Protect your media player from podcasts

Update Windows Media Player to avoid surprises

Late in 2004, computer experts noticed that a popular Windows Media Player video file was actually a silent delivery mechanism infecting millions of PC users with spyware.

On Jan. 3, 2005, security researcher Ben Edelman revealed what was happening to people who played this video file in WMP. After clicking the OK button on a single, legitimate-looking "browser update" dialog box, "My computer quickly became contaminated with the most spyware programs I had ever received in a single sitting," he said.

Edelman counted an amazing total of 31 programs that had silently been installed, without even displaying a license agreement. These included adware from 180solutions, CoolWebSearch, Ezula, ISTbar, and many other adware companies, he said. (By the way, I reported on July 14 that Microsoft’s AntiSpyware beta program, to the dismay of spyware experts, has stopped recommending the removal of programs by 180solutions, Ezula, and some other adware companies.)

How the trick works: Media files that are played using recent versions of Windows Media Player, such as 9.0 and 10.0, can invoke Microsoft’s Digital Rights Management system. This DRM scheme allows multimedia files, among other things, to open a Web page and display information to the user.

Allowing audio and video files to open new windows is not such a good idea in the first place. Even worse, however, is how DRM was implemented by Microsoft.

Windows media player dialog box Left: Playing a video file in Windows Media Player can launch a dialog box that looks official but installs spyware. Enlarge image in context

DRM-protected multimedia files, when played in WMP, can make a dialog box appear, such as the one shown above that Edelman diagnosed. (This image is reproduced with Edelman’s permission.) In this case, the dialog box tells the user to click the Install button to get what was supposedly a Required Media Player Version 10 Browser Update.

Most Windows users, of course, see dialog boxes like this all the time. For example, legitimate audio and video files commonly require the download of a particular compressor-decompressor, or codec. That perfectly ordinary situation displays a very similar codec-update dialog. (I discuss, below, a safe way to update codecs.)

This article is part of our premium content. Join Now.

Already a paid subscriber? Click here to login.

= Paid content

All Windows Secrets articles posted on 2005-08-11: