Internet phone company Skype has apologised for its secretive handling of a security flaw, but faces continued criticism for evading a bug that creates 10,000 page faults per second.
Skype for Windows version 3.6, launched on 15 November, secretly fixed a critical security hole affecting previous versions, which could have allowed a specially built website to take control of Skype users' PC s by crashing the skype4com URI handler, which Skype uses to handle web addresses.
Meanwhile, the company ignored complaints to its user forums, that the same version, and version 3.5 before it, both produce a huge volume of page faults. At first the company claimed that the obvious bug was a design feature.
Failing to inform users of the security problem could result in users continuing with a security risk: "It is clear that Skype has once again closed critical holes furtively without informing users at all," said security website Heise Security.
Skype spokesman Villu Arak apologised for keeping quiet about the security risk, on a blog: "While this particular vulnerability was fixed, there was an unintentional communication oversight and we failed to bring the case to the public’s attention. All we can do now is to apologise."
The company is still not being entirely forthcoming about the page-fault problem, which was first notified on October 3. Skype personnel responded to repeated reports through October and November, saying the problem happened "by design", before apparently admitting at the end of November, that the problem due to diagnostic code that had been left in the final build of Skype 3.5 by mistake.
The problem is still there, according to Jamie Watson, a user instrumental in reporting the bug: "Every installation of the current version of Skype (3.6) produces somewhere between 700 and 10,000 page faults per second, constantly," he said, on a ZDNet story.
"If you have any houseplants, go sit in the corner and talk to them about your Skype problems for a while," he advised users elsewhere in the Skype blog. "It will be a lot better for your nerves, and it will produce exactly the same results that trying to communicate with Skype 'support' will produce."
These issues add to Skype's general woes. Its owner, eBay, has changed the management at Skype and announced financial charges, after the unit failed to perform, following eBay's $2.6 billion acquisition of the company in October 2005. In October, eBay took a $1.4 billion charge relating to the Skype acquisition, made up of a $500 million payment to Skype shareholders, and a $900 million "impairment charge"- effectively an admission that eBay paid too much for Skype. Or, as former Skype CEO Niklaus Zennstrom put it, eBay may have "overshot in terms of monetisation" for Skype.