dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
16752
eburger68
Premium Member
join:2001-04-28

4 edits

2 recommendations

eburger68

Premium Member

Blaming the User: MS & WMP Adware Installations

 
Hi All:

By now I'm assuming that the majority of you are familiar with the Windows Media Player adware story, which has been covered here in several previous posts at DSLR:

»Adware Installed through WMA Files
»WMP Adware: A Case Study in Deception

Ben Edelman has also posted an excellent write-up on this problem:

»www.benedelman.org/news/ ··· 5-1.html

Having mulled the situation, which sees adware vendors exploiting the DRM license acquisition process in Windows Media Player to spring unwanted spyware and adware on unsuspecting users who attempt to play Windows Media Player files, Microsoft has decided to do precisely NOTHING.

As reported by eWeek today ( »www.eweek.com/article2/0 ··· 8,00.asp
):
said by eWeek:
Microsoft Corp. says it has no plans to change the way its Windows Media Player handles the download of DRM licenses.

Amid reports that malicious hackers are using the anti-piracy mechanism to infect computers with spyware, adware, dialers and computer viruses, Microsoft officials stressed that the latest attack scenario does not exploit a vulnerability in the software.

"Not every problem comes with an automatic technology solution. In this case, the priority is to educate users and get them to understand the importance of not downloading files from untrusted sources," said Mike Coleman, lead product manager with Microsoft's Windows division.

"If strangers are trying to entice you to open a file, chances are they're setting you up for a bad experience. We need to continue our work on getting people to understand what's going on and get them to develop better download habits," Coleman told eWEEK.com.
In other words, Microsoft thinks that users are the problem for clicking through installation prompts that are presented in confusing and deceptive circumstances, even when, as we noted earlier ( »WMP Adware: A Case Study in Deception ), those installations will appear to many if not most users as required to allow the Windows Media Player file to play.

Indeed, adware vendors have already started tailoring their installations to maximize user confusion during the license acquisition process, which may require them to install a legitimate Microsoft "security upgrade" for Windows Media Player. Users who encounter that legitimate upgrade could easily be fooled by the adware installation prompts that follow, some of which also appear to be required Windows Media Player Upgrades (see screenshot # 1) or required files to enable the media file to play (see screenshot # 2).

Thus, Microsoft's admonition that users simply get educated and avoid "downloading files from untrusted sources" is patently ridiculous, since Microsoft's own software has essentially set the stage for users to be completely baffled over just what is and is not a "trusted source." (Is Microsoft now going to admit that vendors who acquire digital certs to use for Windows Media DRM-protected "secure content" are not trustworthy sources? Is Microsoft now going to admit that Windows Media files themselves are potentially dangerous, non-secure content?) Moreover, Coleman's advice that users avoid opening files from strangers is a non-starter, since the whole point of the DRM license acquisition process is to download and acquire a file required to allow the media file to play.

Incredibly, Microsoft went on to plug Windows XP SP2 as the solution:
said by eWeek:
Microsoft's Coleman said the company takes all security risks seriously and urged Windows users to take advantage of the protections built into Windows XP Service Pack 2.

"Computers with SP2 would block those pop-ups and block the installation of ActiveX controls. So, in addition to increasing risk awareness and promoting best practices, we have built protections into SP2."
As Ed Bott and others have noted, however, SP2 for Windows XP will protect users only if they're also using Windows Media Player 10, not an earlier version of Windows Media Player -- see:

