Jump to content


Photo

QuickTime for Windows

watchout quicktime security risk

  • Please log in to reply
7 replies to this topic

#1 Andreas Lindemark

Andreas Lindemark

    Newbie

  • Member
  • Pip
  • 3 posts
  • LocationNorrköping, Sweden

Posted 15 April 2016 - 04:28 PM

Hi,

 

I just got an e-mail from my University IT security group, that they recommend everyone (at the university) to uninstall Apple QuickTime for Windows, since Apple Ends the Support,

 

References:

https://www.us-cert.gov/ncas/alerts/TA16-105A

http://blog.trendmicro.com/urgent-call-action-uninstall-quicktime-windows-today/

http://zerodayinitiative.com/advisories/ZDI-16-241/

http://zerodayinitiative.com/advisories/ZDI-16-242/

http://www.theregister.co.uk/2016/04/14/uninstall_quicktime_for_windows/

 

The IT security group also recommend not to use the QuickTime Alternative (uninstallation is recommended), since it hasn't been updated since 2010.

 

How will this affect WATCHOUT?

 

I guess if WATCHOUT Display is located in a network with no or limited access to the internet, then the problem isn't that big.

But most WATCHOUT Production is on computers that is being used for other things and might often be connected to internet.

 

I don't recommend any WATCHOUT customers to uninstall QuickTime, but to think on the risk and wait for Datatons recomendation (and hopefully some replacement).



#2 jfk

jfk

     

  • Administrator
  • 1,075 posts
  • LocationCincinnati, Ohio USA

Posted 15 April 2016 - 06:02 PM

Hi,
I just got an e-mail from my University IT security group, that they recommend everyone (at the university) to uninstall Apple QuickTime for Windows, since Apple Ends the Support,

References:
https://www.us-cert.gov/ncas/alerts/TA16-105A
http://blog.trendmicro.com/urgent-call-action-uninstall-quicktime-windows-today/
http://zerodayinitiative.com/advisories/ZDI-16-241/
http://zerodayinitiative.com/advisories/ZDI-16-242/
http://www.theregister.co.uk/2016/04/14/uninstall_quicktime_for_windows/

The IT security group also recommend not to use the QuickTime Alternative (uninstallation is recommended), since it hasn't been updated since 2010.

How will this affect WATCHOUT?
...

Depends on the version, v6, not much at all.
WATCHOUT does not require Quicktime, since version 5.5.1
(in fact, WATCHPAX / WATCHPAX 2 do not include Quicktime).

In v5, .mov files containing h.264 or animation codec do not rely on QuickTime.

In v6, same h.264 and animation codec and also ProRes do not rely on QuickTime.

Of course, there are other codecs under Quicktime that will not work without Quicktime,
but those are the less popular ones.

I imagine a MacOS computer with Quicktime Pro would allow you to transcode
any .mov that will not work in WATCHOUT into a compatible codec.

WATCHOUT Production will completely lose its ability to Export a synopsis movie,
as that function does rely on Quicktime.

There has been talk of re-writing the export function to remove reliance on Quicktime altogether.
That one export function is reliant on QuickTime and that prevents WATCHOUT from evolving into a 64 bit program,
i.e. 32 bit is maintained to allow QuickTime encoding to be used.

#3 Thomas Leong

Thomas Leong
  • Member
  • PipPipPip
  • 336 posts
  • LocationKuala Lumpur, Malaysia

Posted 16 April 2016 - 08:27 AM

Apparently, if need be, one can install Qucktime without the Player -

https://forums.creativecow.net/readpost/2/1072246

 

Basically, the procedure (copied and pasted here) is -

1. In your add / remove programs, uninstall QT player completely.

2. Go to the apple QT installer download page and grab the latest package for Windows

3. During install, make sure that everything except the "critical components" is NOT installed. (Xed out). Leave the top option for install only (something like "media for third party apps" - this is the codecs only)

4. Install as normal



#4 borovayz

borovayz
  • Member
  • PipPip
  • 5 posts

Posted 17 April 2016 - 01:50 AM

I'm not exactly sure how this will play out, but I wonder if the HAP codec is going to be effected by this.



#5 pedroR

pedroR
  • Member
  • PipPip
  • 9 posts

Posted 17 April 2016 - 04:06 PM

Apparently, if need be, one can install Qucktime without the Player -

 

Awesome to know, thanks!



#6 Fredrik Svahnberg

Fredrik Svahnberg

  • Dataton Partner
  • PipPipPip
  • 140 posts

Posted 17 April 2016 - 08:54 PM

WATCHOUT had a hard dependency on QT initially. But this was removed several years ago in anticipation of this event (Apple ends support). The only function that currently requires QT is the video/audio export functions. Even this is not really that urgent, as QT should continue to work just fine. The part you may want to disable is the web browser plug-in, which is the vector for most security issues.



#7 Steve Farris

Steve Farris
  • Member
  • PipPipPip
  • 51 posts
  • LocationPortland, Oregon

Posted 18 April 2016 - 05:37 PM

If removing support for Quicktime will allow Dataton to enter the 64 bit world, I'm all for it.  It sounds like Apple is done with Quicktime in Windows, so it's time to move on.



#8 Erik Rönnqvist

Erik Rönnqvist

    Dataton

  • Moderator
  • 93 posts

Posted 19 April 2016 - 07:27 AM

The Hap codec will not be affected by uninstalling quicktime. Support for prores and qt animation will not be affected either. In most cases you will not notice any difference, as long as you are not using any codec that is only available in quicktime. However, as mentioned earlier, the export function will not (yet) work without quicktime. 

 

/Erik







Also tagged with one or more of these keywords: watchout, quicktime, security risk