InfoWorld
Lead with Knowledge
HOME/ SITEMAP
SUBJECT INDEXES
App Development
Broadband
Business Intell.
Business News
Business Strategies
Careers & Mgmt
Collab. Software
Content Mgmt
CRM
Database
E-Business
End-User Apps
End-User Hardware
Enterprise Apps
Ethics
Government
Licensing
Middleware
Mobile Computing
Networking
Online Community
Operating Systems
Processors
Security
Servers
Storage
Telecomm.
Web Services
Web Technologies
Wireless
XSPs
NEWS
CTO ZONE
TEST CENTER
FEATURES
COMMUNITY
OPINIONS
RESEARCH
EVENT
WEBCASTS
ABOUT InfoWorld
ABOUT US
About InfoWorld
Services
Advertise
Contact us
Employment
WHITE PAPERS

Learn to secure your PCs from new and unknown hacker attacks.

Free IDC White Paper - Discover Secure File Sharing for the Enterpriseattacks.
SEARCH:  
Home  //  Article
Print Article    Email Article
Window Manager
Brian Livingston
That sound you hear may be Media Player introducing a virus into your computer

JUST WHEN YOU thought it was safe to play music on your PC, a new virus threat has emerged. This one runs secretly when you play what you thought was an ordinary Windows Media Player file or when you visit a Web site that plays the file automatically.

New viruses, of course, appear every day. But this one is different. The Media Player file that makes this threat possible -- known as an ASX or Active Stream Redirector file -- isn't an executable program. It's supposedly just data. What's next? Plain-text files that introduce a virus to your PC when you open the text in Notepad? Nothing would surprise me anymore, although I don't think anyone's found a way to compromise Notepad yet.

But the weakness in Media Player illustrates the kinds of problems that arise from Microsoft's insistence on bundling more and more applications into Windows.

I wrote in my Sept. 11 column ("Windows Me, You Jane: How do you tame the new 800-pound gorilla from Microsoft?") that Microsoft had bundled Media Player 7 into Windows Me in such a way that the player could not be easily uninstalled. Presumably, the Redmond, Wash., company did this to wipe out competing players from Real Networks and others.

I demonstrated how to remove Media Player and other flotsam from Windows Me and Windows 98, using Win98 Lite (see www.98lite.net/products.html). But most people will never perform this kind of surgery on their operating system. So we're left with a new security flaw to guard against.

The ASX virus threat occurs because versions 6.4 and 7.0 of Media Player don't prevent an ASX file from running hidden executable code. This code can install and run any software it wishes on your machine. This software, in turn, can do anything you have the privileges to do, according to a bulletin from Watchguard Technologies (www.watchguard.com). This includes sending e-mail and modifying or deleting any files you can access. If you have privileges on a network, the virus can access those files too.

Ordinarily, an ASX file doesn't contain any streaming media. Instead, it's used to point to a location on an intranet or Internet site from which media files are run.

But this doesn't make things any less dangerous. An ASX file can be run automatically when you visit a Web page. A malicious Web site operator might use it to plant a Trojan horse on as many PCs as possible in order to gain access to confidential information.

An ASX file can also run automatically in an e-mail message you receive. As we've seen from the Melissa virus and others, a harmful e-mail can easily be made to look like a message from a trusted friend.

Once upon a time, a virus could infect your PC via e-mail only if you opened a malicious attachment. And, like any data file, an ASX file can in fact be sent to you as an attachment.

However, as I've written before, viruses can now run without you opening an attachment. The default settings of Microsoft Outlook and Outlook Express automatically run harmful code in HTML e-mail you receive. Simply viewing an HTML message in these and some other e-mail applications can open a browser window. This, in turn, executes an ASX file on your PC.

I explained in my Dec. 27, 1999, column ("'Moles' are one thing, but malicious e-mails are an even worse form of Web abuse,") how you can disable "mobile code" from running in your e-mail and your browser. The procedure restricts programs using ActiveX and Java from executing without your knowledge.

Fortunately, Microsoft has released patches that fix the ASX problem. (They also guard against, of all things, graphical overlays called "skins" that have been hacked to carry viruses.)

The patches and a FAQ that explains the problem in more detail are available at www.microsoft.com/technet/security/bulletin/MS00-090.asp.

Another interesting view of this problem is available from Ollie Whitehouse, who reported the issue to Microsoft. He provides sample code that illustrates the security flaw using Windows 2000 with Service Pack 1 as an example. (Go to www.securityfocus.com/archive/1/146639.)

The biggest issue, of course, is when Microsoft will require outside security audits before releasing new products. The ASX virus flaw is the 90th security weakness reported on Microsoft's Web site this year alone. At some point, even companies that are addicted to Microsoft products will say "enough."

Get Livingston free by e-mail

You can now receive this column every Monday, free by e-mail. Go to www.iwsubscribe.com/newsletters and click Window Manager.


Brian Livingston's latest book is Windows Me Secrets (IDG Books). Send tips to brian_livingston@infoworld.com. He regrets that he cannot answer individual questions.



RELATED SUBJECTS

Operating Systems
MORE >
SUBSCRIBE TO:    E-mail Newsletters  InfoWorld Mobile InfoWorld Magazine
Home  //  Article Print Article    Email Article
Back to Top
 ADVERTISEMENT
 

SPONSORED LINKS

Download the J.D. Edwards CRM white paper. Visit jdedwards.com/crmpaper
Gateway: Your Reliable IT Provider of Business Technology Solutions
Learn to secure your PCs from new and unknown hacker attacks.
Get FREE Hurwitz Report: Control Your App Dev Costs with TogetherSoft!
Click here to receive a FREE Success Kit from Oracle.

SUBSCRIBE
E-mail Newsletters
InfoWorld Mobile
Print Magazine

Web-based training
ABOUT INFOWORLD  |  SITE MAP  |  EMPLOYMENT  |  PRIVACY  |   CONTACT US

Copyright 2001 InfoWorld Media Group, Inc.