Media Player for malware prevention

Music and videos downloaded from the internet are an often-ignored source of malware. This malware exploits vulnerabilities in the multimedia player to allow execution of program code embedded in the media. For example, the release notes for a recent update of QuickTime reveal vulnerabilities in the previous version: About the security content of QuickTime 7.6.2 - Apple Support

Comodo Internet Security’s buffer overflow protection, in the Defense+ component, prevents a good percentage of malware in multimedia. However, notice in the above release notes that many of the “arbitrary code execution” vulnerabilities do NOT involve a buffer overflow.

So what can the consumer do to stay safe against multimedia malware that exploits unfixed vulnerabilities? Since the multimedia player is a trusted application, the HIPS (Defense+) will allow it to be hijacked to do almost anything (in Safe or Clean PC Modes). Anti virus software does not reliably detect malware for which it doesn’t yet have a signature.

The traditional answer for multimedia safety is keep the multimedia player updated to the latest version and pray that vulnerabilities are patched faster than hackers discover them. But wait! It is not that simple! The dominant multimedia players are Microsoft’s Windows Media Player (WMP), Apple’s QuickTime and RealNetwork’s RealPlayer. They each have proprietary multimedia formats, and none of them play all the formats from the other two. WMP is so tightly integrated with the Windows OS that it cannot be uninstalled without breaking other media players. So the user is lead to have all three players, which must be kept up to date.

To make matters worse, these players don’t play well with others. By default, they check for and download security updates. This slow down is not always welcome. Sometimes such updates create compatibility problems or break the OS. A safer and more-controlled approach is for the administrator to back up the computer before performing regular updates. Doing so requires changing the player settings, and remembering to do this again after each update since they return this setting back to the default.

The rivalry between the commercial companies behind these players is not always friendly. Each player wants to be the default player for discs, file types and browser MIME types – blocking attempts from other players to change these settings. The user must carefully make the settings on each account to prevent this. RealPlayer, in particular, has the nasty habit of associating itself with all file and MIME types every time ANY settings change is made by the user.

The commercial companies behind these players make money with them selling advertising and media downloads. RealPlayer even installs WeatherBug, which is declared spyware by many security applications (see WeatherBug: Investigating spyware). Each player uses an embedded Internet Explorer (IE) browser for displaying advertising, so security-conscious users who normally use another browser must also lock down IE settings. Selling media to the user requires a unique ID for each computer to support digital rights management (DRM). A player could create a unique ID even before the user establishes a billing account. While player privacy policies claim that no personal info is sent over the internet, they do not deny that a unique ID is sent, which is a type of super cookie that advertisers can use to correlate with other info to identify the person (see The only way for the user to totally prevent sending a super cookie (including when settings automatically change after an update) is to use a software firewall to block access to the player. But doing so prevents general web browsing. :frowning:

Wouldn’t the user prefer using one player for all multimedia encounter during web browsing? A non-commercial application that plays nicely with others and respects the user’s privacy? The user would then only need to allow firewall access to one player for general web surfing. The dream has come true, nearly, with VLC Media Player! Download VLC free at Official download of VLC media player, the best Open Source player - VideoLAN I show below how to configure VLC with the Firefox browser. I use Firefox because it supports blocking ads with potential spyware and automatically deleting super cookies (see

First, let me explain something that took me a while to figure out. When a web page has a media file, some include a MIME type (see Media type - Wikipedia) and some do not. In Firefox, right-click on a page and select View Page Source to look for the TYPE next to the media file link. The internet standard says that the browser shall use the application associated with the MIME type, regardless of the media file’s extension. But if the MIME type is not on the web page, then the browser may choose an application associated with the media file’s extension. In the Firefox|Tools|Options|Applications menu, the content types come from MIME types and file extensions. Firefox can recognize MIME types with Firefox extensions, but this menu only shows the MIME types offered by plug-ins. To see MIME types offered by each plug-in, type “about:plugins” in the Firefox address bar. File extension associations are added to the Applications menu when the user encounters a new one on a web page (with no MIME type). By default, Firefox associates a MIME type with the plug-in that includes it. However, in the Applications menu, the user can change the association to another application. But if a MIME type is not listed in the Applications menu, then a plug-in must be added or a Firefox extension must handle it. When the user views a web page with an unrecognized MIME type, Firefox will prompt the user to load a plug-in.

