[vlc] Malicious code in MP3 files: will VLC execute them?

[Arioch]

В письме от Wed, 15 Jun 2011 11:06:40 +0400, Dotan Cohen  
<dotancohen at gmail.com> сообщал:

> The wife just got a Windows 7 laptop and she wants to play MP3 files
> from her friends. I am worried about opening files from
> likely-infected machines (I myself have seen how bad these friends'
> computers are) on her Windows machine.

Never heard of virus inside plain mp3.
While i personally had Windows Media Player downloading and installing  
virus when playing wma/wmv
Microsoft told it was needed for DRM and it is okay for them to do.

However, there are a lot of wrongly names files, i met a lot of ASF/WMV  
files with .AVI extension and WAV-MP# with .MP# extensions, so checking  
with http://MediaInfo.sf.net 1st whether file format is really mp3 would  
worth a try.

> auto-garbage loading executable code from the drive. Should I run it
> through ClamAV on the Linux computer first? That is a hassle as the

No, any antiirus is catching yesterday snow. New viri would go beyond it.

If you really so afraid then

1) use safe browser like Opera and teach wife to safe habits
2) install www.SandBoxie.com and teach wife to run all internet-related  
programs including VLC on internet mp3's via SandBoxie
2.1) if it is not enough - SB would probably protect from infections but  
would probably let private data sniffed and uploaded in SirCam way -  
install VirtualBox/VMLite with Linux and teacj her to sure inet an listen  
music in virtual test-glass. You can configure it to revert all  
virtual-HDD changes on shut-down as an extra measure of safety, after  
setting browser to keep notes/bookmarks/passwords/etc in the cloud.

-- 
Написано в почтовом клиенте браузера Opera: http://www.opera.com/mail/