FFMPEG can probably do this for you. But if you need a GUI, I understand that.

> "You do realize how easy it is to embed code on a page that checks for Quicktime, and then execute the attack. You would not even notice or see this happening. The attack would be background in the browser. That is the point of the alert."

I guess you could configure your browser to not play QuickTime files?

~jr

I was checking out the impact of this on another product I use (telestream's wirecast) and they pointed out, in their official response, that they offer a free player that apparently includes the codecs, etc. and presumably would not have the vulnerabilities of QT for windows. ... The product is aptly called 'switch' ... there are paid versions with professional features. I don't know if it works with the TIFF files.

And I may or may not try it ... as I don't use many mov or any .tiff files in video projects.

Ah interesting

Telestream’s switch aims to overtake & surpass quicktime pro

http://www.provideocoalition.com/review-1-telestreams-switch-aims-to-overtake-surpass-quicktime-pro/

Indeed they have a free player http://www.telestream.net/switch/overview.htm

I'll give it a try on my seperate PC and report back.

VMP

musicvid10 said, "Curious that Apple issued Security "fixes" for years that all seemed to break Vegas and Premiers ..."

That is the primary reason why I did not install QT on my new system build. I remember seeing a lot of threads over time where a users system was broken by an update to QT. I never use *.mov files so I do not need QT.

Unless I am missing something, even without QT installed, I can still load *.tiff files in Vegas without any problems.

For some mysterious reason, the disk label software I was using must have QT installed to work and there is no way around it. So I broke the rules and booted with my old boot drive backup and saved my favorite templates as *.PSD files and no longer use that disk label software. I do have to be careful where I locate items but at least it all works fine for me. The company that puts out the software does not want to change it.

Anyway, QT is not, does not and will not get installed on my system.

One less possible source of problems! Besides, Apple has no desire to support Windows systems anyway. Why would they?

I cannot count how many times I would install something and see concerning certain features, 'this feature(s) is/are not available on the Mac'.

Apple thinks different but NOT better!

I can understand a virus eradication software company making a statement like this (to uninstall QT now) but I am very surprised that our government got involved.

Or maybe not.

Perhaps a little retribution?

-- tom

I renamed my QuickTimePlayer.exe and tried to play an .mov file in Vegas 10. I received error messages.

I transcoded that same file in Handbrake to an .m4v file and it functioned in Vegas 10 very nicely without QT.

The original .mov file plays just fine in Windows Media Player as well with the renamed QuickTimePlayer.exe (renamed to OLD QuickTimePlayer.exe FYI).

I have used ProRes files in the past and if I can track them down I will try transcoding them in Handbrake.

I am no expert - but does this keep me protected? Thanks.

Probably what you'd *really* want to do to test this is to rename the entire quicktime folder, just to be sure that other applications don't use the libraries. I don't think they do but better safe than sorry.

The other piece of the puzzle is to make sure your web browsers don't have access to a quicktime player plugin.

The potential exploit payload (which doesn't yet exist as far as anyone knows) would be in a *.mov file. That file would then exploit a flaw in the quicktime player or maybe an associated library. So, controlling whether a foreign MOV file can get onto your system would be a start. The nuclear option is to just uninstall quicktime player.

As a side note, I was looking at Edius forums this morning and it appears they're pretty well tied into quicktime. They were advising to NOT uninstall quicktime.

It kind of seems to me that *someone* is going to have to pick up the Quicktime ball on Windows, assuming Apple will even allow a third party to do it. Maybe Microsoft would be a good candidate for that.

How about QuickTime Lite? Does anyone know if that is vulnerable? Thanks.

I understand (but may be wrong) that Quicktime Alternative is based on a hack of an early version of Quicktime and uses Media Player Classic (not the Home Cinema fork) as the video player. Quicktime Lite is the same without a media player. They are no longer available from the hacker, presumably due to legal action.

So if you installed Quicktime Lite you would be installing an old version of Quicktime codecs. If Quicktime Player is necessary as well as the codecs, as someone has recently suggested, then Quicktime Lite may not be a complete solution. Being old, the codecs may also be less secure than the latest Quicktime.