Danish vulnerability tracker Secunia ApS has concluded that Apple Incorporated's QuickTime is three times more likely to pose a threat than Microsoft Corporation's Internet Explorer 6 and six times more likely to be a threat than Mozilla Corporation's Firefox. According to an analysis of more than 350,000 system checks done over the last six months by the free Secunia Software Inspector, 33.1% of all QuickTime 7 installations weren't up to date with security patches. AOL LLC's Winamp, was almost as likely to be outdated: 27% of Winamp 5 installations were missing needed security fixes. In comparison, IE 6 installations lacked one or more patches, while just 5.2% of Firefox 2 deployments needed updating. Secunia's data shows that outside of operating systems and browsers, users neglect regular patching.
"This constitutes a significant problem. Most people wouldn't hesitate to open an .mpg, .jpg, .mov or .mp3 file from any source if it seems the least bit interesting and relevant. It's easy to embed a movie in your home page, for example, and all it takes is one unpatched QuickTime vulnerability and a provocative video title to compromise a lot of visitors," said Jakob Balle, Secunia's development manager.
Researchers regularly identify vulnerabilities in QuickTime and Winamp. Secunia's own database, for example, pins 10 bugs on QuickTime 7, Winamp 5 sports 11 vulnerabilities. There are fairly recent bugs as well, but fixes for all have been released. Balle said that scans of business computers for unpatched applications reveal the same user behaviour that inspections of consumer computers expose. Although the free Software Inspector remains available, Secunia is also pushing a server-side edition, dubbed Network Software Inspector
News source: PC World
"This constitutes a significant problem. Most people wouldn't hesitate to open an .mpg, .jpg, .mov or .mp3 file from any source if it seems the least bit interesting and relevant. It's easy to embed a movie in your home page, for example, and all it takes is one unpatched QuickTime vulnerability and a provocative video title to compromise a lot of visitors," said Jakob Balle, Secunia's development manager.
Researchers regularly identify vulnerabilities in QuickTime and Winamp. Secunia's own database, for example, pins 10 bugs on QuickTime 7, Winamp 5 sports 11 vulnerabilities. There are fairly recent bugs as well, but fixes for all have been released. Balle said that scans of business computers for unpatched applications reveal the same user behaviour that inspections of consumer computers expose. Although the free Software Inspector remains available, Secunia is also pushing a server-side edition, dubbed Network Software Inspector
News source: PC World
I update any program I have when I'm prompted - iTunes/Quicktime/Java give me a prompt to do so, though they are not automatic. Really they should be automated like Firefox/Thunderbird... they announce when they've updated themselves and ask to restart to complete the procedure. If a program doesn't prompt me then I won't update it; I am not going to traipse around the web to see if there is an update to any one of the numerous programs I have installed.
It is the responsibility of a program's developers to make sure it is secure, particularly when it is something actively targeted by exploits (like Quicktime, Firefox, etc). Updates to any non-production tool should be automatic. Programs like Photoshop, Cubase, etc, are relied upon for business and so any update that could break them should not be automatic - however, programs like Quicktime, IE, Notepad, FlashGet, etc, can and should be updated automatically to prevent exploits as quickly as possible.
I update any program I have when I'm prompted - iTunes/Quicktime/Java give me a prompt to do so, though they are not automatic. Really they should be automated like Firefox/Thunderbird... they announce when they've updated themselves and ask to restart to complete the procedure. If a program doesn't prompt me then I won't update it; I am not going to traipse around the web to see if there is an update to any one of the numerous programs I have installed.
It is the responsibility of a program's developers to make sure it is secure, particularly when it is something actively targeted by exploits (like Quicktime, Firefox, etc). Updates to any non-production tool should be automatic. Programs like Photoshop, Cubase, etc, are relied upon for business and so any update that could break them should not be automatic - however, programs like Quicktime, IE, Notepad, FlashGet, etc, can and should be updated automatically to prevent exploits as quickly as possible.
QuickTime and IE are most certainly production applications for some of my users. It all depends on the nature of the business.
I believe that all these software updates are becoming an increasing annoyance amongst computer users, myself included. Every time I open any application it is asking me if I want to update it. No, I don't want to update it, I want to use it right now. I didn't open it because I thought I needed to update it, I opened it because I wanted to get my work done.
I think that there needs to be something in place in all of these applications that quietly updates them when the computer is idle and without nagging the user. :|
I update any program I have when I'm prompted - iTunes/Quicktime/Java give me a prompt to do so, though they are not automatic. Really they should be automated like Firefox/Thunderbird... they announce when they've updated themselves and ask to restart to complete the procedure. If a program doesn't prompt me then I won't update it; I am not going to traipse around the web to see if there is an update to any one of the numerous programs I have installed.
