ChaserView™ vs Skype™, StreamBox™, LiveWire™, PolyCom™
What is ChaserView™?
ChaserView™ is a 2-way audio/video conferencing system for mobile, hand held video conferencing using wireless networks. Fluctuating and low bandwidth coupled with low computational power of hand held devices is a major recipe for substandard video conferencing. Unlike mainstream video conferencing systems such as Skype, Polycom and many more, ChaserView™ does not use the mainstream H.263 and H.264 codec which doesn't tolerate the fluctuations of wireless networks. These fluctuations render a frozen image or simply displays a frozen block of images. ChaserView™ was built with wireless networks and hand held devices in mind. Chaserview™ transports the data in a secure manner while maintaining a low latency experience with Inmarsat BGAN, CDMA, GPRS, GSM and HSPDA networks. The bandwidth manager built with the software allows the bandwidth to be micro managed unlike mainstream products such as Skype that require a minimum available bandwidth. ChaserView™ can operate from 4800 baud to 1.2 mb range allowing for audio, sculpture video, black and white or full color based on available bandwidth. The ChaserView™'s codec is truly the next generation of video compression. You can use a select group of Smart Phones or PDAs to conduct low latency, stable and secure video conferencing.
How does ChaserView™ works?
ChaserView™ has a very simple way of establishing connections to another copy of ChaserView™ while awaiting the call over direct connection from IP to IP or from DNS to DNS where appropriate . In general, the network consists of authentication of another copy of ChaserView™ waiting for IP connection. Any PC, PDA, Smart Phone or UMPC that is directly connected to the Internet can be used as a connection point by the direct connection method and can not be intercepted by a third party server. This method of connection - serverless method - allows ChaserView™ to keep the connection secure while being extremely and aggressively flexible with bandwidth consumption. This keeps computational costs extremely inexpensive, a trait which Skype was not designed to do.
Once a connection to another copy of ChaserView™ is established, it is possible to go beyond firewalls and conduct the connection with ease. This method works well with satellite BGAN or cell based networks. ChaserView™ also has a super sophisticated bandwidth probing unlike any other main stream video conferencing product.
Read the McAfee Secure computing content re Skype™ technology.
Start Secure Computing article
http://www.securecomputing.com/index.cfm?skey=1602
Using Webwasher to block Skype peer-to-peer IP-based telephony
What is Skype?
Skype is a proprietary, peer-to-peer telephony solution that was created by the founders of the popular file-sharing application, Kazaa. The IM and VoIP telephony solution is used quite frequently today as a modern and easy way of communicating, as it allows cost effective and high quality IP-based telephony and file sharing, with added services such as voicemail. With it, subscribers can call other Skype users for free, or call out of the Skype network for a small fee. The big difference between Skype and other VoIP providers however, is that Skype works on a peer-to-peer model.
Why Block Skype?
Skype has become very well-known as an easy and cheap way to communicate. But besides this function, its feature list includes services that are unwanted and potentially hazardous to corporate users: It allows file transfer and chat without the possibility of deeply controlling this traffic. Using these features, a company might become vulnerable, and confidential data may pass out of the network uncontrolled. If confidential information leaves your company, there could be serious public relations repercussions, not to mention real financial damage as well as compliance penalties.
There are several inherent risks posed by Skype that are not posed by other commercial VoIP solutions. Using Skype, anybody can receive data which would otherwise be blocked by your Webwasher® SCM solution from Secure Computing®. This opens the door for viruses and malware to enter deep into your network without being stopped at the perimeter.
Skype does not use standard VoIP protocols, which makes it easy for the software, along with any vulnerabilities or malware that may be attached to it, to pass through the corporate firewall. Other VoIP solutions that are used successfully and safely by corporations use open protocols such as SIP, IAX, or H.323. Because its protocol is proprietary, there is no way to verify Skype's own security claims. And because Skype calls are undetectable and do not leave an audit trail, there are significant compliance problems that several corporations may face if they allow its use.
The bandwidth used during file transfers or during internet telephony can be tremendous, depending on the amount of usage--and Skype can turn your network into a "Supernode" without your consent, using it as a relay station for calls that do not originate or terminate on your site. The impact on productivity is severe. The reason Skype calls work so well is that it uses "intelligent routing," which sounds like a good idea until you realize what that means: Skype routes calls over the most effective path possible, leveraging available bandwidth from users on the Skype network. Skype calls itself as a "true P2P system," which it describes as "one where all nodes in a network join together dynamically to participate in traffic routing-, processing- and bandwidth-intensive tasks that would otherwise be handled by central servers." This means that if one person in your company is using Skype, your bandwidth may get pressed into service by Skype to handle the tasks that another VoIP provider would be handling on its own servers. If your connection is used by Skype in this way, bandwidth consumption can notably affect your network's performance. Skype provides no option for disabling use of your resources in this way.
The time spent on Skype is a loss for your company, not just because of the lost productivity of a single individual user, but also because of the inherent security risks, and the bandwidth that is lost to your entire company.
How does Skype work?