»www.edbott.com/weblog/ar ··· 340.html

With Windows Media Player 9 installed, even SP2 users will encounter the deceptive, confusing ActiveX installation prompts that were documented in my previous post on this issue here at DSLR ( »WMP Adware: A Case Study in Deception ). Still worse, as Ben Edelman pointed out in a recent email to me, Microsoft's blind emphasis on the security advantages of SP2 could have the effect of giving SP2 users a false sense of security:
said by Ben Edelman:
Since a SP2 computer would otherwise show no ActiveX installation warnings (as users surf web pages), users with SP2 (but not WMP10) may conclude that any installation warnings they do receive (e.g. via WMP) must be legitimate. (After all, SP2 blocks all the illegitimate warnings, or so they've mistakenly been told.) Such a conclusion is all the more likely and natural when the installation warnings say "required update" or similar, as many of them do.
Adding insult to injury, Microsoft recommended to eWeek that users who fall victim to this deceptive adware installation process simply turn to Microsoft's new anti-spyware program:
said by eWeek:
Coleman also recommended the use of Microsoft's new anti-spyware software, which is capable of detecting and deleting unwanted programs.
All in all this is a completely inadequate response from Microsoft. At the end of my previous post here at DSLR on this issue I wrote ( »WMP Adware: A Case Study in Deception ):
said by Eric L. Howes:
What we need from Microsoft is a swift fix for the problems summarized here, not attempts to minimize and pooh-pooh the risk or to subtly suggest that users are the problem for not upgrading to XP SP2 and for clicking through installation prompts. As I stressed in an earlier post here at DSLR, it is absolutely inexcusable that media files should have ever become a vehicle for pushing spyware and adware on unsuspecting users. Media files should simply not be a vehicle for adware installations. Period. That there are preventative measures for this unwelcome behavior and functionality is no excuse for the problem itself. It should have never existed in the first place.
Microsoft has done just what I urged it NOT to do: pooh-pooh the risk, blame the user, and insist that everyone upgrade to the latest version of its software. Given this sorry performance, one really has to wonder whether at this late date Microsoft truly "gets" the problem with spyware and adware.

Best,

Eric L. Howes
bedelman0
Premium Member
join:2004-06-20
Cambridge, MA

2 recommendations

bedelman0

Premium Member

Microsoft gets it wrong: SP2 alone is not enough

I want to reiterate a point Eric made, but arguably didn't sufficiently emphasize, above:

Microsoft's Coleman told eWeek: "Computers with SP2 would block those pop-ups."

That's WRONG. No two ways about it. SP2 alone does not block these popups. Only SP2 with WMP10 blocks these popups.

So not only is Microsoft failing to provide a patch (a subject for another day), but they're also giving out affirmatively incorrect information in their statements to the press. This was no doubt just a mistake by Coleman. But it's quite a mistake to make, and awfully convenient for him -- it makes the problem sound considerably less serious than it actually is.

Fact is, the millions of users with SP2 but without WMP10 are not protected. But if they read Coleman's quote, without finding the resources linked in Eric's message above, they'd never know that they're still at risk.
eburger68
Premium Member
join:2001-04-28

eburger68

Premium Member

Re: Blaming the User: MS & WMP Adware Installation

Ben:

Thanks for amplifying that point, which is indeed an important one.

Best,

Eric L. Howes
psloss
Premium Member
join:2002-02-24

psloss to eburger68

Premium Member

to eburger68
Yuck. Those quotes make it sound like they're marketing "Windows XP Reduced Media Edition" here in the U.S.

Sorry for not having read through all of this yet, but do you guys have a page/section describing ways to mitigate this on desktops with pre WMP 10 versions?

Thanks for keeping us up-to-date,

Philip Sloss
suzi5
Premium Member
join:2004-05-01

suzi5 to eburger68

Premium Member

to eburger68

Re: Blaming the User: MS & WMP Adware Installations

The buzz in the anti-spyware community is that Microsoft is very concerned about spyware. The eWeek article says Mike Coleman is from Microsoft's Windows division. If Microsoft is serious about dealing with spyware, I'd like to know what the MS security division would say about this. Service Pack 2 and the beta Antispyware are just not sufficient. Something else has to be done. I just cannot comprehend Mr. Coleman's response.

mers2
Premium Member
join:2004-03-20
USA

mers2

Premium Member

Re: Blaming the User: MS & WMP Adware Installation

said by suzi5:

The buzz in the anti-spyware community is that Microsoft is very concerned about spyware. The eWeek article says Mike Coleman is from Microsoft's Windows division. If Microsoft is serious about dealing with spyware, I'd like to know what the MS security division would say about this. Service Pack 2 and the beta Antispyware are just not sufficient. Something else has to be done. I just cannot comprehend Mr. Coleman's response.
Between MS's response to the WMP problem and the fact they took Giant and immediately reworked it so it would not run on Win9x machines I'm beginning to think Microsoft's concern about spyware was more for PR purposes. They had me convinced otherwise until all of this.
Scaramouche8
join:2004-09-10
Philippines

Scaramouche8 to eburger68

Member

to eburger68

Re: Blaming the User: MS & WMP Adware Installations

I'm not sure what to say to this, as it seems very boldly unaccommodating to Microsoft's customers. It is similar to all of the ActiveX exploits in that yes, it's an enormous security flaw that no one has bothered to educate users about but it's also more convenient for Microsoft for it to stay the way it is.

Unfortunately it looks like the way the DRM-update mechanism was designed is pretty ripe for exploitation and unless Microsoft wants to A)temporarily completely break their DRM system or B)monitor all DRM upgrade traffic personally they can't or won't do anything about it.

keith2468
Premium Member
join:2001-02-03
Winnipeg, MB

1 edit

4 recommendations

keith2468 to eburger68

Premium Member

to eburger68

Where are the FTC and FCC in all this?

A weak response from MS. And surely they could do something to fix the immediate problem.

But what about the hundreds of other security vulnerabilities waiting to be discovered (or discovered and not published). And what about the non-MS vulnerabilities?

This vandalism isn't a purely technical issue. There are also criminal acts involved. Computers are not writing the malware themselves. Computers aren't selling the advertising. Computers aren't buying the advertising. Criminals are.

So where are the FTC and FCC in all this?

Why aren't they prosecuting those who use fraud to install software on systems?

Why aren't they prosecuting those who pay others to use fraud to install software on systems?

There comes a point when we have to stop blaming Ford and GM for the fact that the paint and windshields on their vehicles can be so easily vandalized, and start throwing the vandals in jail.

And if the cops won't do it, replace the cops.

A paint engineer might observe that it is technically possible to create auto paint jobs that can't be vandalized with a simple hand-held nail.

And a glass engineer might observe that it is possible to create auto glass that cannot be vandalized with a mere punch-press.

Their technical training might cause them to see the vandalism and its effects as purely technical weaknesses that we have long had the technology to overcome.

But could customers afford vehicles with that kind of protection through technical means?

And if consumers could those upgrades, wouldn't the vandals simply go after other parts of the car: the tires, the mirrors, etc.? So those aspects of the car would have to be upgraded, and vehicle cost would go up even more. Could consumers afford that?

And why should consumers have to pay a higher price to stop criminals? Shouldn't it be the criminals being punished instead of consumers?

It is the same with software.

More security checks generally mean more programming. Programmers cost money, so the price of software goes up.

And generally the more security checks in software the more horsepower the PC needs to have to run it. A faster CPU and more memory means a higher price tag, and earlier obsolescence. (Ask a gamer about the effects of AV, AS and firewalls, and they are only the outer layer of protection, a layer that can be turned off on demand. The inner layers of protection can't be turned off. They are just always there using up cycles whenever their programs are doing work.)

I'm disappointed in MS for sure.

But this isn't a purely technical issue, so I'm also disappointed in law enforcement, the courts, and legislators.
bobince
join:2002-04-19
DE

bobince to eburger68

Member

to eburger68

Re: Blaming the User: MS & WMP Adware Installation

MS rigged the Windows Media DRM process so that not just anyone can 'protect' a file - you need a certificate from one of Microsoft's approved partners, who will bill you handsomely for it.

So Microsoft gets paid for every DRM-afflicted file made. Why would they want to stop their parasite-distributing partners whacking out the files?
astirusty
Premium Member
join:2000-12-23
Henderson, NV

astirusty to eburger68

Premium Member

to eburger68
M$ is out of touch with reality and trying to shift their problem as a burden onto the users.