It is the responsibility of a program's developers to make sure it is secure, particularly when it is something actively targeted by exploits (like Quicktime, Firefox, etc). Updates to any non-production tool should be automatic. Programs like Photoshop, Cubase, etc, are relied upon for business and so any update that could break them should not be automatic - however, programs like Quicktime, IE, Notepad, FlashGet, etc, can and should be updated automatically to prevent exploits as quickly as possible.
Some problems with this, is that the fact this completely violates SOX compliance with businesses as well, not only out-of-date, but also allowing it to just automatically push itself onto the servers/workstations in the envionment. So, you will find that also at the corporate level, you want want an option that tells you that it's out of date and that it needs to be updated, or disable the software if it's that bad. I have this very problem with a software vendor who pushes out updates to their business software every night, regardless if you know about it or not, which no longer allows us to be SOX compliant, because we can't account for what we see being pushed to our environment. So, it's been disabled completely.
I believe that all these software updates are becoming an increasing annoyance amongst computer users, myself included. Every time I open any application it is asking me if I want to update it. No, I don't want to update it, I want to use it right now. I didn't open it because I thought I needed to update it, I opened it because I wanted to get my work done.
I think that there needs to be something in place in all of these applications that quietly updates them when the computer is idle and without nagging the user. :|
I think it needs to be a little more subtle, instead of in-your-face. Something like a notification pop-up like Outlooks or Messengers.
I update any program I have when I'm prompted - iTunes/Quicktime/Java give me a prompt to do so, though they are not automatic. Really they should be automated like Firefox/Thunderbird... they announce when they've updated themselves and ask to restart to complete the procedure. If a program doesn't prompt me then I won't update it; I am not going to traipse around the web to see if there is an update to any one of the numerous programs I have installed.
It is the responsibility of a program's developers to make sure it is secure, particularly when it is something actively targeted by exploits (like Quicktime, Firefox, etc). Updates to any non-production tool should be automatic. Programs like Photoshop, Cubase, etc, are relied upon for business and so any update that could break them should not be automatic - however, programs like Quicktime, IE, Notepad, FlashGet, etc, can and should be updated automatically to prevent exploits as quickly as possible.
Update when it needs updating, if u see a vulnerability for an app you update
ROFLMAO responsibility of the programs developers, you met any developers??? non production??
Everythign is production if it's on a production machine, if quicktyime update blows out photoshop i am goinna get mad if quicktime updated itself.
All these theories may be fine in a consumer environment, but in a business environment it just won't work
This isn't surprising at all. It seems that there's patch, after patch, after patch for security issues in QT.
Media Player Classic or Windows Media Player all the way!
A modded xbox with Xbox Media Center beats all 3 hands down tho
as for RealMedia, yeah you're definately alone there, I withmost peopel I know would rather was a 1fps GIF trailer than even load a webpage with embedded real media on it, you never know how little it takes for real player to infect your computer.
Media Player classic or the VLC player for me.
I think it meant all the existing installations, up-to-date and out-of-date. I believe that FF makes it easier to stay up-to-date by auto update installation, including FF itself and extensions.
That's not what the first sentence of the article implies. It says that Quicktime is more of a threat than IE or Firefox.
Perhaps you read that differently than I did, but it sure sounds like they are comparing a media player to two web browsers to me.
That's not what the first sentence of the article implies. It says that Quicktime is more of a threat than IE or Firefox.
Perhaps you read that differently than I did, but it sure sounds like they are comparing a media player to two web browsers to me.
I woudl assume a media player is way easier to make secure then a browser, so whocares if they are comparing it, to be in the same league as abrowser for insecurity sasy in itself it must be bad
I myself use QT Alternative and for the matter Real Alternative.
If there's a vulberability in part of that in the actual app it would be in this version as well.
If there's a vulberability in part of that in the actual app it would be in this version as well.
You're right but at least I don't get the unwanted "features".
If there's a vulberability in part of that in the actual app it would be in this version as well.
You're right but at least I don't get the unwanted "features".
but unwanted features don't apply this to this article do they lol
If there's a vulberability in part of that in the actual app it would be in this version as well.
You're right but at least I don't get the unwanted "features".
I didn't even say anything about features did I? I said the libraries used in BOTH apps could contain vulnerabilites and would be vulnerable no matter what it's installed with.
Nice try at twisting what I said
Note this sentence:
wctaiwan
They're saying these apps are more vulnerable because people don't update them as much as the browser they're using. So technically, they actually would be more risky. Depends on the user and how often they update their software.
