The insane spitfire video clip

"Teacherjh" wrote in message
...
Another thing - .wmv files are nasty. Much better to use a .mpg because
an
.mpg is just the video, but .wmv files can contain embedded web links and
the
players can't fliter them out.

That's silly. As long as Jay doesn't embed a link in a WMV file, it won't
have one. Presumably he's only posting WMV files he's actually played
himself and knows don't include any malicious scripting.

Two big advantages to using WMV: widely available player; excellent
compression.

Pete

Another thing - .wmv files are nasty. Much better to use a .mpg because an
.mpg is just the video, but .wmv files can contain embedded web links and the
players can't fliter them out.

That's silly. As long as Jay doesn't embed a link in a WMV file, it won't
have one.


.... and those who filter out .wmv files in their entirety (because of payloads)
won't get to see them.

If a format is not trustworthy, it shouldn't be used.

Jose

--
(for Email, make the obvious changes in my address)

"Teacherjh" wrote in message
...
... and those who filter out .wmv files in their entirety (because of
payloads)
won't get to see them.

Why not just set your security settings so that the scripts contained in WMV
files aren't run?

If a format is not trustworthy, it shouldn't be used.

The format is perfectly trustworthy, just as much as any "web-friendly"
format is, as long as you have a clue about what you're doing with your
computer. If you don't trust WMV files, you shouldn't ever open any web
browser.

Pete

On Mon, 27 Oct 2003 12:08:38 -0800, "Peter Duniho"
wrote in Message-Id:
:

The format is perfectly trustworthy, just as much as any "web-friendly"
format is, as long as you have a clue about what you're doing with your
computer.

The majority of video compression formats do not support windows
scripting. In fact, I know of no other.

If you don't trust WMV files, you shouldn't ever open any web
browser.

You don't have to open a browser; WMV files will do that for you
whether you want it or not.

"Larry Dighera" wrote in message
...
The majority of video compression formats do not support windows
scripting.

So what?

If you don't trust WMV files, you shouldn't ever open any web
browser.

You don't have to open a browser; WMV files will do that for you
whether you want it or not.

You are missing the point. First of all, WMV files won't open a browser on
my computer; if you choose to allow that on your computer, that's a choice
you have to live with.

Secondly, my comment about not opening a web broswer was simply addressing
the fact that you have the EXACT same vulnerability when playing a WMV file
(if you've chosen to expose yourself to that vulnerability) as you have when
surfing the web. A WMV file cannot do anything that any random HTML page
can't do. If you feel insecure playing a WMV file, you should feel insecure
navigating to any web page.

Pete

On Mon, 27 Oct 2003 12:55:07 -0800, Peter Duniho NpOeStPeAdM@NnOwSlPiAnMk.
com wrote:
Secondly, my comment about not opening a web broswer was simply addressing
the fact that you have the EXACT same vulnerability when playing a WMV file
(if you've chosen to expose yourself to that vulnerability) as you have when
surfing the web.

I dunno, there are some very serious vulnerabilities in MSIE that have
turned up recently - including one allowing a malicious user to execute
arbitrary code as the logged in user (which is also trivial to exploit).

A patch a day keeps the trojans away.

--
Dylan Smith, Castletown, Isle of Man
Flying: http://www.dylansmith.net
Frontier Elite Universe: http://www.alioth.net
"Maintain thine airspeed, lest the ground come up and smite thee"

"Dylan Smith" wrote:

A patch a day keeps the trojans away.

I thought the Trojan was to keep the nasties away.

"Dylan Smith" wrote in message
...
I dunno, there are some very serious vulnerabilities in MSIE that have
turned up recently

You "dunno" what? That's my point. Web surfing is in itself a "dangerous"
activity. A script in a WMV file is only truly dangerous if your browser
has a vulnerability (and of course, if you've enabled running scripts in
your media player), and if that's the case, then you have the same exact
risk just surfing the web.

Pete

Why not just set your security settings so that the scripts contained in WMV
files aren't run?


I do have them that way. Scripts are off, java is off, animation is off,
popups are off. But if I download a .wmf file and run it from a player that
has nothing to do with the internet, it still tries to log me on and take me
somewhere, if that's what the script says to do, and I have no clue as to how
to tell these players not to even try. (they never get anywhere because
whenever I need to see a .wmf file I pull the plug on the internet)

If you have a clue, please tell me how to run a wmf file in media player, movie
player, quicktime, imaging, or vueprint pro without triggering the scripts
hidden inside.

Jose

--
(for Email, make the obvious changes in my address)

"Teacherjh" wrote in message


I do have them that way. Scripts are off, java is off, animation is
off, popups are off. But if I download a .wmf file and run it from a
player that has nothing to do with the internet, it still tries to
log me on and take me somewhere, if that's what the script says to
do, and I have no clue as to how to tell these players not to even
try. (they never get anywhere because whenever I need to see a .wmf
file I pull the plug on the internet)

If you have a clue, please tell me how to run a wmf file in media
player, movie player, quicktime, imaging, or vueprint pro without
triggering the scripts hidden inside.

Have you tried the settings in Tools | Options | Security?

Uncheck the "Run script commands when present" and
Check "Do not run script commands...inside a web page."

I don't have a page to test these with, but I believe that's what these
options are intended to deal with.

--
John T
http://tknowlogy.com/tknoFlyer
_______________