FORUMS: list search recent posts

Quicktime vulnerable? What does this mean for Sony Vegas and .MOV files?

COW Forums : VEGAS Pro

<< PREVIOUS   •   VIEW ALL   •   PRINT   •   NEXT >>
Rob Clapham
Quicktime vulnerable? What does this mean for Sony Vegas and .MOV files?
on Apr 15, 2016 at 6:10:30 pm

Dear All,

I have seen some news today stating that Quicktime should be uninstalled due to two vulnerabilities in the software. I checked this forum to see if anyone was talking about it, but no one has yet (unless this topic is covered in a different forum?)

I have looked at a few news articles. The Verge says the US government is recommending users to uninstall Quicktime - http://www.theverge.com/2016/4/14/11436932/uninstall-quicktime-windows-appl... Arstechnica says it's Trend Micro that is recommending the uninstall - http://arstechnica.com/security/2016/04/apple-stops-patching-quicktime-for-... and Trend Micro is declaring that Apple is "depreciating the software" with no source to back up this information - http://blog.trendmicro.com/urgent-call-action-uninstall-quicktime-windows-t...

The problem I have with these articles, is mainly the conflict of information. I can't find Apple officially saying that they are stopping updates for the software? Many of the comments from the articles ask "who is still using Quicktime?" making a joke about the situation. But, there are many professionals and consumers that still need it to use editors etc. such as Vegas. Trend Micro also says in their article that some of it's customers are already protected from the vulnerabilities that they've found in Quicktime - thanks to their software.

I just can't help but scratch my head and wonder if this is a bit of a con? I mean, surely Apple whilst perhaps being slow on updates for Quicktime Windows, still understands how many people do rely on this software? Apple still offers the download on their webpage with no mention of the security flaws, or that they are not updating it anymore - many people commenting on the the articles are also saying how it's disgusting that Apple haven't at least given consumers a warning that they are not going to update Quicktime for Windows. It seems to me (maybe/possibly) Trend Micro are just trying to sell their protection?

If Quicktime doesn't get updated, where does that leave Vegas (and other editors) in regard to opening .MOV files? I did a search for alternatives and found 'Quicktime Alternative,' but I've read here on Creative Cow (from Jon I think) that it is an illegal hack. So what is the alternative?

Will anyone here be uninstalling Quicktime? And if it is true that Apple is not working on updates for Quicktime for Windows any more - where does that leave us?

Best, Rob


Return to posts index

John Rofrano
Re: Quicktime vulnerable? What does this mean for Sony Vegas and .MOV files?
on Apr 16, 2016 at 3:26:09 am

[Rob Clapham] "I have seen some news today stating that Quicktime should be uninstalled due to two vulnerabilities in the software. I checked this forum to see if anyone was talking about it, but no one has yet (unless this topic is covered in a different forum?)"
The vulnerabilities were found in the Windows QuickTime Player. You could always delete or rename the player executable and not have to worry. I don't think many Vegas Pro users actually use the player. They just need to codecs to process QuickTime MOV files. All you need to do is stop using the QuickTime Player which you probably don't use anyway. No need to panic. There are probably far more vulnerabilities learning in Windows itself. ;-)

~jr

http://www.johnrofrano.com
http://www.vasstsoftware.com



Return to posts index

Eric Konkol
Re: Quicktime vulnerable? What does this mean for Sony Vegas and .MOV files?
on Apr 18, 2016 at 9:41:04 pm

If I delete the QuickTime player, does that still leave the codec intact?


Return to posts index


John Rofrano
Re: Quicktime vulnerable? What does this mean for Sony Vegas and .MOV files?
on Apr 19, 2016 at 1:05:11 am

[Eric Konkol] "If I delete the QuickTime player, does that still leave the codec intact?"
What others who have tried this have found is that Vegas Pro actually needs the QuickTime Player so if you delete it, Vegas won't be able to open MOV files with ProRes or DNxHD. I think it still might work with AVC/H.264 MOV files but that's the only one it can open without the player.

So don't delete it if you need to work with these files in Vegas Pro.

~jr

http://www.johnrofrano.com
http://www.vasstsoftware.com



Return to posts index

Angelo Mike
Re: Quicktime vulnerable? What does this mean for Sony Vegas and .MOV files?
on Apr 19, 2016 at 1:13:13 am

[John Rofrano] "What others who have tried this have found is that Vegas Pro actually needs the QuickTime Player so if you delete it, Vegas won't be able to open MOV files with ProRes or DNxHD. I think it still might work with AVC/H.264 MOV files but that's the only one it can open without the player.

