InfoWorld
Lead with Knowledge
HOME/ SITEMAP
SUBJECT INDEXES
ABOUT US
WHITE PAPERS

Learn to secure your PCs from new and unknown hacker attacks.

Free IDC White Paper - Discover Secure File Sharing for the Enterpriseattacks.

SEARCH:  
Home  //  Article
Print Article    Email Article
Window Manager
Brian Livingston
That sound you hear may be Media Player introducing a virus into your computer

JUST WHEN YOU thought it was safe to play music on your PC, a new virus threat has emerged. This one runs secretly when you play what you thought was an ordinary Windows Media Player file or when you visit a Web site that plays the file automatically.

New viruses, of course, appear every day. But this one is different. The Media Player file that makes this threat possible -- known as an ASX or Active Stream Redirector file -- isn't an executable program. It's supposedly just data. What's next? Plain-text files that introduce a virus to your PC when you open the text in Notepad? Nothing would surprise me anymore, although I don't think anyone's found a way to compromise Notepad yet.

But the weakness in Media Player illustrates the kinds of problems that arise from Microsoft's insistence on bundling more and more applications into Windows.

I wrote in my Sept. 11 column ("Windows Me, You Jane: How do you tame the new 800-pound gorilla from Microsoft?") that Microsoft had bundled Media Player 7 into Windows Me in such a way that the player could not be easily uninstalled. Presumably, the Redmond, Wash., company did this to wipe out competing players from Real Networks and others.

I demonstrated how to remove Media Player and other flotsam from Windows Me and Windows 98, using Win98 Lite (see www.98lite.net/products.html). But most people will never perform this kind of surgery on their operating system. So we're left with a new security flaw to guard against.

The ASX virus threat occurs because versions 6.4 and 7.0 of Media Player don't prevent an ASX file from running hidden executable code. This code can install and run any software it wishes on your machine. This software, in turn, can do anything you have the privileges to do, according to a bulletin from Watchguard Technologies (www.watchguard.com). This includes sending e-mail and modifying or deleting any files you can access. If you have privileges on a network, the virus can access those files too.

Ordinarily, an ASX file doesn't contain any streaming media. Instead, it's used to point to a location on an intranet or Internet site from which media files are run.

But this doesn't make things any less dangerous. An ASX file can be run automatically when you visit a Web page. A malicious Web site operator might use it to plant a Trojan horse on as many PCs as possible in order to gain access to confidential information.

An ASX file can also run automatically in an e-mail message you receive. As we've seen from the Melissa virus and others, a harmful e-mail can easily be made to look like a message from a trusted friend.

Once upon a time, a virus could infect your PC via e-mail only if you opened a malicious attachment. And, like any data file, an ASX file can in fact be sent to you as an attachment.

However, as I've written before, viruses can now run without you opening an attachment. The default settings of Microsoft Outlook and Outlook Express automatically run harmful code in HTML e-mail you receive. Simply viewing an HTML message in these and some other e-mail applications can open a browser window. This, in turn, executes an ASX file on your PC.

I explained in my Dec. 27, 1999, column ("'Moles' are one thing, but malicious e-mails are an even worse form of Web abuse,") how you can disable "mobile code" from running in your e-mail and your browser. The procedure restricts programs using ActiveX and Java from executing without your knowledge.

Fortunately, Microsoft has released patches that fix the ASX problem. (They also guard against, of all things, graphical overlays called "skins" that have been hacked to carry viruses.)

The patches and a FAQ that explains the problem in more detail are available at www.microsoft.com/technet/security/bulletin/MS00-090.asp.

Another interesting view of this problem is available from Ollie Whitehouse, who reported the issue to Microsoft. He provides sample code that illustrates the security flaw using Windows 2000 with Service Pack 1 as an example. (Go to www.securityfocus.com/archive/1/146639.)

The biggest issue, of course, is when Microsoft will require outside security audits before releasing new products. The ASX virus flaw is the 90th security weakness reported on Microsoft's Web site this year alone. At some point, even companies that are addicted to Microsoft products will say "enough."

Get Livingston free by e-mail

You can now receive this column every Monday, free by e-mail. Go to www.iwsubscribe.com/newsletters and click Window Manager.






RELATED SUBJECTS

Operating Systems

MORE >
SUBSCRIBE TO:    E-mail Newsletters  InfoWorld Mobile InfoWorld Magazine
Home  //  Article Print Article    Email Article
Back to Top
 ADVERTISEMENT
 

SPONSORED LINKS

Download the J.D. Edwards CRM white paper. Visit jdedwards.com/crmpaper
Gateway: Your Reliable IT Provider of Business Technology Solutions
Learn to secure your PCs from new and unknown hacker attacks.
Get FREE Hurwitz Report: Control Your App Dev Costs with TogetherSoft!
Click here to receive a FREE Success Kit from Oracle.

SUBSCRIBE
E-mail Newsletters
InfoWorld Mobile
Print Magazine

Web-based training
ABOUT INFOWORLD  |  SITE MAP  |  EMPLOYMENT  |  PRIVACY  |   CONTACT US

Copyright 2001 InfoWorld Media Group, Inc.