Helping people with computers... one answer at a time.

I occasionally get funny videos as attachments to email and I download them and scan them with a virus scan package (Norton) before playing. There has not yet been one with a virus detected. But I notice when I play them with Windows Media Player I see a "connecting" message at the bottom of Media Player even though I selected the option to not communicate with Microsoft about my playing history when I installed the Media Player software. Can a WMV or similar file have any scripting in it that might be dangerous in terms of transmitting information on my PC to the author of the funny video?

I've always assumed that the "connecting" message was just Windows Media Player using a generic term that could be used both in cases where it truly connects to remote, streaming video, as well as opening a local, downloaded free video file. In other words, I assumed it's just "connecting" to the media, wherever it is.

But rather than assume anything, I decided to ask my friend Jake Ludington, who's particularly conversant in media issues, for his thoughts.

The short answer to your question turns out to be "yes".

From Jake:

"The answer to whether WMV files can contain scripting is definitely yes, with or without DRM. I have a tutorial on how to make "Windows Media enhanced podcasts" using exactly this concept."

"A neat theory, but useless in practice because porn sites have abused that feature to no end and scripting is turned off by default to protect users."

"One innocuous possibility [for the connecting message] not mentioned here is album art acquisition. The media player does hit the Internet for that from the boxes checked in Tools > Options > Privacy > Enhanced Playback and Device Experience"

"The bottom line appears to be that, as with everything else, it pays to be cautious."

Jake also mentioned an accusation that one vendor was using the DRM support to install spyware on people’s computers by way of file sharing sites. While it's unclear if that actually was ever proven, it certainly could happen. "In terms of what DRM actually communicates, it varies widely by exact implementation, but it typically checks to make sure the user has rights to view and if they do not have rights to view one common action is to launch a Web page to register and/or pay for content (the other common one being to simply tell you the file won’t work)."

The good news is that DRM support is licensed from Microsoft - so should a vendor be 'caught' behaving unethically, that support can be revoked.

The bottom line appears to be that, as with everything else, it pays to be cautious. It sounds like your taking fairly reasonable first steps by scanning the files first.

Article C2611 - April 3, 2006 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

1 Comment
Jaxon
March 29, 2009 11:00 PM

Um. All media players are large software
applications charged with reading arbitrary
input files and applying a fairly complex interpretation to the bits they read. There are usually a few ways to craft patterns of input bits (in the video) that will exploit coding errors in carelessly written players - typically by fooling them into reading "video" data into a
region of memory that the exploit can then cause to be reread as executable code. It is a hard problem to prove that complex software is secure under all possible input streams. Not impossible, but hard enough that software developers often skip that extra cost. Instead we all support an industry of virus scan companies that clean up after such exploits get published.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.