So don't delete it if you need to work with these files in Vegas Pro."


At least in my experience, that hasn't been the case. I have mov files from my Canon t3i and am able to edit them even after I uninstalled Quicktime player. If I have any problems with the future, though, I'll post about it here. But for now it hasn't been an issue, and I just uninstalled Quicktime yesterday.


Return to posts index

George Dean
Re: Quicktime vulnerable? What does this mean for Sony Vegas and .MOV files?
on Apr 19, 2016 at 3:11:32 pm

This has been my experience. No go with ProRes or DNxHD (mov) files, but will work with h.264/avc (mov) files.


Best Regards.....George


Return to posts index


Michael Gibrall
Re: Quicktime vulnerable? What does this mean for Sony Vegas and .MOV files?
on Apr 19, 2016 at 3:49:16 pm

My workplace's IT manager is going to go around and uninstall all Quicktime players on all PC's at work. He sent out an email saying that he recommends everyone do so at home on their personal computers.

I asked him if I don't run the application, how would it still matter?

His response was it may be possible for someone to access it through your web browser if you have the Quicktime plugin active.

So, since I can't uninstall Quicktime for my copy of Sony Vegas Pro, I went and disabled the plugins on IE and Firefox browsers.

Just an FYI.


Return to posts index

Angelo Mike
Re: Quicktime vulnerable? What does this mean for Sony Vegas and .MOV files?
on Apr 21, 2016 at 1:29:30 am

[George Dean] "This has been my experience. No go with ProRes or DNxHD (mov) files, but will work with h.264/avc (mov) files."

I may be experiencing this now. A client hired a drone videographer to shoot video and I downloaded the mov files, but none of them will play. For some reason I can't get Quicktime to work after reinstalling it (says I need Apple Application Support, which I can't seem to download for 64 bit Windows 7, anyways), but it also won't play in VLC. It's just a green screen. I cannot import the video into Sony Vegas, either.

Any ideas? Could I convert it to mp4 or something?


Return to posts index

Angelo Mike
Re: Quicktime vulnerable? What does this mean for Sony Vegas and .MOV files?
on Apr 21, 2016 at 1:35:03 am

[Angelo Mike] "I may be experiencing this now. A client hired a drone videographer to shoot video and I downloaded the mov files, but none of them will play. For some reason I can't get Quicktime to work after reinstalling it (says I need Apple Application Support, which I can't seem to download for 64 bit Windows 7, anyways), but it also won't play in VLC. It's just a green screen. I cannot import the video into Sony Vegas, either.

Any ideas? Could I convert it to mp4 or something?"


Found a solution. I downloaded a program simply called Adapter, which lets me turn mov files into mp4, and now they play fine.

https://www.macroplant.com/adapter/download/pc/


Return to posts index


George Dean
Re: Quicktime vulnerable? What does this mean for Sony Vegas and .MOV files?
on Apr 21, 2016 at 2:57:43 pm

[Angelo Mike] "Found a solution. I downloaded a program simply called Adapter, which lets me turn mov files into mp4, and now they play fine."

I tried the program 'Adapter' on a Prores 422HQ, DNxHD 220x, and Nikon h.264/avc file. The program errored on all three and would not convert!


Best Regards......George


Return to posts index

Angelo Mike
Re: Quicktime vulnerable? What does this mean for Sony Vegas and .MOV files?
on Apr 24, 2016 at 6:50:25 pm

[George Dean] "I tried the program 'Adapter' on a Prores 422HQ, DNxHD 220x, and Nikon h.264/avc file. The program errored on all three and would not convert!


Best Regards......George"


What did you try to convert them to? I successfully converted my files to mp4 but they wouldn't open in Vegas. However, mpeg worked fine (it's obviously not a perfect program, but it finally did the job for me after some experimenting).


Return to posts index

George Dean
Re: Quicktime vulnerable? What does this mean for Sony Vegas and .MOV files?
on Apr 24, 2016 at 10:38:00 pm

[George Dean] "I tried the program 'Adapter' on a Prores 422HQ, DNxHD 220x, and Nikon h.264/avc file. The program errored on all three and would not convert!"


[Angelo Mike] "What did you try to convert them to? I successfully converted my files to mp4 but they wouldn't open in Vegas. However, mpeg worked fine (it's obviously not a perfect program, but it finally did the job for me after some experimenting)."

I tried several conversions, the issue was the file I inputted was read, then Adapter reported an error, before the conversion. It may have been something with my installed copy or my system. I don't need to convert my files, as I have Quicktime installed and will keep it installed until there is a verifiable issue with security risks. I just wanted to try Adapter to see first hand how it works, and reporting what I experienced with the program Adapter. At this point, it's not worth my time to figure out why the Adapter appears not to work on my system.


