Helping people with computers... one answer at a time.
I occasionally get funny videos as attachments to email and I download them and scan them with a virus scan package (Norton) before playing. There has not yet been one with a virus detected. But I notice when I play them with Windows Media Player I see a "connecting" message at the bottom of Media Player even though I selected the option to not communicate with Microsoft about my playing history when I installed the Media Player software. Can a WMV or similar file have any scripting in it that might be dangerous in terms of transmitting information on my PC to the author of the funny video?
I've always assumed that the "connecting" message was just Windows Media Player using a generic term that could be used both in cases where it truly connects to remote, streaming video, as well as opening a local, downloaded free video file. In other words, I assumed it's just "connecting" to the media, wherever it is.
But rather than assume anything, I decided to ask my friend Jake Ludington, who's particularly conversant in media issues, for his thoughts.
The short answer to your question turns out to be "yes".
"The answer to whether WMV files can contain scripting is definitely yes, with or without DRM. I have a tutorial on how to make "Windows Media enhanced podcasts" using exactly this concept."
"A neat theory, but useless in practice because porn sites have abused that feature to no end and scripting is turned off by default to protect users."
"One innocuous possibility [for the connecting message] not mentioned here is album art acquisition. The media player does hit the Internet for that from the boxes checked in Tools > Options > Privacy > Enhanced Playback and Device Experience"
Jake also mentioned an accusation that one vendor was using the DRM support to install spyware on people’s computers by way of file sharing sites. While it's unclear if that actually was ever proven, it certainly could happen. "In terms of what DRM actually communicates, it varies widely by exact implementation, but it typically checks to make sure the user has rights to view and if they do not have rights to view one common action is to launch a Web page to register and/or pay for content (the other common one being to simply tell you the file won’t work)."
The good news is that DRM support is licensed from Microsoft - so should a vendor be 'caught' behaving unethically, that support can be revoked.
The bottom line appears to be that, as with everything else, it pays to be cautious. It sounds like your taking fairly reasonable first steps by scanning the files first.