There's people who might update their browsers but nothing else. There's people who update Quicktime and other apps but not their broswers. Then you have the people who don't update anything.
Again, it depends on the user. I wouldn't call these people stupid either. Not everyone who uses a computer knows that you should check for updates constantly. This doesn't make them stupid.
Yeah right, if you can't attack the argument attack the person that makes the argument.
Quicktime doesn't matter as much to me either since I use Quicktime Alternative, though agreed that if Apple itself isn't updating it then it is still vunerable.
I almost never use that plugin though.
My QT is up to date because QT 7 always tells me when a new patch is out. Just like firefox. So I'm not sure why QT is less safe because someone hasn't patched it yet. Are we all so tired of pop up's, we ignore warning popups on the actual computer
divx is a nice program tho
Probably worse really as they are the ones that "live in the glass house" !
Why oh why doesn't microsoft do something so that we don't have to use these programs at all !
Where is the MS alternative to Quicktime ???
Quicktime on Windows maybe, but have you ever seen the other side of that coin (Windows Media Player for OS X)? At least Apple keeps feature parity between Quicktime on OS X and Quicktime on Windows, something that Microsoft is either unable or unwilling to do with WMP. That being said, Quicktime on OS X is fantastic.
I have no problems whatsoever with QuickTime 7 on Mac OS X. It's a very nice media player, with a small resources footprint, a very polished interface, it plays everything I want it to and best of all it's fast.
There isn't a single reason for me not to like QuickTime 7 just because it performs poorly on Windows. And let's face it, Microsoft applications on Mac OS X don't exactly deserve a prize either.
I have no problems whatsoever with QuickTime 7 on Mac OS X. It's a very nice media player, with a small resources footprint, a very polished interface, it plays everything I want it to and best of all it's fast.
There isn't a single reason for me not to like QuickTime 7 just because it performs poorly on Windows. And let's face it, Microsoft applications on Mac OS X don't exactly deserve a prize either.
Exactly.
iTunes has that kind of feature maybe, but it doesn't support every kind of file and still isn't right.
It's true that Apple apps on Windows keep the same features compared to MS (are we talking about MSN Messenger here specifically?
playlists
Since IE, Firefox, and Opera all use QT as a plugin, the risks should be even, unless somehow IE is more vulnerable to poorly written plugins.
Commun sense would indicate that internet explorer is more of a threat to the world than quicktime.
Now that that's out of the way, i hate quicktime. it's underwelming and mostly useless. Frankly i would rather use windows media player then quicktime. And i don't really like windows media player. VLC for the win.
I have yet to experience any ill effects.
And Quicktime on Windows? That's a PC user's problem and a Mac user's chance to make a joke.
Apple and Microsoft are good at screwing those that aren't on their own platform. The joke goes both ways.
Apple did, it's called iTunes...
QuickTime Player is there for different reasons, especially when it comes to the Pro features.
Apple did, it's called iTunes...
QuickTime Player is there for different reasons, especially when it comes to the Pro features.
You certainly can play videos full-screen without the Pro version:
http://www.dashboardwidgets.com/showcase/details.php?wid=605
A simple dashboard widget will do the trick. It's been up there for quite a while now. Pretty much common knowledge.
--------- Another, even cooler solution for all you Quicksilver fans:
If you have Quicksilver installed you can bind a shortcut to an applescript. I use Command+F to invoke the fullscreen mode script. You can find the script at:
http://www.macworld.com/weblogs/mac911/200...creen/index.php. It works great!
Look at the pictures below:
http://static.flickr.com/102/300771862_9d988a7610_o.png
http://static.flickr.com/113/300771864_979e3dfe65_o.png
Last edited by LTD on 20 May 2007 - 14:57
Did I say otherwise?
Did I say otherwise?
Ah, I replied incorrectly. My comment wasn't directed to you, Neo, but to westonb. Apologies if you thought otherwise.
Ah, OK. No worries.
There needs to be a cross platform player that works equally as well on both platforms. Windows Media Player works great on Windows, and version 11 is so polished. Itunes and Quicktime on a Mac seems to work well, I don't use it as often but I like it...on a Mac.
Quicktime is just fine. Nothing wrong with it. When you have full screen functionality it truly rocks. It's a very mature app on a Mac and works very well.
I don't use Windows anymore, really. All I care about is a media player/manager that is specifically made for OS X.
Then there's always VLC Player, which even looks good on OS X.
Yeah. Record earnings really suck.
And if it does have flaws and security holes, it's not due to the program -- it's due to Microsoft's flawed operating system code. That same program on Mac OS would have zero flaws and holes -- and the base program is exactly the same on both operating systems... the only thing different is added Windows compatibility.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.