Thursday, November 09, 2006

how to avoid codec roulette

does this sound familiar? you've gotten this video off the internet and when you try to play it you get informed that playing the video requires a codec you don't have...

this is actually a pretty old problem and the obvious solution most people hit on is find the codec and install it - and of course then you have to hope that it actually works and that it doesn't cause conflicts with other codecs or general system instability...

more recently a more insidious trend has emerged - the codec, rather than simply not getting along with other codecs or being poorly coded, is not a codec at all but is actually malware... this is a pretty clever form of social engineering because when a person makes a judgment about the safety of the whole thing it is at this point when they decide whether to try to watch the video in the first place and the judgment most will make will be that the video file is probably safe because video files generally are... at that point they become committed to watching the video even though the demand for the codec changes the entire safety equation - they pay no heed to whether or not the codec is safe, they just want to be able to look at this video they have in their hot little hands... you could almost think of it like a bait-and-switch scam...

these sorts of fake codecs have been getting a fair bit of attention by the security related press and a lot of people have been trying to address the problem by coming up with lists of bad codecs and the sites distributing them... many of these same people criticize the classic anti-virus model of enumerating bad things as being a broken model so i'm not sure why they think their own ad-hoc enumerations of badness are any better... at any rate, lists such as this fail to address a significant part of the socially engineered problem - once a person decides to watch the video they are much less likely to think about the safety of the codec they're subsequently asked to install in order to get at that content they are trying to watch...

another much more to the point way of addressing the problem is to just tell people don't install codecs... this advice would certainly work, but people who have videos they can't watch have an incentive to not listen to that kind of advice... it's not like you can tell people that the video is probably a fake because there are so many legitimate codecs out there that aren't installed on computers by default that legitimate videos asking for legitimate codecs is actually still a very probable scenario...

as an aside i'd like to admit something to you - i am a consumer of video content, i have been for quite a long time and i played codec roulette back in the day before codecs became a major malware attack vector... codec roulette pissed me off because it was so much work sometimes to find just the right codec... there was even a point where i tried re-encoding the videos so that i'd wind up with files that were all the same format, but even that required the codecs...

it turns out that a solution to the hassle of the old-school codec roulette works pretty good for the new malware enhanced version of codec roulette as well... the reason is because the solution to the hassle of codec roulette is to find a player that will play just about anything without ever having to find and install codecs... armed with such a player, supposed video that needs a codec you don't have becomes a much more suspicious scenario and so one that people are less likely to fall for...

for me, that media player was the vlc media player (which i supplemented with real alternative for realmedia files)... there may be others (in fact there probably are) that handle even more formats but i don't recall the last time i encountered a video i couldn't play right out of the box or even if i've encountered any such files since moving to this solution (even video downloaded from youtube, or mkv files which i'd never even heard of until i had one and found that yes vlc handles them too)... i have no idea how well vlc handles DRM contaminated video files but i don't need or want digital rights malware on my computer anyways...

so consider this a bit of safe-hex for video consumption... get a player that can play just about everything and then when a video you can't play comes along consider it suspicious by default and don't bother with it because it's probably not going to be good for your computer...

2 comments:

Anonymous said...

i was on chatroulette and someone gave me a link to a site saying how do u look in this video i clicked the link and it i had to download vidcodec.464783 which turned out to be fake codec what will this do and is it a trojan

kurt wismer said...

in all likelihood it is a trojan of some sort, but i have no idea what that specific one would do.

it could be spyware, it could be adware, it could be scareware, it could be a banking trojan that that gives criminals access to your bank account, it could be a bot that makes your computer part of a botnet that sends spam emails or performs DDoS attacks, or it could be a downloader trojan that downloads one or more of the aforementioned types of malware, etc. there are so many possibilities.

the most important point, though, is that you really can't trust your computer for anything sensitive (like banking or making online purchases, etc) right now until you do something to clear that off. if you weren't prepared for such a compromise of your system then it might be necessary to wipe your drive and rebuild it from scratch in order to be sure you got rid of everything bad.