You can do nothing I think. Vegas required QT. It would be up to SCS to deliver an update that does not require QT and the ProRes decoder. I do not know how likely that is to happen for Vegas. :(
If you are referring to the vulnerability found in the QuickTime Player, just delete the player's .exe file and be done with it. No need to uninstall anything. You need the QuickTime codecs to process MOV files in Vegas Pro.
~jr
Former user
wrote on 4/17/2016, 8:48 AM
I wouldn't do anything. I have used QT for years with no problems. I seldom if ever use it for online videos.
I don't believe Vegas requires QuickTime. I've installed it on many a computer lacking QuickTime completely and Vegas runs fine. It's only used to open a very few types of files (inexplicably TIFF being one of them), but if you don't deal with those file types then Vegas is perfectly functional sans QuickTime. Think of it as Just Another Codec package. Most folks run Vegas their whole lives (so to speak) without ever installing DivX or MJPEG or a host of others. Why would QuickTime be any different?
When I built my new system, I did not install QT and everything is running just fine.
Former user
wrote on 4/17/2016, 5:08 PM
I'm running VP12 on Win 7 Pro and just un-installed QT. So far, the only issue is with opening MOV files -- which was expected. Other than that VP12 seems to be running just fine. While I don't use TIFF files, I understand that they won't open without QT...
I just tried uninstalling QT, but Vegas directly gives warning that QT is needed for allowing mov files on its timeline to be displayed.
I have also tried uninstalling the player and just installing the basic components of QT (that is an option while installing QT) but Vegas only works if with the player is installed too.
If it gets serious then I have no choice but to transcode all the mov files, then uninstall QT.
If it is just the player, then one could disable it from launching, but if it are other core-components, then it's another story.
Not sure if one should somehow block the internet connection to the core-components, or if that would safe guard it.
I've been running Vegas 10 on my Win7 laptop since i bought it 15 months ago, and only recently installed QuickTime maybe a week ago. I've been opening and rendering MP4 files the entire time with no problems. I never touch MOV files.
Former user
wrote on 4/17/2016, 10:59 PM
Warnings are spreading on the web, but they are all coming from the same source, Trend Micro.
On my latest system I never installed Quicktime. MP4 files work fine with Vegas Pro (13) as they always did within the last couple of Vegas versions without going its way through Quicktime.
As Peter already pointed, meanwhile Vegas Pro uses different DLLs to decode MP4 wrapped video and even some flavors of MOV will be decoded away from Quicktime (like some MOV from Canon DSLRs).
Only certain MOV codecs still need Quicktime in Vegas Pro (like ProRes or DNxHD MOV). If you don't use these certain MOV codecs you should be happy without Quicktime.
> "Warnings are spreading on the web, but they are all coming from the same source, "
Not to detract from the fact that there is a vulnerability that COULD be exploited (but hasn't yet and may never be) but it is in the best interest of anti-virus companies to spread fear and panic so that customers buy their products. I would take the potential impact with a "grain of salt" judging it's coming from a company that has everything to gain from fear mongering.
In my professional opinion, the appropriate response would be to warn the public and recommend that people be careful not to download a malicious files (which is what you need to do in order be affected by this... nothing is going to come and attack you... you need to initiate the attack by downloading and playing a malicious file). Not to completely uninstall a multi-media subsystem that may break other products on their computer that rely on it.
If you are working with MOV files from your camera or rendering to MOV for your customers, you have absolutely nothing to worry about. I'm guessing many of you are still using Windows XP. That is a far greater threat to your security than QuickTime is. ;-)
So yeah, I convert TIF to PNG and AVC/MOV to Cineform, and haven't run across anything I can't handle.
I'll deal with the ProRes issue when I encounter it.
Curious that Apple issued Security "fixes" for years that all seemed to break Vegas and Premiers ...
Former user
wrote on 4/18/2016, 10:30 AM
Their QT updates would even break Final Cut. I used to have version 4 of Final Cut and when they updated QT, it would only capture 5 minutes of video at a time. I had to revert back to an older version of QT, which is not easy on a Mac. The only advice I got from other users was to update Final Cut.