It might be reasonable for M$ expect the security conscious people here (and the security paranoid) to understand and catch the deception presented via Windows Media Player's Security warning, but not the other 99% of the Windows users. The simple fact is Windows OS and the tied in Apps (IE, WMP) are targeted towards the general public as non-professional consumers and you can't expect them to know when a trusted application is actually presenting a bogus "verified" certificate.
Nanaki (banned)
aka novaflare. pull punches? Na
join:2002-01-24
Akron, OH

1 recommendation

Nanaki (banned) to keith2468

Member

to keith2468

Re: Where are the FTC and FCC in all this?

perfectly put. Keith

Software authors writing legitimate software cant be held 100% responsible for bugs that crop up in the software. I made a point useing calulator one of the smallest apps included with windows. There have been 1 or 2 exploits to crash calc these were exploitable with plain old html based on 1.0 spec. It didnt matter what browser was used if it followed html 1.0 spec it would cause calc to crash. There have been many other examples of such things not all crash triggers were aimed at ms products. One could cause a little messenger app wrote in vb to crash app was called powerpager. Has been other examples as well. So who in this case would be to blaim MS beause vb is a crappy programing language? The people who made the browser that read the code that caused the crash? Or the people who came up with the html 1.0 spec? Who should be held responsible for the crashes? None of those listed thats for sure. The people who Knowingly exploit the flaw should be the ones held responsible for their actions.

Now should ms do something about it? Sure they should when they have the time to do so.
The ones who should be takeing imidiate action is as you said ftc and fcc. Simple fact unless these gov agencies do something even when this sec hole is patched by ms another will be found and used. Windows code base is huge as is wmps and any thing related to windows.

Heres a example for you im a mmorpg gamer currently playing rubies of eventide. If i found a exploitable bug and used it to help my char out and make him in to a god in the game and then got susspended for my use of that exploit who is to blaim. Me or the developers for not finding that bug that i used to cheat? Obviously it would be me not the developers.
Infact bugs that are exploited in games can damage all the chars on a game server in some cases. So not only would i be able to get suspended i could infact be in deep legal trouble.
Personaly if i was microsoft what i would do is file suit agaisnt these companies useing exploits and the like to infect other peoples computers. And i would make a huge show of it to i would get it all over the media tv radio and print (print includeing internet mags).

Id say hey look the bug is there we know it is a bad one but there are other bugs that are much more important that need to be addressed first.

The above statement is most probably true. Unless you work for ms as a programer and are privy to that knowlage you have no way of knowing what they are doing.

Even if ms lost such a suit it would still be enough to scare some spyware authors to the point where the would stop writing the applications.

MS tells us to not visit sites we dont trust great advice. Im bettign most of these video clips that are trying to install this stuff are infact porn sites. Every one should know by now not to download any thing from porn sites they are not trust worthy in any way shape or form period.

Again ms should fix this as soon as possible. But the blaim does not fall only to them it is ours ms in some small way and the authors of the sites and apps.

paranoidxe
Premium Member
join:2002-03-29
Ogden, UT

paranoidxe to eburger68

Premium Member

to eburger68

Re: Blaming the User: MS & WMP Adware Installation

To make it short and sweet...Microsoft should HAVE never created ActiveX without fully backing it..its obvious they failed to make it secure and they fail to patch holes.
thedip
join:2001-02-09
Beaver Falls, PA

thedip to eburger68

Member

to eburger68
I mean no disrespect, but does anyone else see an ironic parallel between this and the articles/discussion regarding people fed up and leaving the internet from the deluge of spyware/junk? In the latter, the solution from more tech-savvy users is education. 'if they just educated themselves, they'd be fine.' 'they should know not to trust everything that is free.' I read many comments with those two emphasized.

Now the shoe is on the other foot. Where are these files that have bad DRM licenses (to infect computers) coming from? I haven't seen any by going to normal corporate streams, or downloading news clips or what have you. I assume that most of these come from p2p and 'shady' places. Should not the same logic apply, that you can't trust everything that's free? 'education' and all that jazz.