VLC will play almost every video and audio format (see VLC - Features - VideoLAN). However, VLC does not support MIDI format nor still image formats like TIFF and JPEG 2000, which I need to support when I encounter them occasionally. VLC does not play certain QuickTime videos correctly. For example, VLC refuses to play this video stream:
VLC plays the audio, but displays blank for this video:

My solution for supplementing VLC is to load QT Lite:
QT Lite provides only the QuickTime plug-in for playing media embedded in the web browser. It does not access the internet, check for updates, display ads or play media files without the web browser. It is more lightweight than the full QuickTime installation. In the Start|Control Panel|QuickTime|Browser|MIME Settings menu, the user can choose selectively which MIME types are supported by its plug-in. I noticed that if the same MIME type is supported by the VLC and QuickTime plug-ins, the QuickTime plug-in takes precedence, even when the Firefox Applications menu shows that the VLC plug-in is selected. I also notice that if a MIME type is only supported by the QuickTime plug-in, it generally does not show up in the Firefox Applications menu with QT Lite, but it does show up with the full QuickTime installation. This is the only browser limitation I have found with QT Lite, and it hasn’t caused me any problem so far.

Now that I have a combination that plays all the media formats I need, my problem is that many web pages with embedded or streaming media still won’t play. This is because VLC’s Firefox plug-in omits a lot of MIME types for formats that VLC supports, and the QuickTime plug-in doesn’t support them either. My solution is to install the MediaPlayerConnectivity Firefox extension:
MediaPlayerConnectivity allows the user to specify the MIME types associated with a player. It takes precedence over plug-ins when the same MIME type is supported by both.

Since the documentation on MediaPlayerConnectivity is rather thin, here is some extra info. Preferences are set in the Firefox|Tools|MediaPlayerConnectivity|Configure menu. MediaPlayerConnectivity comes pre-configured for many popular media types. On the Media players tab, leave unchecked all the types that you want to be handled by plug-ins. I have plug-ins for QuickTime (QT Lite), Flash and Shockwave. Check all the types handled by VLC and enter the full path to vlc.exe. Checking “Expert mode” enables the Advanced tab menu (needed, see below) and displays ECFA columns on the Media players tab. These ECFA columns are cryptically explained in the bottom legend, and they correspond to four settings in the Configuration menu, which are grayed out in “Expert mode”… With “Expert mode”, the user can customize these settings for each media type. I check E & C and uncheck F & A for all types. In the Advanced menu, you can see the MIME types and extensions associated with each type. In the Windows Media type, MediaPlayerConnectivity is missing the MIME type to handle Windows Media 11. Therefore, I added a new media type, with Name=”Windows Media 11”, MIME type list=”application/x-ms-wmp” and the other fields blank. I also found support missing for some MPEG links, so I added another new media type, with Name=”MPEG”, MIME type list=”video/mpeg;video/x-mpeg;audio/mp4”, Extensions list=”mpeg;mpg;m1s;m1v;m1a;m75;m15;mpm;mpa;m2a” and the other fields blank. Because VLC can boost the loudness of my tiny laptop speakers to 200%, I prefer to use VLC over QuickTime to play common WAV files. Therefore, I disabled the Wave/Midi/Au/Aif type and added a new media type, with Name=”Wave/Au/Aif”, copying all fields from the Wave/Midi/Au/Aif type, but omitting the MIDI stuff, which is handled by the QuickTime plug-in. Note that you cannot edit media types in the MediaPlayerConnectivity GUI. You can only delete and add a new one. However, in the about:config interface, let filter=mediaplayerconnectivity, and you can edit there. Notice that the pre-configured media types are hard-coded and do not appear in about:config.

I tried installing Real Alternative Lite (, but I found that Firefox crashed sometimes when playing Real media. Since VLC handles all the pages I tried with Real media, I uninstalled Real Alternative Lite. I disabled the Windows Media Player and Microsoft DRM plug-ins in Firefox since VLC handles well all the such media I have tried so far, and I don’t buy MS-format downloaded music. I noticed that VLC would throw an error if it was already open when I played certain embedded and streaming media. I worked around this with the following VLC setting: Tools|Preferences|Show settings=All|Playlist|check “Play and exit”|Save. VLC is the only media player that I allow to connect with the internet. Windows Media Player is the only other player that remains on my PC, but it is totally blocked by the firewall. Remember that QT Lite is a plug-in, not a stand-alone player, and it does not directly access the internet.

Using the above configuration, Firefox successfully plays all the test media on the following sites: MP3 and OGG streams work, Real streams are down

Since I don’t use Windows Media Player and don’t have Real Player installed, I do not have to keep up with their security updates. With Firefox access rights in Defense+ customized for safe surfing, the QuickTime plug-in is restricted also. This, and the fact that few formats are played by the QuickTime plug-in on my PC, make it less critical to keep up with the security updates of QT Lite.

Happy and safe surfing!