Please consider adding an option for the user to disable step three, where the whitelist is checked, thus forcing step four to occur. This way, the user will always be manually prompted to allow or dis-allow an application.

The whitelist idea is good, and will help for your "average" user. But for power users, it may lead to problems. For example, take a Skype Certified application that is whitelisted and thus automatically given access to Skype. It starts up, and changes settings that break the current user's setup. (E.g., in my case, I have to blacklist Logitech's "Communication_Helper" because it keeps trying to switch Skype to the QuickCam microphone, while I have other headsets on my machine that I prefer to use.) While you still give people the option to blacklist a whitelisted application, the whitelisted application still has the opportunity to run at least once and break a user's environment when it first launches, _before_ the user has the ability to go in and blacklist said application.

Again, for "average" users, whitelists will be helpful. But for more advanced users, please give us the option to always explicitly decide if we want to allow a whitelisted application.

Also, as a related side note: will the API authorization dialogs be updated to indicate if an application is on the whitelist or not?

Another option to consider is making the API authorization more granular. Right now, it is an all-or-nothing deal.

Will it cost developers to have their application be on the whitelist, or is it only open to Skype partners?

Will the white/blacklist only apply to the "NAME [[ProgramName]]" that's sent over the API, or will it be in a similar way to how program's are checked at the moment, eg by .exe name? Will that mean that applications that are updated need to be updated on the whitelist/blacklist?

If an evil program only needs to modify itself a little to look like a seperate program to Skype every time it runs, won't it defeat the purpose of a blacklist?

The whole concept of asking the user to authorise local programs stinks of Windows "security". http://www.youtube.com/watch?v=VuqZ8AqmLPY If a malicious program wants to get around it, all it has to do is pretend to be a program that's on the whitelist. On unix systems, a program is assumed to be trusted if it is running as the current user on the local system. Please add an "allow all", or "allow by wildcard" option in future versions, so we can disable this feature.

Will it cost developers to have their application be on the whitelist, or is it only open to Skype partners?

All developers will be able to apply for getting their apps whitelisted. We may decide to whitelist only Skype Certified apps, or request a separate testing fee from the developers who want their applications to be whitelisted.

Will the white/blacklist only apply to the "NAME [[ProgramName]]" that's sent over the API, or will it be in a similar way to how program's are checked at the moment, eg by .exe name? Will that mean that applications that are updated need to be updated on the whitelist/blacklist?

The white/blacklist will work based on the SHA256 hashes of the executables attempting to connect to the Skype Client API. If the executable is modified in any way, then its hash would no longer be found in the central lists, and the application's access attempt would end up in missed events list.

If an evil program only needs to modify itself a little to look like a seperate program to Skype every time it runs, won't it defeat the purpose of a blacklist?

Not really. First of all, "good" developers can also request old versions of their applications to be blacklisted, e.g. in case they have identified a vulnerability in their application, and want to force their users to upgrade to an improved version. Second, a lot of malicious software is not polymorphic. Third, if the users are required to go through a series of actions more complex than just hitting "ok" in a dialog that pops up, then they are more likely to think before acting, so the spreading of such bad applications will be a lot harder than before.

If a malicious program wants to get around it, all it has to do is pretend to be a program that's on the whitelist.

This would only be possible if the malicious program manages to modify the whitelisted program at run time. Modification of the whitelisted program's executable before it is launched results in the hash no longer matching that in our centrally managed whitelist.

Please also see a related case in our public issue tracker, Jira: SDS-250.

As I understand from the posts above, Skype may decide to whitelist only Skype Certified apps, or request a separate testing fee from the developers who want their applications to be whitelisted. I would like to know the process of getting the application whitelisted by paying a seperate testing fee (if this process is already defined).
Thanks,
Prashant

@prasshantg: Don't worry, as soon as we have more information to share, we will share it via this blog here.

Hi, You said that "Skype Certified software and drivers for Skype Certified hardware will “just work” without the API access dialog ever popping up.", I want to know when this feature be available?Thanks.

It's available in Skype 3.6.0.248 that was released on Feb 5. Read the release notes and an article in our January newsletter.