i feel like you are helping me now because clearly you know much more about this than me but i am curious about how these things work but not enough to read up on them. I just wondered? Maybe asking a question about how to setup Ekiga to talk to skype users would be a good 2nd question. Mostly people ask a whole load of different questions in different threads all at the same time and then vanish, or join in with helping :)

Regards from
Tom :)

Hi Tom

Problem is that Skype is not just closed source but also uses
proprietary protocols for its communications.
So there is no way you can get an Open Source, IEEE protocol based SIP
client such as Ekiga, Lin Phone, or whatever, talk to Skype users
without using a gateway to do the protocol conversions.

What I was really getting at in my initial question, is that it looked
horribly like the Skype package I had installed was doing naughty stuff:
ie, sending files from my hard disk to somewhere on the internet without
my prior consent.

And that my friend is a REAL security problem.

Thanks for all your help and suggestions

John

El 09/08/2009 01:59 AM, Tom escribió:
> Your question #82134 on skype-mid in ubuntu changed:
> https://answers.launchpad.net/ubuntu/+source/skype-mid/+question/82134
>
> Status: Open => Answered
>
> Tom proposed the following answer:
> Hmmm, but it shouldn't matter to them what you are using. As long as
> your end is setup right and using the same protocol that they are using
> then they shouldn't be able to tell that you are not using skype too?
> Otherwise Ekiga is pretty useless?
>
> Sorry, i feel like you are helping me now because clearly you know much
> more about this than me but i am curious about how these things work but
> not enough to read up on them. I just wondered? Maybe asking a
> question about how to setup Ekiga to talk to skype users would be a good
> 2nd question. Mostly people ask a whole load of different questions in
> different threads all at the same time and then vanish, or join in with
> helping :)
>
> Regards from
> Tom :)
>
>

Area Europa said 19 hours ago:
"Tom

All those files are files in my home directory, and have nothing to do skype."

No, you are wrong, I think.

I use Skype too. There are directories of ALL user-installed programs in my Home directory to store my own preferences.
For example I have in my Home directory .Skype directory. The dot before that name means the directory is HIDDEN. To see it in your Home just press Ctrl+h. You will see a plenty of hidden directories that are pointing to personal configuration of them.

Area,
I read carefully your "ps aux |grep skype" output and didn't see suspicious things from this point if view.
Ask further please if you are insure.

Don't worry for now.

And I see your name on Ubuntu is "andrea". Thats a beautiful and interesting name.

You sent a PDF file of your CV via Skype on "john's" computer?

Lol, i think John is talking to us from his wife's machine but that's really not really relevant to answering the question. I think i would be worried too unless i found those files inside the .skype folder - in which case i would just delete them from there. I'm sure that folder was looked in already. Presumably skype has a preferences or config file that might contain a list of easy access links to certain folders to help acces those chosen locations during a skyp chat. Since skype is closed source it might be tricky to find those files. I was wondering if we might get more feedback from more skype users in here.

Apols and regards from
Tom :)

Hey Tom , Vihar

Andrea is a nice name, but I'm called John :P

Furthermore, andrea's CV is not in the .Skype folder:

$ locate andrea
/home/john/andrea.png
/home/john/andrea_CV.pdf

I have never sent a file via skype on this PC, and what is more I had
only just started skype when I did the
ps -aux |grep skype

so there were no calls / chats / whatever in process

Cheers

El 09/08/2009 06:20 PM, Tom escribió:
> Your question #82134 on skype-mid in ubuntu changed:
> https://answers.launchpad.net/ubuntu/+source/skype-mid/+question/82134
>
> Tom proposed the following answer:
> Lol, i think John is talking to us from his wife's machine but that's
> really not really relevant to answering the question. I think i would
> be worried too unless i found those files inside the .skype folder - in
> which case i would just delete them from there. I'm sure that folder
> was looked in already. Presumably skype has a preferences or config
> file that might contain a list of easy access links to certain folders
> to help acces those chosen locations during a skyp chat. Since skype is
> closed source it might be tricky to find those files. I was wondering
> if we might get more feedback from more skype users in here.
>
> Apols and regards from
> Tom :)
>
>

Brian

Thanks for your input and fix.

For those following this thread, I confirm that editing /usr/bin/skype script as Brian suggests does the trick.

change the line

LD_LIBRARY_PATH=/usr/lib/skype-mid:D_LIBRARY_PATH /usr/lib/skype-mid/skype.bin *

to

LD_LIBRARY_PATH=/usr/lib/skype-mid:D_LIBRARY_PATH /usr/lib/skype-mid/skype.bin
(no asterisk at the end)

Then run skype now gives this :

ps aux |grep skype
john 14996 0.0 0.0 1872 504 pts/10 S+ 19:18 0:00 /bin/sh /usr/bin/skype
john 14997 56.0 1.1 68596 35428 pts/10 Sl+ 19:18 0:01 /usr/lib/skype-mid/skype.bin
john 15007 0.0 0.0 3336 792 pts/9 R+ 19:18 0:00 grep skype

Brian, any idea what skype was actually doing with those files (if anything)

Thanks to all for their help and input.

Cheers, John

PD: Vihar, Sorry I'm not called andrea, LOL

Brilliant, thanks for that :)
Glad the answer turned out to be easy after all that :)
Regards from
Tom :)

Ah, it's a script. Had I downloaded it I may have seen that. Good find and now I know :)

Cheers.

Brian and I work for Canonical with our ISV partners like Skype and we'll share this information with them to try and improve things for the future.

As has been pointed out, we don't think there's any malicious intent, but we'll see if we can get it fixed to avoid future confusion.

Thanks for bringing this to our attention.

Randy

Tom and john/andrea:

I was buzzing that nick in order to say: people, look what you are posting here and anywhere.
If I was a crasher I'd know at least one nick of the computer of john/andrea.

Just replace your usernames on your Linux output HERE (and else where) with an asterix. That is one gate for crashers to enter your computer. And as so far we are thinking Unix/Linux are almost the safer operating systems - so don't show anywhere your user name.

As for me when I'm pasting here or else an output of an application running on my computer I replace there my username with an *.

Hi :)

Username is a good start for someone trying to crack your machine but then they need password and stuff. Cracking a linux box is a lot more hard-work than a Windows one because linux keeps all unnecessary ports closed by default.

The main ways to keep your linux machine secure is not to allow remote logins and to restrict VPN (Virtual Private Network) to non-administrator user-accounts. VPN is off by default anyway and the remote login is also disable by default. Hopefully during the process of setting up a VPN to allow people to remotely connect to and use your desktop across the internet there would be some help on setting up a special restricted user account, like the default Guest account. Note the Guest account is disabled by default but it's very easy to set one up n a hurry.

With a linux machine i tend to feel that there are much more easily cracked machines with far more valuable data on than my single little machine here. Consider banks security lol.

Good points Vihar and worth all of us considering in the future but don't worry about what has been done already.
Regards from
Tom :)

Hi :)

Have you been able to try the new Ubuntu 10.04 before it gets officially released?
http://www.ubuntulinux.org/testing/lucid/beta2
Trying it as a LiveCd or as an extra dual/multi-boot would be ideal. Developers and everyone are keen to try to iron out any problems before 10.04 gets officially released so you might find faster & more effective answers to your bug reports which would make 10.04 work better on your system for you

Thanks and regards from
Tom :)