The recent Quicktime for Windows security issue stirred up and confuses users around the world. What’s behind the state of Quicktime for Windows, security and Apple in particular?
Apple vs Windows
It’s a known fact that Apple likes to protect it’s own closed ecosystem and sucessfully ignores (or eats up) everything around them.
Apple’s latest update of Quicktime for Windows was in january, 16th this year to version 7.7.9 and updates are pretty rare for windows now.
Sadly Apple is just simply sabotaging other OS’es, especially Windows, because they are pretty aware that programms and user rely on Quicktime for Windows because it is used by many video camera systems, portable video recorders, editing software, visual effects software and so on. And there are at least 60-80% professional users especially in the film, video and visual effects world using Windows (or Linux) machines over Macs because of software availability, more open application structure for developers and hardware choice. It’s not too far to think Apple is pretty agressive in forcing people to buy Macs and their products to promote the illusion of beeing “save”. That’s a bold statement, but every act of Apple looks like this is happening. But web user statistic, especially in the film and video sectors shows that more and more are coming from Windows again, after some strong years of Apple. Also shown in hardware support from Adobe, which is way better on Windows than on Apple.
You can read Adobe’s statement about this issue on their blog.
Is your Windows machine insecure because of Quicktime?
Let’s examine the latest security issue with Quicktime on windows. The United States Computer Emergency Readiness Team (US-CERT) issued a security vulnerability with Quicktime for Windows this week with two particular cases in which a remote attacker can execute code in the Quicktime player after a buffer overflow error.
If you are interested in the specifics of this, just read the two cases of Code Execution Vulnerability in moov atom and atom processing within the Quicktime player.
As you can read in the security details, this vulnerability can only happen whith a user interaction. That means the user must visit a malicious page or open a malicious file in order for the exploitation to be opened via the Quicktime player. What does that mean?
A normal use of quicktime (even the player) is absolutely save and nothing happens if you use it normally and don’t visit fishy websites.
How can I raise my security without uninstalling Quicktime?
If you’re still uncertain or your paranoia is still bugging you, the simpliest way is just do not use the Quicktimeplayer itself. Use any another player like VLC or MediaPlayerClassic-HomeCinema. MPC-HC is a high end player that even plays 10-bit on compatible graphics cards (NVidia Quadro or AMD Fire Pro) and it plays virtually any format very efficiently because it uses GPU hardware acceleration when available. Just don’t use the Quicktime player. The .MOV container and the codecs which quicktime uses are perfectly save, nothing can come into your computer when you just use the codecs within the NLEs or any other graphics software. Don’t let the paranoia invade you. It’s just a big software and hardware rival to Windows which don’t wants you to use Windows. Do not let them fool your brain. Use whatever you want, the way you want to use it!
Additionally you can just rename the Quicktime Player exe to prevent it to open by exident (you can even delete the exe, if you want, but thats not neccesarry). All video application will work normally because the don’t need the player itself, just the additional quicktime components which are delivered along with with the player installation. The executable normaly is in “C:\Program Files (x86)\QuickTime\” which you can just rename to somthing like “_QuickTimePlayer.exe” and it’s dll to “_QuickTimePlayer.dll” by adding an underscore to the begin of the filename. Please be carefull when doing this, because you can also destroy things on your installation if you’re not know what you doing.
UPDATE: Adobe Premiere CC users, I just uninstalled Quicktime and the only codec which is still working without quicktime installed is DNxHD and DNxHR in a .mov container, all other codecs within a .mov container are shown as offline in Premiere CC, especially ProRes and h264 like the movies coming from a Canon 5D and GH4 are all not working anymore.
UPDATE: The easiest way is to uninstall quicktime, then reinstall it with custom install options and just install the codec and check off all other options like the Quicktime player and the additional web plugins.
Generally it is a good idea to get the lastest Quicktime for Windows installer NOW and keep it in a save place, because it is unsure if there will be a download available sometime in near future! The Windows 7 installer can also be used on Windows 8 and 10.
Additional Security Precautions
As an responsible and careful user you would normally not visit fishy websites which could contain malicious plugins, codes and executables in the form of downloaders or any other stuff like this.
A good way of protecting your workstation is to use a hardware firewall which is included in most modern routers which controls what comes in and what connections goes out. Even a software firewall is good protection and application-firewalls like Zone Alarm Firewall are a great thing to control every single application and prevent it from doing unauthorized connections to and from the outside world, although all of this requires the user to learn a bit about computers, networks, applications and how to use them responsible.
You see, it is not all that dark painted end-of-the-world situation which some big companies and governments wants you to belive. Just bahave responsible and careful when using computers, especially when connected to the internet. In the end, only the experienced user will survive and know what’s behind all this. And I try to share my knowledge and opinion to the world and calm down security fear a bit.
Surely this is not an ideal way doing this, but what else should we do if we’re mostly helpless with the ruthless actions of some of the bigger software companies.
Why is it so hard for Apple to work together with Windows, their biggest rival, at least at a minimum respectable level and accept that there has to be some kind of non-hostile collaboration between these bigger companies. I know there is a lot of political hick-hack about who’s gonna have more profit and how much of the user base can we suck away from the other company. Come on Apple, you can do better thatn that. We know that there is no “end of lifecycle” for Quicktime, it is widly used by many applications and hardware around.
Apple should really show some backbone here and provide propper support for a very good codec platform, even though the Quicktime Player itself was never really a comer on Windows, but that’s ok for most of us 😉
My desire: can we please just be nice to each other and support each other! Thank you.