Do I think that this is purely a user problem? Certainly not. Just as much as it isn't purely a user problem with regards to spyware and spam. But users are to blame to some respect. The majority of comments on this DRM fiasco lead me to believe most people think otherwise.

anonpornman
@snet.net

anonpornman

Anon

Maybe Ms should Provide a patch that will remove this DRM program from my computer

Varlik
Without Honor You Will Never Be Free
Premium Member
join:2002-01-06
Anderson, SC

4 edits

1 recommendation

Varlik to eburger68

Premium Member

to eburger68

Re: Blaming the User: MS & WMP Adware Installations

said by eburger68:

Given this sorry performance, one really has to wonder whether at this late date Microsoft truly "gets" the problem with spyware and adware.
I've come to the conclusion that they understand it all too well. And IMO having weighed the pros and cons of which road to take and the repercussions of doing so have turned down the path they're on.

They've realized that fixing things right will cost them big money. And that by buying into the vicious system that's in place they can regulate it and make money off of it too boot. M$ might not be for sell but my gut tells me that access to all the PC's running their OS is.
pchelp7
join:2001-03-05
Manson, WA

1 edit

pchelp7 to keith2468

Member

to keith2468

Re: Where are the FTC and FCC in all this?

First and foremost, I want to acknowledge Eric Howes and Ben Edelman for their excellent work and undoubtedly costly efforts (at very least in terms of their time) in pursuit of this issue.

They're both bang on the mark. It's a real issue for millions of users, and but for Microsoft's grave errors (which are fully in character with past history), it would never have existed.

Keep the pressure on, guys.

Keith 2468, you make a very good point...
said by keith2468:


This vandalism isn't a purely technical issue. There are also criminal acts involved. Computers are not writing the malware themselves. Computers aren't selling the advertising. Computers aren't buying the advertising. Criminals are.

So where are the FTC and FCC in all this?

Why aren't they prosecuting those who use fraud to install software on systems?

Why aren't they prosecuting those who pay others to use fraud to install software on systems?
I agree completely with that, but your analogy:
A paint engineer might observe that it is technically possible to create auto paint jobs that can't be vandalized with a simple hand-held nail.

And a glass engineer might observe that it is possible to create auto glass that cannot be vandalized with a mere punch-press.
... doesn't really hold up, because it is couched in terms of cost. The cost of improved software, at least in this particular respect, is essentially zero to the user.

Also this reasoning...
And if consumers could those upgrades, wouldn't the vandals simply go after other parts of the car: the tires, the mirrors, etc.?
... while it has merit, is a fact of life in the worlds of software and cyberspace regardless. And also regardless of other known or as-yet unanticipated vulnerabilities, it remains Microsoft's responsibility to correct its software. And again you point to cost:
So those aspects of the car would have to be upgraded, and vehicle cost would go up even more. Could consumers afford that?
Though relevant at times, in the current case it is not. The WMP software is essentially free of charge, provided (albeit arguably in violation of antitrust law or principles) free of charge to users.

The very least Microsoft can do if it's going to be allowed [to] leverage its monopoly to foist this software (not to mention its scary "rights management") upon literally the entire world, is to make it a safe product to use.

I agree nonetheless that the spyware criminals -- and that's exactly what most of them are -- are at least as valid a target as Microsoft.

These entities manage, on the whole, to escape the wrath of the users they victimize; in part by abuse of EULAs, but also for lack of regulation and enforcement by such as the FTC. It is a shameful situation. Users are at an enormous disadvantage, and there's no end in sight, while those who should act do nothing.

It's up to us to be vigilant, to help and inform one another, and to demand better of those responsible.

pchelp
suzi5
Premium Member
join:2004-05-01

suzi5 to eburger68

Premium Member

to eburger68

Re: Blaming the User: MS & WMP Adware Installations

News update:

»news.com.com/Microsoft+N ··· nefd.top
quote:
A Microsoft representative said the software company was continuing to pursue the problem.

