- Is there a danger opening WMV files in XP?
- Posted by Andy on May 11th, 2006
Is there a danger opening WMV files in XP?
I sem to recall something about being taken to dangerous web sites or
getting unwanted code on my system or something like that.
I am running XP Pro/SP2.
- Posted by Man-wai Chang on May 11th, 2006
Andy wrote:
Not if you got the latest updates...
--
.~. Might, Courage, Vision, SINCERITY. http://www.linux-sxs.org
/ v \ Simplicity is Beauty! May the Force and Farce be with you!
/( _ )\ (Ubuntu 5.10) Linux 2.6.16.16
^ ^ 20:07:01 up 4:34 1 user load average: 1.00 1.04 1.01
news://news.3home.net news://news.hkpcug.org news://news.newsgroup.com.hk
- Posted by Sebastian Gottschalk on May 11th, 2006
Andy wrote:
Yes, if the files are fucked up with DRM and you didn't properly remove
at least the DRM client components.
This will lead to two big problems:
1. A license aquistion dialogue will be opened, rendering HTML with the
IE engine. Hurray, free choice to use 50+ unpatched IE vulnerabilities.
2. A slient license aquistion might take place. This will install a
license for this file, including all relevant DRM mechanisms. One is
revokation. As an evil guy I would say "revoke after 1 second, delete
the license, the license's name is C:\mp3z\*.mp3".
There's also a possibility to include JavaScript code within a normal
WMV file, but actually running it is disabled by default.
See above, this is usually a correct assumption.
BTW, would you please set a fup2 next time?
- Posted by David H. Lipman on May 11th, 2006
From: "Andy" <nomail@nomail.com>
| Is there a danger opening WMV files in XP?
| I sem to recall something about being taken to dangerous web sites or
| getting unwanted code on my system or something like that.
| I am running XP Pro/SP2.
If the Media Player is properly patched -- No.
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
- Posted by Ludovic Joly on May 11th, 2006
There is no danger if you open the files with Notepad. This simple
security procedure will defeat exploits targeting media players, and
also protect your soul from explicit content.
- Posted by David H. Lipman on May 11th, 2006
From: "Ludovic Joly" <lgr_joly@yahoo.com>
|
| There is no danger if you open the files with Notepad. This simple
| security procedure will defeat exploits targeting media players, and
| also protect your soul from explicit content.
That's funny :-)
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
- Posted by Frank Slootweg on May 11th, 2006
Man-wai Chang <toylet.toylet@gmail.com> wrote:
Note "got", not "*think* you got"! Lately *Automatic* Updates (the
automatic/icon/popup version) has been notorious in being days and even
weeks late compared to *Windows* Update (the browser version) [1], so
check with *Windows* Update that you have all the latest stuff.
[1] The Microsoft servers give priority to Windows Update over Automatic
Updates. Often Automatic Updates can *say* that there are updates
available for your computer, but not actually (fully) *download*, let
alone *install*, them until days/weeks later. For the gory details, see
the logs (in my case, XP Pro SP2, "Windows Update.log" and
"WindowsUpdate.log" (in C:\WINDOWS), especially the latter),
specifically the "DnldMgr * Update is not allowed to download due to
regulation." messages.
- Posted by Unruh on May 11th, 2006
Leythos <void@nowhere.lan> writes:
YOu will be safer not opening them. So the question was as to the
comparative safety. There have been so many exploits, and the time between
the exploit being used and patched is some number of days ( lets say 10)
Thus, your safety if you patch is 10 days out of 365/Number of exploits per
year. Even with only one exploit a year, relying on patching gives you a
safety of only 3%-- ie you have a 3% chance of being hit if someone attacks
you once a year. If they attack you 30 times a year with the latest
exploit they have about 100% chance of getting in. Does that sound safe?o
Now if you never do anything that could trigger the exploit you will not be
broken into.
Ie, relying on patching to keep you safe is a rediculously insecure way of
behaving.
It is certainly necessary ( since y ou can raise those odds to 100% per
attempt if you never patch, and 3% is better than 100%) but should not even
be your 10th line of defence.
