After discovering that installing quicktime, even if you deselect the "bundle with iTunes" means getting iTunes the first chance the AppleUpdate has, I've learned to live without quicktime, and I don't miss it one bit.

Remind me again why the iFanbois always seems to think that "Apple-labelled" equals "secure"?

//Svein

There's Quicktime Alternative for playing all those quicktime format files.

http://www.free-codecs.com/download/QuickTime_Alternative.htm

No idea if this is vulnerable to the same exploit but I doubt it.

Would never let Itunez or QT anywhere near my PC but comes preinstalled with MacOS.

Another huge patch then to download soon methinks.

"unleashes a payload" ... hmmm.

Standardized LART Form for poor computer security articles. Released under the GPL v2 for everyone to use. Please modify as needed. See http://www.gnu.org/

Check all that apply to this article. You may have to delete unchecked items to fit in the space alloted by the author's comment form.

For a copy of this form, visit:

http://www.antiwindowscatalog.com/index.asp?mode=rant&id=50

======= Indices

Troll-O-Meter: (6 out of 10) [X] 6. False prophet

Flame Meter / Threat Level: (1 out of 10) [X] 1. Firecracker

BS Meter: (4 out of 10) [X] 4. "We are not in the business of scaring people"

======= Conditions of exploitation

Your article assumes the victim:

[X] Uses Microsoft Windows [X] ...with Administrator access [X] ...and turns off User Account Control (Vista) [X] Uses MacOS X [X] ...and gladly provides his admin password to everything that asks for it

The problem described was addressed:

[X] More than a month ago by a simple workaround [X] ...more than five years ago [X] By turning off whatever useless feature has this problem

Reproducing and/or exploiting the problem requires:

[X] Clicking a malicious web link [X] ...while logged on as an Administrator

======= Umbrella salesmen predicting bad weather

Your article cites:

[X] A computer security firm [X] ...more than one firm

The quoted person / firm / organization:

[X] Claims they had known about and/or had fixed the problem [X] ...more than a month ago

======= Celebrities

Your article cites:

[X] An executive representing the exploited product

The celebrity is relevant to this article because:

[X] He or she attracts attention to the problem

======= Punishments

For crafting this article, you deserve:

[X] To be interviewed by... [X] ...John Leyden [X] ...Steve Gibson

Before writing another security article, you must:

[X] Ask one or more real security experts first [X] ...that don't work for computer security firms (Yes, they do exist.) [X] Ask a critic of whoever you're going to quote [X] Try reproducing the problem yourself [X] ...while logged on with a Limited (XP) or Standard (Vista) account [X] ...while leaving User Account Control (Vista) turned ON

To me it seems Apple has the ability to make more computers vulnerable than just Microsoft by itself. So, think about that for a minute. After all isn't it Apple that codes Quicktime/iTunes and codes Mac OS X? Do you think they say to themselves let us be more diligent and competent with Mac OS X? They are beginning to be a regular bug factory.

I have to pay extra to watch something in fullscreen and it doesn't support all the codecs? Steve Jobs, you are a tosspot but a rich one.

Thank fuck for OpenVLC which works wonderfully and looks great on Mac OS X - remote control included.