"We are concerned, because it is behavior inconsistent with what we would do with our DRM," said Mike Coleman, lead product manager for Microsoft's Windows client consumer division.

Microsoft is planning to release an update to the Windows Media Player that will shut down a file's ability to automatically pop up a Web page, unless the user turns that function on, a representative said.
eburger68
Premium Member
join:2001-04-28

eburger68

Premium Member

Re: Blaming the User: MS & WMP Adware Installation

Suzi:

Thanks for posting that. Very interesting. I wish Microsoft would get its story straight, but if they are now planning to release an update to mitigate the possibility that users can be bamboozled by deceptive adware pop-ups spawned by Windows Media Player files, then that is a decision to be applauded.

Eric L. Howes

White Noise
join:2004-12-04
Bow, WA

1 recommendation

White Noise to eburger68

Member

to eburger68

Re: Blaming the User: MS & WMP Adware Installations

MS should at least alter the dialogs to allow human beings to read them. I know this doesn't solve the problem and I'm sorry for saying it, but get a Macintosh. As a person who has actually written Mac OS dialog text, I can tell you with some authority that they don't leave you feeling stupid... unless you are, in which case no OS will likely help.

I'm not trying to seed a Mac vs. Windows debate. I'm just pointing out that even if everything else about the Mac turns your stomach, it's got understandable dialogs and a WMP client. Oh, and I don't even know what Adware looks like. Maybe some kind Windows user can post a picture for me or something.

Cheers.
Shadye
Premium Member
join:2004-10-21
Fallbrook, CA

Shadye to eburger68

Premium Member

to eburger68
I don't get it. You can click "No". It's not like you open the WMV and your system is suddenly full of adware.
What if I made some new codec that installed adware and then started putting stuff on p2p networks that required said codec?
Blaming Microsoft because someone clicks "Yes" is the same as blaming GM for making cars where people can steer them off cliffs.
edbott
join:2005-01-02
Scottsdale, AZ

edbott

Member

Re: Blaming the User: MS & WMP Adware Installation

I agree with Eric. The following is an excerpt from a longer entry I posted here:

»www.edbott.com/weblog/ar ··· 388.html

Mr. Coleman doesn’t get it. In a narrow sense, it is true that this does not represent a vulnerability that can cause software to be automatically installed. However, there are at least two security issues that need to be addressed here:

1. Windows Media Player 9 is able to bypass crucial protective mechanisms in Service Pack 2 and display ActiveX download dialog boxes that force the user to make a decision about installing software. As Microsoft’s official white paper on changes to functionality in SP2 states: “Providing add-on install prompts in the Information Bar rather than a dialog box reduces the occurrences of users inadvertently installing code on their computer.” As I documented earlier, Windows Media Player 10 behaves properly. This is a bug and should be fixed.

2. In all versions of Windows, an attacker can misuse a feature of Windows Media Player 9 that is designed to provide information about licenses to the user. The HTML code called by WMP 9 opens in the Internet security zone. This is unsafe. Several years ago, Microsoft redesigned Outlook Express so that all code in HTML-formatted messages runs in the Restricted zone. They should do the same with Windows Media Player. This step wouldn’t restrict the functionality of informational messages or the Windows Media Guide, but it would eliminate the ability of attackers to exploit the connection between the browser and the player.

I really hope someone from the security group at Microsoft is working on this problem even as we speak.
Jrb2
Premium Member
join:2001-08-31

1 edit

Jrb2 to eburger68

Premium Member

to eburger68

Re: Blaming the User: MS & WMP Adware Installations

Thanks to Eric and Ben !!!

As for criminals vs MS responsible:
Yes, criminals should be brought into the courtroom.
But who paved the way so they could do this? MS !
So who should also be brought into the courtroom? MS !

