Skype causing considerable network slowdown

I got back from work this evening and discovered that my home Internet connection was running very slowly. Considering it's a 10Mb connection I decided it was not due to millions of UK teenagers visiting their myspace.com accounts at the same time.

I noticed that there was a hell of a lot of activity through my NIC by glancing at the status panel.

Digging a little deeper; I fired up Microsoft Network Monitor 3.0. I was horrified to see an incredible amount of traffic to hundreds of machines all over the internet. At a glance it looked like p2p/bit torrent traffic. Obviously I don't run any p2p software due to network slowdowns and security concerns. Netstat.exe confirmed that there were about 800 socket connections all over the place and this immediately confirmed the slow down.

So what process what hosting all this activity, and why?

I fired up good old Sysinternals Process Explorer to identify the culprit. I hardly run any non-Microsoft signed images so it didn't take long to track down the offending process.

Skype.

I have no idea why Skype would hold all these connections open to people out there on the Internet but I was horrified. It's a massive security concern. There is every chance it's just me being stupid but until someone gives me a decent explanation I won't be using Skype again. It's shame because Live Messenger isn't working well for me either right now; for some reason I can't add new people (and some people can't see me, or vice versa). It appears to be an installation problem because on new machines (that I haven't used for MSN) - it works.

Damn!

Update 15^th Nov 18:00

I have just done a little due diligence/research on this one.

Turns out that Skype is written by the people out of Kazza and works on a peer to peer model. I was only using Skype for IM, not phone conversations or file transfers though. A little bit of Googling pulled up this article about why you may want to block Skype.

"The bandwidth used during file transfers or during internet telephony can be tremendous, depending on the amount of usage--and Skype can turn your network into a "Supernode" without your consent, using it as a relay station for calls that do not originate or terminate on your site. The impact on productivity is severe. The reason Skype calls work so well is that it uses "intelligent routing," which sounds like a good idea until you realize what that means: Skype routes calls over the most effective path possible, leveraging available bandwidth from users on the Skype network."

Emphasis mine.

All I can say is that I hate malware and Skype.exe is the dictionary definition.

Update #2 15^th Nov 23:00

"Security questions have some companies steering clear of the Internet phone service [...] On Nov. 10, Info-Tech Research Group in London, Ont., issued a report under the headline "Ban corporate Skype usage immediately" that cited a litany of potential security risks. "

Sean in the office pointed me to another article about this.

Skype Supernode problems

From the Skype Forums:

"[...] be a supernode. This requires that you have a fast internet connection (256kbit upstream or more), your firewall allows incoming TCP&UDP to the port you see (and could change) in Skype options, AND that you run Skype like that for days or weeks continuously without restarting. So if your firewall blocks incoming TCP or UDP part of the day, then your computer does not qualify. In any case, supernodes are elected on demand, and only those with fastest internet connections are elected -- so even if your computer does qualify, becoming a supernode is not guaranteed. A friend of mine tried a while ago, and didn't succeed This actually shows there is no shortage of supernodes in Skype. There is no option to voluntarily become a supernode, as it is best to leave the decision up to automatic network management algorithms.

"[...] be a relay node. Calls and Instant Messages are sometimes relayed over random Skype nodes (in encrypted form, of course, so relay nodes can not eavesdrop). Again you need a fast internet connection, and your firewall must not block incoming TCP&UDP. As opposed to supernodes, there is no special "relay node" status, it's just that your services will be used by those in need when necessary"

" When you installed Skype you agreed to let Skype use some spare processing power and network bandwidth (see EULA), although that does not mean that you cannot take actions on your own to discourage your own system from being promoted to Supernode status. It's just that you are not likely to get support from Skype on how to do this because doing so would be against the fundamental philosophy of how Skype was designed to work (from Skype's perspective this is kinda like shooting oneself in the foot)."

"Probably the easiest way to prevent a PC from ever becoming a Supernode is to place it behind a NAT router."

From http://www.skype.com/company/legal/eula/ :

Article 4 Utilization of Your computer

4.1 Utilization of Your computer. You hereby acknowledge that the Skype Software may utilize the processor and bandwidth of the computer (or other applicable device) You are utilizing, for the limited purpose of facilitating the communication between Skype Software users.

Dan in the office made these comments in an email:

"Thinking further this really does bring the whole of Skype's business model crashing down around it. You ask any user are they happy to be a relay, they're bound to say no. The only way Skype gets away with it is because so many people just dont realise (like Tim). It may well have been discussed in techie circles, but Im doubt most users would realise[...]."

I don't need to do any more research here. In my opinion Skype is at best malware (on a par with win32 iTunes!) and worst a security/bandwidth nightmare waiting to happen. I'm livid as I feel mislead by their marketing. I have already uninstalled it (along with the hole it poked in my Windows firewall) but actually feel like going out of my way to lobby for corporate policy on Skype usage where we conduct business.