Comments on: Why was Media Player updated? http://www.edbott.com/weblog/?p=485 Helping PC users make sense of Microsoft software since 1991 Fri, 20 Nov 2009 18:54:09 -0700 http://wordpress.org/?v=2.8.6 hourly 1 By: Redflower http://www.edbott.com/weblog/?p=485&cpage=1#comment-85722 Redflower Wed, 05 Jul 2006 08:10:04 +0000 http://www.edbott.com/wordpress/?p=485#comment-85722 that's an easy question, if they are not updated, no one would choose, for the hot competition. that’s an easy question, if they are not updated, no one would choose, for the hot competition.

]]> By: Ben Edelman http://www.edbott.com/weblog/?p=485&cpage=1#comment-898 Ben Edelman Wed, 31 Dec 1969 17:00:00 +0000 http://www.edbott.com/wordpress/?p=485#comment-898 I tested the patch in my lab last night. Recall the specific problem uncovered last month: On XP SP2, all ActiveX installation attempts are supposed to yield Information Bar confirmations before showing popups. XP SP2 plus WMP10 does in fact do so. But XP SP2 plus WMP9 does not -- the popups appear without users activating an Information Bar. Since SP2 purportedly resolved the problem of these misleading popups, SP2 users have reason to lower their guard against such deception. Yet in the case of WMP9, they're entirely at risk. So this was the problem MS was expected to solve in the patch, and MS was expected to solve it by causing WMP9 to use the Information Bar. Needless to say, that's not what the patch did. See the screenshot and video linked below -- the result of playing an infected WMV file on a SP2 WMP9 machine. Note the misleading ActiveX popup shown without users clicking on anything. This is **NO CHANGE FROM BEHAVIOR OBSERVED BEFORE INSTALLING THE PATCH**. <a href="http://www.benedelman.org/spyware/images/drmtest-021605.png" rel="nofollow">Screen shot</a> <a href="http://www.benedelman.org/spyware/images/drmtest-021605.wmv" rel="nofollow">Video</a> So what did the patch do? As best I can tell, nothing. Very weird. I tested the patch in my lab last night.

Recall the specific problem uncovered last month: On XP SP2, all ActiveX installation attempts are supposed to yield Information Bar confirmations before showing popups. XP SP2 plus WMP10 does in fact do so. But XP SP2 plus WMP9 does not — the popups appear without users activating an Information Bar. Since SP2 purportedly resolved the problem of these misleading popups, SP2 users have reason to lower their guard against such deception. Yet in the case of WMP9, they’re entirely at risk. So this was the problem MS was expected to solve in the patch, and MS was expected to solve it by causing WMP9 to use the Information Bar.

Needless to say, that’s not what the patch did. See the screenshot and video linked below — the result of playing an infected WMV file on a SP2 WMP9 machine. Note the misleading ActiveX popup shown without users clicking on anything. This is **NO CHANGE FROM BEHAVIOR OBSERVED BEFORE INSTALLING THE PATCH**.

Screen shot
Video

So what did the patch do? As best I can tell, nothing. Very weird.

]]>