I can corroborate what VMP reported. I'm using a codec that is specific to Quicktime. Vegas 13 throws up an error if I put any of that media on the timeline after having renamed the player.exe file. So, if you're working with people on Macs and they're giving you ProRes or something else in a MOV wrapper then you either need to ask *them* to transcode it, find a non-quicktime transcoder or keep Quicktime Player installed on your system. Getting them to transcode for you is unlikely, in my experience.
As far as Trend Micro having it in their interest to spread fear and panic... this is orphaned software with known security holes. What else can they say except to tell you to uninstall the player? It's really not their place to take a liberal and open minded attitude.
I honestly don't expect SCS to do anything about this as there are plenty of other codec options to use, and they haven't made a commitment to ProRes output. However, I'd love it if they took some time to look into the issue and provide some guidance, maybe in the form of a white paper.
> "Vegas 13 throws up an error if I put any of that media on the timeline after having renamed the player.exe file."
Ouch! Didn't think that would happen. That means Vegas Pro is calling the QuickTime Player under the covers. I guess you can't rename it then. :(
> "What else can they say except to tell you to uninstall the player? It's really not their place to take a liberal and open minded attitude."
It's simply bad advice for people who use other software that relies on QuickTime. Had they said, "If you don't have other software that requires QuickTime we recommend that you uninstall it" That would have been sound advice. But they didn't. They spread panic instead, "Uninstall immediately!" like some boogie man is going to invade your computer. There isn't even a threat known to exploit this yet. IMHO, it was overreacting to a "possible" threat that doesn't "exist" yet.
IMHO, it was overreacting to a "possible" threat that doesn't "exist" yet.
As an antivirus vendor and supposedly security experts, it's their role to say "uninstall the software". They can't really say anything else. On the other hand, it's NOT the role of the press to unequivocally say "uninstall it now, now, NOW!!!" They could say something a bit more rational and nuanced.
However, most of these publications are looking at this with the understanding that Quicktime is just a player to watch your cat videos at home. In that context it's trivial to uninstall it. You don't need it for your cat videos, although you can have multiple instances running and it's a well featured player so it's great for watching several cats at once, with basic color tweaks and JKL support.
I also wonder if there might not be a little animus towards Apple here. Not an outright assault but a "serves 'em right" sort of satisfaction that might cause the press to rush to offer unconsidered opinions.
In the mean time I've got a question in to the Raylight folks about their decoder. I don't really expect much since this mainly services tape-based Panasonic DVCProHD cameras. There's probably not much in it for them to spin out a non-quicktime version of the decoder, nor does it seem like there's much value to SCS to configure .MOV support to use something other than Quicktime. My understanding is that Vegas is EOL so why address this at all?
What I'd like to see is a standalone transcoder that will convert MOV files without installing Quicktime.
Thanks Marco, I'll have to look at it. I'm thinking that perhaps since I have to use the Raylight Decoder to view DVCProHD.mov files that even ffmpeg may not be able to open the files without Quicktime being present.
You do not need to have QuickTime installed to use Vegas 13. If you have a DSLR or other device that records to h264 in an MOV container, Vegas has a built in .DLL that will read the format natively.
Plug-In
Name: compoundplug.dll
Folder: C:\Program Files\Sony\Vegas Pro 13.0\FileIO Plug-Ins\compoundplug
Format: Sony AVC
Version: Version 13.0 (Build 453) 64-bit
Company: Sony Creative Software Inc.
Where you need QuickTime, is for playing back QuickTime only formats, like writing DNxHD in an MOV container.
FFMPEG will rewrap your .mov files to another container which Vegas will read.
This is a case of Apple screwing the Windows community, and has little to do with Vegas or the way it works. I see this as more reasons not to use any codec or format that apple supports. Choose .MXF formats and the codecs associated for your workflows.
"IMHO, it was overreacting to a "possible" threat that doesn't "exist" yet."
You do realize how easy it is to embed code on a page that checks for Quicktime, and then execute the attack. You would not even notice or see this happening. The attack would be background in the browser. That is the point of the alert.