BTW : remember that, as far as I know, the European Union has ordered MS to come with a Windows version without WMP.
Shadye
Premium Member
join:2004-10-21
Fallbrook, CA

Shadye to edbott

Premium Member

to edbott

Re: Blaming the User: MS & WMP Adware Installation

#1. Context issue. They were refering to IE & ActiveX downloads. Some webpages would keep popping up the ActiveX prompt if you clicked "No." WMP is not IE and SP2's security enhancements are unrelated. It's the same if I made an app that would download an ActiveX control if the file required one.

#2. So it opens a web page? If I send you a .htm and you double click it, should it also open in the Restricted Zone?
suzi5
Premium Member
join:2004-05-01

1 edit

suzi5 to Shadye

Premium Member

to Shadye

Re: Blaming the User: MS & WMP Adware Installations

said by Shadye:

I don't get it. You can click "No". It's not like you open the WMV and your system is suddenly full of adware.
What if I made some new codec that installed adware and then started putting stuff on p2p networks that required said codec?
Blaming Microsoft because someone clicks "Yes" is the same as blaming GM for making cars where people can steer them off cliffs.
If you read Andrew Clover's write up here and watch the video he created (link is in his article), you can see that clicking "No" did not stop the process.

»www.doxdesk.com/updates/ ··· 20050111

Excerpt:
spyware ActiveX drive-by downloaders that are ‘aggressive’—that is, if you turn them down they keep popping up again, making IE unusable until you or they give up, or you hit ctrl-alt-delete and kill IE completely;

full-screen chromeless browser windows that offer no way to close them—here you have to know to press Alt+F4 to close the window, or, again, ctrl-alt-delete and kill IE;

endless exit-pop-up loops, again only escapable by banging Alt+F4 fast enough or killing IE;

beastiality. Alcena are redirecting Overpeer file users to a site operated by Lexitrans (associated with dialler exploit scams and connected to organised crime). This spawns different affiliate porn site ads depending on where one is based: me, I got the horse sex. Nice.

Of course this clip only shows what happens if you manage to correctly refuse all the installations and get rid of the popups.
(emphasis mine)
edbott
join:2005-01-02
Scottsdale, AZ

edbott to Shadye

Member

to Shadye

Re: Blaming the User: MS & WMP Adware Installation

Shadye -

#1 is indeed IE. WMP is calling a hosted instance of IE. The behavior is correct in WMP10 and incorrect in WMP9.

#2 refers to expected behavior when another program opens a Web page. And yes, with SP2, if I send you an HTML file as an attachment, it opens in the Local Zone and is subject to more severe security restrictions than the local Internet zone.

You might want to read the white paper on changes in SP2:

»www.microsoft.com/techne ··· spx#EQAA
Shadye
Premium Member
join:2004-10-21
Fallbrook, CA

Shadye to suzi5

Premium Member

to suzi5

Re: Blaming the User: MS & WMP Adware Installations

As I mentioned in another thread, downloading & using an activex control is WMP not a SP2 IE related problem. Thats why only WMP10 fixes this. If Word downloaded ActiveX Controls that were used in .doc files you'd have the same issue and no way to properly stop if it had an aggressive script. Now replace "Word" with "Application X" to eliminate anti-MS bias.
Finally, even the video shows it's possible to refuse the installations and if necessary resort to task-manager. This is just the fault of the WMP10 team being naive.

T_Hoffman
join:2002-11-10
Clovis, CA

T_Hoffman to Shadye

Member

to Shadye

Re: Blaming the User: MS & WMP Adware Installation

I think my statement disagrees with everyone in here, I agree with M$. users need to wise up or dont use the computer at all. Why is it that everyone blames M$ for there problems, its getting ridiculous now. That Jpeg above shows a You must click yes box. Its completly a fake box, if a user doesn't know that is a bad sign and troubles await your clicking yes.

I agree with the analogy that its like blaming GM everytime someone steers of the road, if you can't steer the wheel then don't drive.