Skype has a very aggressive way of establishing connections to its peer to peer network. In general, the network consists of so-called authentication servers and supernodes. Any PC that is directly connected to the Internet can be used as a supernode, which has the ability to route requests to the authentication servers or act as such in case the client is already known in the network. They do not only communicate with the central servers, but also exchange information with other supernodes. This kind of structured network allows Skype to keep their costs low, as the workload is transferred from their servers to thousands of clients which work as supernode.
Once a connection to a supernode has been established for authentication, all other connections are peer to peer or, in case of NAT and firewall, the Client uses the supernode as a communication relay.
Blocking Skype
The preferred connection method of Skype is UDP, and in case it fails, switches to TCP-based connections on ports which were previously used for Skype connections.
In case even those are not open, Skype will use 80 and 443 as fall back ports, which are open in general for web access.
Steps you should consider to enforce a "no Skype" policy:
- You will need a secure environment in which only the proxies/firewalls are allowed to establish connections to servers outside your company. As mentioned before, Skype will use various ports for connection, and if your firewall is opened too widely, Skype will be sure to find a way inside. So you need to be strict in setting up the firewall.
- As said, only some proxies, and maybe individual isolated servers should have access to the Internet. Make sure the firewall rules reflect this setup well.
- Using Webwasher, you can identify the Skype executables as unwanted by making use of the Generic Body Filter. Use the fingerprinting method to be sure that you block any Skype installer based on its unique binary pattern and not on a name, which can be changed easily.
- You will have to use Webwasher SSL Scanner, which will block the SSL portion of the traffic. Connections to outside port 80 over Webwasher will get blocked as the data which is being used is still SSL. Skype tries to tunnel its protocol via SSL through port 80 or 443.
- Port 80 is not seen as a common SSL Port in the default setup of Webwasher, and therefore CONNECT requests to this port are blocked on a network level already--which only leaves port 443 for Skype's connection attempts.
The SSL connections are not real SSL and Webwasher will not be able to fulfill an SSL handshake with the target servers or supernodes and therefore will stop the requests from being sent outside.
Secure Computing provides advanced Secure Web security appliance and URL filtering solutions in our Secure Web (Webwasher) and Secure Web SmartFilter products. Our Internet security solutions help protect enterprises and small businesses against Web 2.0 and Internet threats, which includes protection from malware, spam, viruses, spyware, phishing attacks, Trojans, worms, zombies, data leakage, and other Internet threats. Security features include content protection, proactive scanning, and assistance in ensuring policy enforcement, productivity, and regulatory compliance.
End Secure Computing article
See comparison charts of ChaserView™ software vs mainstream video conferencing products.
Disclaimer: ChaserView software family of products are designed to perform a specific task of conducting audio and video conferencing over had held devices using wireless networks.
| |
Software solution |
Bandwidth manager |
Direct/Secure Connect |
True Mobile device
support
|
Audio/Video
Chat, File exchange |
BGAN/CDMA/HSPDA/GPRS/GSM/Dialup support |
Price |
| Chaserview™ |
yes |
yes |
yes |
yes |
yes |
yes |
$Fraction cost of StreamBox, LiveWire.. |
| Skype™ |
yes |
no |
no |
no |
no |
broadband, limited cell network |
Free |
| StreamBox® |
no |
no |
yes |
no |
yes |
BGAN streaming class-broadband |
20-30K |
| LiveWire™ |
no |
no |
yes |
no |
yes |
BGAN streaming class-broadband |
15-20k |
| PolyCom™ |
yes |
no |
yes |
no |
yes |
BGAN streaming class-broadband |
$4000 - $20000 |
vPoint™ |
yes |
no |
- |
no |
yes |
BGAN streaming class-broadband |
- |
| |
|
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
Chart #1
| |
Dropped calls during transmission |
BGAN background IP use vs streaming class |
DNS support to track IP |
Automatic display of back and white or color video
based on bandwidth
|
Change video size bandwidth/resolution on the fly
|
low latency transmission over BGAN, WiFi, CDMA, GPRS, GSM, HSPDA |
Works with as little as 4800 baud to 1.2mb range |
| Chaserview™ |
no |
yes |
yes |
yes |
yes |
yes |
yes |
| Skype™ |
yes |
needs minimum 65k |
yes through Skype Server |
no |
no |
broadband, limited cell network |
no |
| StreamBox® |
no |
needs minimum 128k streaming |
no |
no |
yes |
BGAN streaming class-broadband |
no |
| LiveWire™ |
no |
needs minimum 128k streaming |
no |
no |
yes |
BGAN streaming class-broadband |
no |
| PolyCom™ |
yes |
needs minimum 128k streaming |
- |
no |
yes |
BGAN streaming class-broadband |
no |
vpoint™ |
yes |
no |
- |
no |
yes |
BGAN streaming class-broadband |
no |
| |
|
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
Chart #2
Skype™, StreamBox™, PolyCom™, LiveWire™, NPoint™, ChaserView™ are registered trademarks of their respective companies. The criteria described in above charts are not scientifically measured but are obtained based on available data on public web sites of respective companies. Any or all criteria is subject to change.
