I occasionally get funny videos as attachments to email and I download them
and scan them with a virus scan package (Norton) before playing. There has not
yet been one with a virus detected. But I notice when I play them with Windows
Media Player I see a “connecting” message at the bottom of Media Player even
though I selected the option to not communicate with Microsoft about my playing
history when I installed the Media Player software. Can a WMV or similar file
have any scripting in it that might be dangerous in terms of transmitting
information on my PC to the author of the funny video?
I’ve always assumed that the “connecting” message was just Windows Media
Player using a generic term that could be used both in cases where it truly connects to
remote, streaming video, as well as opening a local, downloaded free video file. In
other words, I assumed it’s just “connecting” to the media, wherever it is.
But rather than assume anything, I decided to ask my friend Jake Ludington, who’s particularly
conversant in media issues, for his thoughts.
The short answer to your question turns out to be “yes”.
Become a Patron of Ask Leo! and go ad-free!
From Jake:
“The answer to whether WMV files can contain scripting is definitely
yes, with or without DRM. I have a tutorial on how to make “Windows Media enhanced podcasts” using exactly this concept.”“A neat theory, but useless in practice because porn sites have abused
that feature to no end and scripting is turned off by default to protect
users.”“One innocuous possibility [for the connecting message] not mentioned here is album art acquisition.
The media player does hit the Internet for that from the boxes checked in Tools
> Options > Privacy > Enhanced Playback and Device
Experience”
Jake also mentioned an accusation that one vendor was using the
DRM support to install spyware on people’s computers by way of file
sharing sites. While it’s unclear if that actually was ever proven, it certainly could happen.
“In terms of what DRM actually
communicates, it varies widely by exact implementation, but it typically checks
to make sure the user has rights to view and if they do not have rights to view
one common action is to launch a Web page to register and/or pay for content
(the other common one being to simply tell you the file won’t work).”
The good news is that DRM support is licensed from Microsoft – so should a vendor
be ‘caught’ behaving unethically, that support can be revoked.
The bottom line appears to be that, as with everything else, it pays to be cautious.
It sounds like your taking fairly reasonable first steps by scanning the files first.
Um. All media players are large software
applications charged with reading arbitrary
input files and applying a fairly complex interpretation to the bits they read. There are usually a few ways to craft patterns of input bits (in the video) that will exploit coding errors in carelessly written players – typically by fooling them into reading “video” data into a
region of memory that the exploit can then cause to be reread as executable code. It is a hard problem to prove that complex software is secure under all possible input streams. Not impossible, but hard enough that software developers often skip that extra cost. Instead we all support an industry of virus scan companies that clean up after such exploits get published.