Do Softphones Make My Network or Machine More Vulnerable?

Question: Do Softphones Make My Network or Machine More Vulnerable?

Answer:

If you are within a network, yes, softphones do make your network more vulnerable, when compared to using IP phones. The main explanation to this is that a softphone is before all a piece of software that works with some peripherals (headsets, earphones etc.), and like any other piece of software using a socket for Internet connection, it is exposed to some extent to the threats waiting behind the door. The extent to which you are vulnerable of course depends on how much your machine or network is protected.

The threats posed by softphones can be due to these:

• As mentioned above, they are programs, and they use a socket, which is an open door to an Internet or LAN connection. Hackers and viruses normally attack through these sockets.
• Softphones do not separate voice from data, like IP phones do. Since viruses, spyware and attacks are more data-centered than voice-centered, they tend to have easier entry through softphones than through hardware-based IP phones, which single voice data out.

An example: Skype

Skype is an example of a softphone with a couple of security breaches. Since it uses P2P (peer-to-peer) technology, it allows users to make direct connections with each other, which expands the exposure to threats. Also, Skype is said to be 'port agile', which means that it can improvise to look for a port (a number representing a socket, which is a door for connecting to the outside network) any time the firewall is blocked. As a result, this could bypass the firewall security and offer backdoor entry to trojans, worms, viruses, spyware etc.

But Skype is not the only example. Other softphones suffer from vulnerabilities as well, and I am sure that most of the others are worse than Skype in terms of security. The reason why Skype's security threats have been underlined is that it is so popular - it is a heavily-used target and at the same time, a priority to save. Besides, the patches for Skype's security holes are already out.

Now, Don't Just Dump Your Softphone!

All this should not mean that you should stop using softphones! Softphones are not any worse than any other interactive Internet application running on computers. The important thing to understand here is that using a softphone only constitutes a potentially greater security risk than using hardware-based devices like IP phones, especially over a network.

So, if you only have your PC to communicate and no network whose security you have to bother about, softphone security threats should not be a big issue. If you are using instant messengers, download managers, browsers, torrent downloaders etc. on your machine, then a softphone will in no way be a greater threat. Just make sure you have your complete and updated security arsenal: firewall, anti-virus and anti-spyware software.

Simple Rule

To conclude, one simple rule:

If you have a network for VoIP and if you have IP phones, then better minimize the use of softphones. If you only have a (well-protected) computer on which you run your softphone to communicate, then keep on enjoying it.