Re: Who can play this wav file?

Interesting discussion there. Thanks for the enlightenment. What I know is
probably dated. The GDI exploit is one that I know very little about other
than that it exists. Hmph I thoughtr that exploit requred some third-party
application to be sussceptible but I am not going to say a definite here.
thanks zachd [ms].

Anyway back to my original request. I installed a new Windows 2000 and
still could not play it after SP4. It is a Windowd 98 Plus file and I just
don't know what has happened here. That media file has me stumped. The
only thing I can do is install a fresh Windows 2000 and see if it plays but
I believe it does.

--

George Hester
_________________________________
"zachd [ms]" <zachd@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:#bJEa7FMGHA.2668@xxxxxxxxxxxxxxxxxxxxxxx

"George Hester" <hesterloli@xxxxxxxxxxx> wrote in message
news:usAirJFMGHA.1472@xxxxxxxxxxxxxxxxxxxxxxx
I have never ever seen a virus in any type of file which does not have an
extension that calls the API that is required for "executing." Never.
If
that were true then it could also be in txt jpg gif anything. Not true
as
far as I know unless the machine is already infected. If so then I am
the
greatest virus writer in the 21st century.

Look up the GDI+ security problem, the ZLIB security problem, the various
WinAMP file format parser problems, the RealNetworks security
problems......
there's a bunch here.

And yeah, JPG/GIF... those have indeed been vectors for exploits.

What you are thinking of is "trojan executables", which require native
execution. So if I clicked on PleaseFormatMyHardDrive.exe, I'd expect bad
things to happen. That's a trojan exe. There's also trojan data that
relies on holes in the source parser - this is part of the "buffer
overrun"
class of security exploits. So if I clicked on
PleaseFormatMyHardDrive.jpg,
I would *not* expect bad things to happen... but they might indeed if the
native renderer had an exploitable hole.

And without going into specifics (which you can largely research online),
yes, there have been a variety of security fixes providede in various
clients that consume multimedia file types. So: safe clicking is always,
*always* recommended.

"a full explanation of why you should be clicking and what you should be
looking for upon clicking it"
I did do that I asked if anyone could play it.

Nobody understood why. If I asked if you could see
PleaseFormatMyHarddrive.jpg... well, you'd want to exercise due diligence
before clicking. That's what we're trying to do here. Hopefully you now
understand why. =)

The other thing here of course is whether a user "trusts" their AV
software.
What good is it then? Actually I am familiar with the file types
necessay
for a virus to infect. That's why I do not use AV software. There
really
is no reason to if you know the extensions of them. The extension is
not
only sufficient but necessary for a virus to infect.

* Anti-virus software detects a known set of attack vectors.
* That's not correct, as noted above. A .JPG may contain an attack you
don't know about.

Here is a good example. wmv files should only call WMP or the video
player
that has that extension. Assuming no infection in the machine that is
what
should happen the media player fire up and only that. But wmv and asf
can
hold scripting. (by the way wav cannot). So the asf fires up and
scritping
takes your browser to a website that uses ActiveX to infect you. A
clear
indication why Digital Media Rights is WRONG. Who knows where those DRM
infected files are going to take you?

There's a ton of pieces to break that down into:
* you can / should turn off scripting via the option to do so in WMP
* you should get a warning/choice before being taken to X site
* you shouldn't be browsing as an admin (UAP/LUA in Vista is your friend -

as is DropMyRights for XP)
* you shouldn't be able to be infected by that activex control
... and the WAV file may be taking advantage of some new RIFF parsing
issue
you didn't know of previously.

It's a strange world out there. Be careful. =)

-Zach
--
Windows Media Development Team (speaking for myself only)
See http://zachd.com/pss/pss.html for some helpful WMP info.
This posting is provided "AS IS" with no warranties, and confers no
rights.



.

Relevant Pages

  • [SLE] [OT] Re: FYI: OpenSUSE vs Vista
    ... Windows Vista has implemented 0% .NET in the core. ... SIDs to a NTFS filesystem, which _can_ happen on a non-DC file server. ... It's trying to chuck the Graphical Display Interface (GDI) ...
    (SuSE)
  • Re: which way is faster?
    ... I never heard of speed comparisons between dos and windows. ... GDI does not support hardware. ... I provided a demonstration here earlier, where a GDI app, can prempt both the mouse and keyboard messages, and keep going. ...
    (alt.lang.asm)
  • Re: Using Graphics.World when drawing
    ... Conversions to and from pixels are unneccesary. ... See the GDI+ FAQ and Windows Forms Tips and Tricks for some ideas. ...
    (microsoft.public.dotnet.languages.csharp)
  • RE: Office 2003 "needs to close"
    ... But I should reply to the point on GDI. ... I now also have trouble printing pictures from Windows Photo & Fax viewer. ... Download Platform SDK Redistributable: GDI+ ... Under General Tab clear your History, ...
    (microsoft.public.windowsxp.general)
  • Re: creating multiple regions from an image based on colors
    ... Find great Windows Forms articles in Windows Forms Tips and Tricks ... Answer those GDI+ questions with the GDI+ FAQ ... and a picture box on the form and that bitmap as ...
    (microsoft.public.dotnet.framework.drawing)