It sicking to see 90% of people in here bashing M$ for everything. Yet they still continue to use and use and use, when their is plany of other OS options for them to take. Fact is 80% aren't smart enough to take another route, until then i think all these people complaining are just hogwashing M$ cause its easy.

Go ahead disagree bash me, i dont care, ive used windows XP since beta time, NEVER ONCE had an extreme problem with my system. @14 i knew better then to click on some bullshit link, you don't think these other people can learn to avoid that crap.. come on now...
eburger68
Premium Member
join:2001-04-28

1 recommendation

eburger68 to Shadye

Premium Member

to Shadye
Shadeye:

You wrote
said by Shadye:

As I mentioned in another thread, downloading & using an activex control is WMP not a SP2 IE related problem. Thats why only WMP10 fixes this.
This is not correct. It is NOT the case that "only WMP 10 fixes this." WMP 10 alone with a non-XP SP2 version of IE will give you the same ActiveX installation prompts that other users without XP SP2 will see. WMP 10 enters into the equation only because it properly interacts with the security enhancements made to IE in XP SP2.
said by Shadye:

Finally, even the video shows it's possible to refuse the installations and if necessary resort to task-manager. This is just the fault of the WMP10 team being naive.
The problem with this observation is that:

a) The video shows the actions of a user (Andrew Clover) who is fully aware of the problem and who understands the installation process as well as the consequences of clicking through any of those pop-ups. Most users would never make it as far as Andrew did because they wouldn't have the advance knowledge that Andrew did. They'll simply see that they're being constantly prompted to install files -- which is the whole point of DRM license acquisition process in the first place -- that appear to be required to play the file.

2) As demonstrated in my previous major post on this issue ( »WMP Adware: A Case Study in Deception ), most users will find the DRM license acquisition process incredibly confusing because it combines the installation of both a legitimate WMP Security Upgrade with the acquistion of a license as well as a blizzard of installation prompts for other software programs, several of which are deceptively named or presented.

It is simply not reasonable to expect normal users to negotiate all those installation prompts correctly, esp. when adware vendors have gone out of their way to deceive users. That was the whole point of the security enhancements to Internet Explorer in XP SP2, and it will be the whole point to the forthcoming changes that Microsoft has announced to the DRM license acquisition process in Windows Media Player.

Eric L. Howes
eburger68

eburger68 to T_Hoffman

Premium Member

to T_Hoffman
T_Hoffman:

You wrote:
said by T_Hoffman:

Go ahead disagree bash me, i dont care,
That sounds like a reasonable deal to me. So long as you don't seem to care what the other folks in this thread have to say about the issue, I'm sure you won't mind if we disregard what you have to say as well.

Have a nice day.

Eric L. Howes
Mele20
Premium Member
join:2001-06-05
Hilo, HI

Mele20 to eburger68

Premium Member

to eburger68
Hmmm...I am unaffected on my XP Pro. I tried to play that demo file from doxdesk. It opened in Winamp which couldn't play it. So, then I right clicked on the file where I had saved it and chose WMP. I was rewarded with a very loud noise and a box that announced I had not installed WMP correctly and did I want to reinstall it. Ahhhhaaaaa! Of course, I don't want to reinstall it! I went to a lot of troube to get rid of that awful WMP version 9 with the DRM garbage and calling home constantly that you cannot stop without a software firewall which I don't need as I have a hardware firewall. Plus, I don't use applications that I can't control properly. So, I also did what "experts" claim can't be done. Along with yanking WMP version 9 off my box, I also yanked version 8 off because it too calls home and you can't stop it. That gave me WMP 6.4 as default. Very nice! That is the last good version of WMP.

It is the user's fault here. They should leave porn and stealing music, warez, etc. alone. They want to do that anyway then they deserve what happens. I do think though that Microsoft should make it much easier to yank WMP versions 10, 9 and 8 off one's box. MS did supply the command string to do this and that was nice of them but many users still would find too difficult. It should be easy to have WMP 6.4 default on XP and then you can use another player and not need to worry about WMP or use 6.4 which is just fine for playing most video files, etc.