Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Can I get a virus or spyware from a free video download?

I occasionally get funny videos as attachments to email and I download them
and scan them with a virus scan package (Norton) before playing. There has not
yet been one with a virus detected. But I notice when I play them with Windows
Media Player I see a “connecting” message at the bottom of Media Player even
though I selected the option to not communicate with Microsoft about my playing
history when I installed the Media Player software. Can a WMV or similar file
have any scripting in it that might be dangerous in terms of transmitting
information on my PC to the author of the funny video?

I’ve always assumed that the “connecting” message was just Windows Media
Player using a generic term that could be used both in cases where it truly connects to
remote, streaming video, as well as opening a local, downloaded free video file. In
other words, I assumed it’s just “connecting” to the media, wherever it is.

But rather than assume anything, I decided to ask my friend Jake Ludington, who’s particularly
conversant in media issues, for his thoughts.

The short answer to your question turns out to be “yes”.

Become a Patron of Ask Leo! and go ad-free!

From Jake:

“The answer to whether WMV files can contain scripting is definitely
yes, with or without DRM. I have a tutorial on how to make “Windows Media enhanced podcasts” using exactly this concept.”

“A neat theory, but useless in practice because porn sites have abused
that feature to no end and scripting is turned off by default to protect
users.”

“One innocuous possibility [for the connecting message] not mentioned here is album art acquisition.
The media player does hit the Internet for that from the boxes checked in Tools
> Options > Privacy > Enhanced Playback and Device
Experience”

“The bottom line appears to be that, as with everything else, it pays to be cautious.”

Jake also mentioned an accusation that one vendor was using the
DRM support to install spyware on people’s computers by way of file
sharing sites. While it’s unclear if that actually was ever proven, it certainly could happen.
“In terms of what DRM actually
communicates, it varies widely by exact implementation, but it typically checks
to make sure the user has rights to view and if they do not have rights to view
one common action is to launch a Web page to register and/or pay for content
(the other common one being to simply tell you the file won’t work).”

The good news is that DRM support is licensed from Microsoft – so should a vendor
be ‘caught’ behaving unethically, that support can be revoked.

The bottom line appears to be that, as with everything else, it pays to be cautious.
It sounds like your taking fairly reasonable first steps by scanning the files first.

Subscribe to Confident Computing! Tech problem solving & safety tips with a weekly confidence boost in your inbox every week.

I'll see you there!

10 Reasons Your Computer is Slow

Slow Computer?

Speed up with my FREE special report: 10 Reasons Your Computer is Slow, now updated for Windows 10.

No strings. No email. Here's the direct download. (Just right-click and "Save As...".)

1 thought on “Can I get a virus or spyware from a free video download?”

  1. Um. All media players are large software
    applications charged with reading arbitrary
    input files and applying a fairly complex interpretation to the bits they read. There are usually a few ways to craft patterns of input bits (in the video) that will exploit coding errors in carelessly written players – typically by fooling them into reading “video” data into a
    region of memory that the exploit can then cause to be reread as executable code. It is a hard problem to prove that complex software is secure under all possible input streams. Not impossible, but hard enough that software developers often skip that extra cost. Instead we all support an industry of virus scan companies that clean up after such exploits get published.

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.