Best Regards......George


Return to posts index


Paul Gregory
Re: Quicktime vulnerable? What does this mean for Sony Vegas and .MOV files?
on Apr 25, 2016 at 2:41:41 am

What I ended up trying was to open the .MOV files in Handbrake where I selected the profile & saved them as MP4. The resulting files open in Vegas OK.

Thanks in advance


Return to posts index

Paul Gregory
Re: Quicktime vulnerable? What does this mean for Sony Vegas and .MOV files?
on Apr 20, 2016 at 2:10:47 am

I thought that I should check my old footage & I managed to find a few old MOV files. I can't open them in Vegas so I'm assuming that I don't have the correct codec installed.

Do you know where I can get free codec just so that I can convert these old file. I'm suspicious about most sites that offer anything free since it's often loaded with crap ware or worse.

Thanks in advance


Return to posts index

John Rofrano
Re: Quicktime vulnerable? What does this mean for Sony Vegas and .MOV files?
on Apr 20, 2016 at 12:07:11 pm

You can try QuickTime Alternate. I've never used it with Vegas Pro because I have QuickTime installed but it might provide codecs that work.

Let us know how you make out.

~jr

http://www.johnrofrano.com
http://www.vasstsoftware.com



Return to posts index


Rob Clapham
Re: Quicktime vulnerable? What does this mean for Sony Vegas and .MOV files?
on Apr 25, 2016 at 5:09:47 pm

Hi all,

Sorry I'm a bit late to my own thread. Well, anyway in my first post, I said I couldn't find where Apple officially pulled support for the product. But today I have found it - here is a link: https://support.apple.com/kb/DL837?locale=en_GB

Strange thing is, it is still available for download. I mean the article even goes on to say that this version "contains security updates..." But I don't think these updates fix the issues Trend Micro have reported.

I'm beginning to think this is a bit of a non-issue... If most people have already uninstalled QuickTime then why would a potential attacker bother with the exploit? It's kind of the same argument about Apple computers not getting viruses, it's not that you can't write viruses for Apple systems. But rather it's far more unlikely because of the smaller user base. I just can't find any other anti-virus outlet saying to uninstall the program for the same reasons as Trend Micro is suggesting.

Anyway, the latest version of QuickTime (7.7.9) at least uninstalls the QuickTime web browser plugin if it was previously installed. And doesn't install it by default. So perhaps the answer is to just leave it and not use the QuickTime player.

Best, Rob


Return to posts index

Aaron Star
Re: Quicktime vulnerable? What does this mean for Sony Vegas and .MOV files?
on Apr 25, 2016 at 6:29:22 pm

"It's kind of the same argument about Apple computers not getting viruses, it's not that you can't write viruses for Apple systems. But rather it's far more unlikely because of the smaller user base."

This is no longer the case, it was the case back on the old Mac OS. To me the X in OSX has more to do with the change to Unix as the core, than the a number. That opens up Apple systems to the same vulnerabilities and exploits as Unix, and there a ton of them. The installed base of Unix is huge and so there is potential to write worms or other exploits. iOS is simply a variant on OS, and so that too has a problems. Hence the celebrity text stealing and other high profile articles in the news.

I think a mass majority of the apple users still believe your statement, which is simply not contemporary. Since Mac users are not tech oriented folks, the risks are probably greater than an to an average Windows or Unix user.


Return to posts index

John Rofrano
Re: Quicktime vulnerable? What does this mean for Sony Vegas and .MOV files?
on Apr 26, 2016 at 9:40:45 pm

[Aaron Star] "I think a mass majority of the apple users still believe your statement, which is simply not contemporary. Since Mac users are not tech oriented folks, the risks are probably greater than an to an average Windows or Unix user."
Actually the reason that Mac's are safer is because users do not run as administrators like on Windows. This limits the damage that a virus can do. Modern versions of Windows have tried to emulate this but as we all know, User Access Control is the first thing that everyone on Windows disables because some software doesn't work properly with it on or just because the prompts are annoying, once again making Windows users more vulnerable. No system is impervious to viruses but running with full administrative rights is just plain asking for trouble. Macs don't work that way.

~jr

http://www.johnrofrano.com
http://www.vasstsoftware.com



Return to posts index

<< PREVIOUS   •   VIEW ALL   •   PRINT   •   NEXT >>
© 2017 CreativeCOW.net All Rights Reserved
[TOP]