Coffeehouse Thread

3 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

So I guess you really don't care, MS? (WMP exploit)

Back to Forum: Coffeehouse
  • User profile image
    infrared

    " Amid reports that malicious hackers are using the anti-piracy mechanism to infect computers with spyware, adware, dialers and computer viruses, Microsoft officials stressed that the latest attack scenario does not exploit a vulnerability in the software. "Not every problem comes with an automatic technology solution. In this case, the priority is to educate users and get them to understand the importance of not downloading files from untrusted sources," said Mike Coleman, lead product manager with Microsoft's Windows division. " http://www.eweek.com/article2/0,1759,1751248,00.asp WHy not just fix it?

  • User profile image
    jonathanh

    Interesting. I read that article, clicked through to the "exploit", and then through to this analysis from Ed Bott:

    • The PC World story contained several errors and some misleading statements.
    • I have not identified any circumstance in which this exploit can install software on a computer that has a properly patched version of Internet Explorer. The victim must specifically click a button to install the spyware.
    • The programs in question are digitally signed and are from known companies. The terms of service make it clear what you're getting. It takes one click and 10 seconds of reading to realize that the correct answer is no.
    • The installation mechanism uses social engineering tricks that could fool a naive user. These are the same tricks that are used on Web pages (especially p o r n sites) to install spyware.
    • You are most likely to acquire one of these "poisoned" WMA files from a peer-to-peer file-sharing network. The risk that you will get a file like this from a reputable music seller that uses digital rights management is as close to zero as it is possible to get.
    • If you use Windows XP with Service Pack 2 and Windows Media Player 10, you are completely protected.
    • If you have restricted ActiveX programs from being installed on your computer, you are completely protected. If you have assigned a program other than Windows Media Player to play back Windows Media content, you should be protected as well, although I didn't test this scenario.
    • Clearing the option to acquire software licenses automatically seems to have no effect on this exploit.

    (I had to add the spaces to p o r n to get past the Channel9 filters... :->)

  • User profile image
    jonathanh

    Official Microsoft response (from Scoble's linkblog):

    While this issue is not the result of any exploit of Windows Media DRM, we do recognize it may cause problems for some of our customers. To help mitigate these problems, Microsoft is committed to providing an update to Windows Media Player in the next 30 days that would allow the end user more control over when and how any pop ups display in the licensce acquisition process.

    Now, what was that you were saying about not caring?... Smiley

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.