Voice of VOIPSA

Last week, in a post entitled “Skype Reads Your BIOS and Motherboard Serial Number” a developer named myria outlined how Skype was calling a file called “1.com” to read your PC’s BIOS. Predictably, this set off a Slashdot firestorm when posted there as well as numerous other mentions throughout the blogosphere and wider web. Ultimately, Skype CSO Kurt Sauer posted an explanation that this was part of the DRM component of the EasyBits framework Skype uses in their Extras Plugin Manager.

If you look at what Skype is doing with their Extras Gallery, they are very clearly making the play to be an application delivery platform – for commercial apps as well as free apps. Leaving the DRM religious war aside, the reality is that the moment you start talking commercial apps typically most vendors also start talking about some form of DRM to ensure that people aren’t just copying the commercial apps and giving them to their friends. Skype’s answer is this “EasyBits framework” and it appears that this framework was reading the BIOS to obtain a unique identifier for the PC. You can read the slashdot trail or the responses to the initial post to see various views on the intelligence of doing this, but suffice it to say that Skype owned up to the fact that this was what was going on.

Kurt Sauer also provided the simple solution – upgrade to the latest Skype 3.0 version, 3.0.0.216, where they now use a version of this framework that no longer reads the BIOS. Kudos to Skype for the quick response and to everyone who is worried about it… you can upgrade now. (Or for those really worried about Skype, just continue to not use it.)

This entry was posted on Monday, February 12th, 2007 at 2:51 pm and is filed under Skype, VoIP Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.