 |
 |
| ActiveWin | Anonymous | Create a User | Reviews | News | Forums | Advertise | VBA in Excel | Users Online: 0 |
|
|
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
Active Network |
|
ActiveMac |
|
ActiveWin |
|
ActiveXbox |
|
DirectX |
|
Downloads |
|
FAQs |
|
Interviews |
|
MS Games & Hardware |
|
Reviews |
|
Rocky Bytes |
|
Support Center |
|
TopTechTips |
|
Windows 2000 |
|
Windows Me |
|
Windows Server 2003 |
|
Windows Vista |
|
Windows XP |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
Apple/Mac |
|
Xbox/Xbox 360 |
|
News Search |
|
XML/RSS Newsfeeds |
|
Pocket PC Site |
|
|
|
|
|
|
|
FAQ's |
|
Windows Vista |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows Server 2003 |
|
Windows XP |
|
Windows 7 |
|
Windows 8 |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox 360 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
Latest Reviews |
|
Xbox/Games |
|
Fable 2 |
|
|
|
Applications |
|
Windows Server 2008 R2 |
|
Windows 7 |
|
Adobe CS5 Master Collection |
|
|
|
Hardware |
|
Microsoft Express Mouse |
|
|
|
|
|
|
|
Latest Interviews |
|
Mike Swanson |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Advertise |
|
Affiliates |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
 |
Microsoft: DRM Trojan hole is not a vulnerability | |
|
||
| Time: 08:48 EST/13:48 GMT | News Source: ZDNet UK | Posted By: Brian Kvalheim | ||
Microsoft has responded to security warnings about its Media Player by saying that Windows XP SP2 will protect its customers from malware. Microsoft has denied that an anti-piracy "feature" in its Windows Media Player that allows a Trojan horse to run on a user's PC is a vulnerability. Panda Software warned earlier this week that hackers are using the player's DRM tool to fool people into downloading spyware and viruses. |
||
|
Read Only Comments Return to News |
Displaying Comments 1 through 6 of 6 |
This is an archived static copy of ActiveWin.com. |
| #1 By 2332 (66.228.91.60) at Friday, January 14, 2005 11:51:43 AM |
|
It's pretty funny that even when a user does their best to avoid the security disaster that is IE, simply opening a WMV can cause IE to open their machine up to potential exploitation.
This may be support for the argument, which I have long dismissed, that the integration of IE and Windows makes the combination inherently less secure. |
| #2 By 6859 (206.156.242.39) at Friday, January 14, 2005 12:51:10 PM |
|
Nothing in that Register article says anything about RIAA/MPAA being behind the trojan DRM,a nd if they were behind it, and that information were to leak out, they (the MPAA/RIAA) become liable under US Federal law: it is a felony to knowlingly infect another person's computer system with malicious programs. Using the defense that they were simply preventing piracy is not an excuse at all, and they'd be in deep doo-doo.
So, even if you're right and the MPAA/RIAA is behind this, eventually this would be their own undoing as the onslaught of lawsuits get filed against them--and by their own stupidity they'd be forced to either settle out of court or lose horribly in court. |
| #3 By 2332 (66.228.91.60) at Friday, January 14, 2005 02:01:37 PM |
| #3 - The popup window itself has an IE window embedded inside it. Any exploits that apply to viewing a web page can be used to compromise the user's machine and the only interaction required is to open the WMV (or whatever file). |
| #4 By 61 (65.32.168.114) at Friday, January 14, 2005 04:36:42 PM |
| Just from the fact that these files are coming from Kazaa and BitTorrent networks, I say the user deserves what they get. |
| #5 By 2332 (66.92.78.189) at Friday, January 14, 2005 07:20:17 PM |
|
#7 - I see... so I download an episode of MacGyver and I deserve to get infected with viruses or spyware? Wow.
You're making a whole series of unjustified assumptions. |
| #6 By 23275 (68.17.42.38) at Saturday, January 15, 2005 12:52:06 AM |
|
#2 - there is no scientific basis for what you wrote.
I see that opinion a often - too often and it is simply not true. Such "IE integration" statements are so false it is just nuts. No more so than MS's windowing services running form the Kernel...again, there is just no basis in computing science for such a comment. Most vulnerabilities in IE were/are related to how SW using COM Clients were was handled. That was fixed w/SP2. Far more porous COM Client issues exist within other browsers - certainly far more serious than any in XP SP2. The downloads spoken of relate to similar types of calls - and again, as MS asserts, the design of SP2, which drastically modified how such clients are handled prevents exposure - even opposite properly signed, however malicious wrapped code might be. Please consider, http://www.objectinnovations.com/CourseOutlines/120.html |
