XP vulnerability with QuickTime format

I believe that Defense+ is sufficient to block Windows Media Player, with its yet-to-be-discovered vulnerabilities. In other forums, users have advised against uninstalling Windows Media Player totally because parts of it are used by other media players.

For other media players, why not uninstall them instead of blocking them with Defense+?

By the way, VLC Media Player v1.0.0 has been released. I tested it on all clip versions from this site:

It works! Therefore, I don’t need Real Player any more! Good riddance to this bloated spyware.

Thanks for the notification man. Just realized they have a new version out.

Here is a forum where people compare different players for compatibility, PC resources and quality:

VLC is one of the best for compatibility with many formats and broken files. The main multimedia problem I have on my two laptops is too-soft audio with the built-in loudspeakers, even with all the volume controls at maximum. VLC supports increasing loudness to 200%, which does not produce any audible distortion on 95% of the audio and video files I have tried. I tolerate VLC’s slow loading to get usable loudness and no-fuss compatibility. If I watched full-length videos on my PC, video quality would be more important, and I would try Media Player Classis HomeCinema (MPC-HC) with a codec pack, such as here:

From a security point of view, I recommend avoiding the often-targeted-by-malware mainstream players like Windows Media Player, QuickTime and Real Player; and instead use open-source players like VLC, MPC and MPC-HC or maybe GOM Media Player. One strategy would be to associate VLC with all possible file extensions in Windows Explorer, associate VLC with all possible MIME types and file extensions in Firefox, and open full-length videos from within a high-quality player like MPC-HC.

While VLC Media Player has successfully played every multimedia file I have tried, I found many web pages with embedded multimedia that did not work initially. Here is what I have done so far…

My first goal is to avoid using Internet Explorer (IE), Windows Media Player (WMP) and the WMP browser plug-in since these are the most popular and most targeted by malware. My second goal is to avoid installing commercial media players (like Real Player and QuickTime) that run background processes, embed IE within, send unknown info to their home server and potentially install spyware (like WeatherBug). My third goal is to avoid installing other media players using the DirectShow framework (Media Player Classic) because they use vulnerable components from WMP. See DirectShow - Wikipedia

I use the Firefox browser because it supports the Adblock Plus extension for improved security and faster surfing. I have WMP 11 installed, but I disabled the WMP and Microsoft DRM plug-ins within Firefox. With no other media players installed besides VLC (including its Firefox plug-in), VLC successfully plays all media at Enjoy RealPlayer from RealNetworks everywhere
MP3 and Ogg streams at http://www.wxyc.org/programming/listen/help/
WMP 9 test at http://plugindoc.mozdev.org/testpages/index.html
Non-embedded media except MIDI at http://home.att.net/~cherokee67/mediatests.html

After adding QT Lite from http://codecguide.com/qt_lite.htm, Firefox successfully plays MIDI, QuickTime movies and embedded WAV at http://home.att.net/~cherokee67/mediatests.html
JPEG 2000 and TIFF images at http://plugindoc.mozdev.org/testpages/index.html

After adding the MediaWrap Firefox extension from https://addons.mozilla.org/en-US/firefox/addon/1879, Firefox successfully plays the embedded WMV at http://home.att.net/~cherokee67/mediatests.html
WMP 11 test at http://plugindoc.mozdev.org/testpages/index.html
Note that the MediaWrap support page is in Chinese, which can be translated using http://translate.google.com/

After adding Adobe Reader Lite from http://www.majorgeeks.com/Adobe_Reader_Lite_d5915.html, Firefox successfully displays the PDF test at http://plugindoc.mozdev.org/testpages/index.html

After adding Flash Player from http://get.adobe.com/flashplayer/, Firefox successfully plays Flash at http://www.adobe.com/software/flash/about/
Streaming Flash videos at Video News - CNN

After adding Shockwave Player from http://get.adobe.com/shockwave/, Firefox successfully plays Shockwave at http://www.adobe.com/shockwave/welcome/

After adding Java (offline) from http://www.java.com/en/download/manual.jsp, Firefox successfully plays Java at http://www.javatester.org/enabled.html
http://www.java.com/en/download/help/testvm.xml
http://www.java.com/en/download/installed.jsp?verify

After adding Real Alternative Lite from http://codecguide.com/about_real.htm, Firefox successfully plays the embedded RealPlayer video at http://home.att.net/~cherokee67/mediatests.html
Since embedded RealPlayer content is rare these days, most users would not notice if Real Alternative Lite was omitted (except for lower memory and disk space usage). Note above that non-embedded Real Player works fine without Real Alternative Lite.

The only site I am having a problem with in Firefox is the steaming MP3 file at http://home.att.net/~cherokee67/mediatests.html
The page source contains a link to http://home.att.net/~cherokee68/mp3stream.m3u, which launches VLC and plays OK. The page source shows two MIME types: application/x-mplayer2 (handled by the VLC plug-in) and application/x-oleobject (ActiveX, not listed by any plug-in within about:plugins). Since the embedded WMV file on the same site has the same MIME types and plays OK in Firefox, I don’t understand why this streaming MP3 fails. Especially since streaming MP3 works at http://www.wxyc.org/programming/listen/help/
I would appreciate any help folks can offer.

Other than this one anomaly, Firefox with VLC and the above plug-ins are playing all media on all web pages I have tried. I may load Media Player Classic (maybe Homecinema version) if I want to watch long videos on my PC where I want the best quality. My understanding is that, with the WMP plug-in disabled in Firefox, no web content will automatically launch MPC. This gives some protection again vulnerabilities in the DirectShow framework, like the one that inspired this topic.