- Posted by David H. Lipman on May 11th, 2006
From: "Unruh" <unruh-spam@physics.ubc.ca>
|
| YOu will be safer not opening them. So the question was as to the
| comparative safety. There have been so many exploits, and the time between
| the exploit being used and patched is some number of days ( lets say 10)
| Thus, your safety if you patch is 10 days out of 365/Number of exploits per
| year. Even with only one exploit a year, relying on patching gives you a
| safety of only 3%-- ie you have a 3% chance of being hit if someone attacks
| you once a year. If they attack you 30 times a year with the latest
| exploit they have about 100% chance of getting in. Does that sound safe?o
| Now if you never do anything that could trigger the exploit you will not be
| broken into.
| Ie, relying on patching to keep you safe is a rediculously insecure way of
| behaving.
| It is certainly necessary ( since y ou can raise those odds to 100% per
| attempt if you never patch, and 3% is better than 100%) but should not even
| be your 10th line of defence.
|
Yeah but if you don't open the WMV, you don't see the video.
Live in fear, die in despair.
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
- Posted by edgewalker on May 11th, 2006
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message news:m2G8g.5007$OF6.1420@trnddc06...
Some media filetypes (with mediaplayer) allow the firing up of IE and the
included URL will be visited. If a "bad" site wants visitors, then populating
p2p with "bad" mediafiles is an option for them.
My advice is to put Windows Media Trojan in the trash bin - and I don't
care what version or how updated Microsoft says it is. Microsoft somehow
decided to include this stupid feature though it is configurable in new versions
I've heard.
- Posted by Andy on May 11th, 2006
On 11 May 2006, Sebastian Gottschalk<seppi@seppig.de> wrote:
Yes this is what I end to see. I execute a 1MB WMV file and the next
thing I know WMP has alunched as asks about being allowed to go off and
get some authorisation. Hmmm. I never let it.
If I run some other media player like Media Player Classic (by Gabest)
or Irfanview or Zoom then I just get an error message at this point
saying the player can't proceed.
I find FollowUp To never works well in the end.
- Posted by Zak on May 11th, 2006
On 11 May 2006, David H. Lipman<DLipman~nospam~@Verizon.Net> wrote:
The vid is probably no good anyway.
- Posted by David H. Lipman on May 11th, 2006
From: "Zak" <duff@nomail.invalid>
That's a broad statement. What WMV ? I have sen some great porno shorts in WMV format.
:-)
I also work for a NJ, USA, music promoter and have viewed some great WMVs dealing with short
music videos and promos.
WMV is not a file format to fear.
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
- Posted by David H. Lipman on May 11th, 2006
From: "edgewalker" <null@null.invalid>
..
|
| Some media filetypes (with mediaplayer) allow the firing up of IE and the
| included URL will be visited. If a "bad" site wants visitors, then populating
| p2p with "bad" mediafiles is an option for them.
|
| My advice is to put Windows Media Trojan in the trash bin - and I don't
| care what version or how updated Microsoft says it is. Microsoft somehow
| decided to include this stupid feature though it is configurable in new versions
| I've heard.
|
Notice I said "the Media Player" not specifically a Microsoft product/utility :-)
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
- Posted by Sebastian Gottschalk on May 12th, 2006
Andy wrote:
Minding you, any DRM software is something you clearly don't want on
your computer.
When removing at least the DRM client components, WMP tells the same.
- Posted by edgewalker on May 12th, 2006
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message news:3mO8g.41063$yU6.21790@trnddc05...
....and a good thing you did 
)
Anyway - if "the media player" happens to be a MS product, heed my warning
because even fully patched it is a trojan by most definitions ) Subjective as the
definition is, most people wouldn't want this feature if they knew about it.
- Posted by Sebastian Gottschalk on May 13th, 2006
edgewalker wrote:
In case of WMP: The MSDRM component is a trojan horse by definition, and
the implementation proofs it.
- Posted by edgewalker on May 13th, 2006
"Sebastian Gottschalk" <seppi@seppig.de> wrote in message news:4ckm6eF15enj3U1@news.dfncis.de...
DRM has unfortunately become a necessary evil. The problem I stated with
WMP is probably a deal Billy struck with the foistware crowd. Sorta makes
you rethink how all those IE exploits remain "unpatched". WMP makes a sys
call to the foistware handler i.e. IE. )
- Posted by Sebastian Gottschalk on May 13th, 2006
edgewalker wrote:
No, as it's not necessary at all.
This has been fixed in MSDRM v3 Build 3802 (KB891122) and has never been
any issue to systems where the DRM client component is removed.
- Posted by kurt wismer on May 14th, 2006
edgewalker wrote:
??? try again... digital rights malware is not a necessary evil... it's
a desperate power-grab by corrupt corporations...
--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"
