Re: Hangon - if you're a sysadmin who...
Plainly rubbish! If you are managing a controlled environment then you need to review and approve all the updates - event to your test clients. Fact is, this one was obviously installed without being approved.
What's the point of having tests and test clients if your testing is undocumented, unmanaged and uncontrolled?
What's the point of having test clients if you can't survive without them for couple of hours? They're not test clients if that is the case - just normal clients that you are picking on!
For each batch of updates, you should be raising documentation listing them, linking or detailing the update details, the OS components affected, the expected time of deployment, the tests required to pass in order to approve the updates, the testing window and the (tested!) rollback plan. You should be using software that supports you in this, and your test group should consist of a set of clients built to your current SOE but that you can afford to take offline without affecting day-to-day operations of the organisation.
Once the testing is complete, your SOE documentation should be updated to include the new updates, and your SOE then updated using your preferred methodology once the change has been approved by your CAB.
Even if you don't have all of these controls - and you should if you want to keep your PCI compliance status - I fail to understand why in this case the complainer couldn't just use his desktop management tools to effect a complete and immediate uninstall of Skype. It's not hard!