Security and Windows Media Player 10At Microsoft, we are continually striving to ensure a safe and reliable computing experience. As part of this effort, we develop and release updates and fixes for recognized issues. Periodically, we combine many of these fixes into a single package and make the package available for you to install on your computer. These packages are called service packs.
Windows XP Service Pack 2 contains the latest collection of updates for Windows XP Home Edition and Windows XP Professional. These updates help improve the reliability and compatibility of the operating system. Service Pack 2 also includes several security technologies that help protect your computer against malicious attacks from viruses and worms. These technologies are not intended to replace periodic security updates as they are released, but rather to help strengthen the ability of Windows XP to defend against malicious attacks. Together, they will make it more difficult to attack Windows XP, even if the latest updates are not applied. Windows XP Service Pack 2 is now available for download from the Microsoft Windows Update Web site.
Installing Windows XP Service Pack 2 is your first line of defense for improving the security of your computer. But when you visit a Web site, play digital media content from the Internet, or store content or information on your computer, it is important to know whether your privacy is maintained and whether your computer is protected from attacks. Although the Internet provides new and exciting opportunities, it can also introduce risks to the security of your computer and any personal information stored on it.
To maintain the security of your computer and the privacy of your personal information, it is important to follow these basic guidelines:
This page provides information about security features in Windows Media Player 10 and best practices for maintaining the security of your computer and the privacy of your personal information.
Keep your computer current with the latest security updates.
Install virus scanning software on your computer and keep it current with the latest security updates.
Only play and download content (including digital media files, skins, visualizations, and plug-ins) from Web sites that you trust.
Understand the options for configuring Windows Media Player and your computer to maintain security and privacy.
Adjusting security settings in the PlayerWindows Media Player 10 offers enhanced security features that enable you to protect the Player and your computer. The following options are available on the Security tab of the Tools Options dialog box:
Run script commands when present. This option specifies whether to allow URL and FILENAME script commands to run when you play digital media content that contains them. (If the Player encounters a URL script command during playback, the user's default Web browser displays the Web page corresponding to the URL specified in the script command. If the Player reaches a FILENAME script command, the digital media file specified by the script command is opened.) Script commands can contain instructions that enhance the playback experience. For example, a script command may open your Internet browser and display a related Web page while the Player plays back content. However, digital media content may contain malicious script commands that attempt to perform unwanted actions on your computer. Web pages may also contain malicious script commands that run on your computer without your knowledge. This option is not selected by default. You can select this check box if you want to enable the script commands in the Player.
Do not run script commands and rich media streams if the Player is running inside a Web page. This option specifies whether to allow URL and FILENAME script commands to run when you play digital media content that is embedded in a Web page. Note that selecting this option may prevent rich-media streams from running. Rich-media streams can contain HTML, a Microsoft PowerPoint slide show, or digital media content. This option is not selected by default. You can select this check box if you want to prevent any script commands and rich-media streams from running in a Web page.
Do not prompt me before playing enhanced content that uses Web pages. This option specifies whether to notify you when you are about to play digital media content that has been enhanced with Web pages. These Web pages will display information related to the content you are playing. But because some content can contain malicious Web pages, Windows Media Player will prompt you to verify that you want to proceed when enhanced digital media content is detected. The prompt is enabled by default. To turn off the prompt, select this check box.
Note: Your installed music service might also enhance your playback experience with Web pages, and you might not be prompted for this content. Consult your music service for more information.
Show local captions when present. Windows Media Player supports Synchronized Accessible Media Interchange (SAMI) captioning of media content. SAMI content can be located on the Internet, your hard disk, or your CD or DVD. During playback, Windows Media Player accesses the content to locate and display SAMI captions. Enabling this option allows access to SAMI content in all of the content zones available to your computer. Clearing this option will limit access to the Internet zone. This option is cleared by default.
Zone Settings. This command opens the Internet Options Security dialog box, which lists zone settings that control which types of content can be displayed in the Player. The Player uses the Internet zone settings for much of the HTML content that is displayed in the Player. You can change the Internet Explorer zone settings to control how content is displayed in Web pages in the Player and to change the level of access that Web sites have to your computer. Note that changing settings may affect the operation of Player features or prevent information from being displayed. For example, if you disable active scripting in Internet Explorer, the Guide feature will not be displayed correctly in the Player. Changes to the zone settings will also affect Microsoft Internet Explorer, Microsoft Outlook, Outlook Express, and any other programs that rely on the Internet Options security zones. For more information about zones and zone settings, see Internet Explorer Help.
Back to Top
Using secure Internet sites for transactionsWindows Media Player can display Web pages to improve your playback experience. Some of these Web pages are set up to prevent unauthorized people from seeing the information that is sent to or from those sites. These are called "secure" sites. Because Windows Media Player supports the security protocols used by secure sites, and upholds the security settings you established in Internet Explorer, you can send information to a secure site with safety and confidence. (A protocol is a set of rules and standards that enables computers to exchange information.)
When you visit a secure Web site, it automatically sends you its certificate, and the Player displays a lock icon on the status bar. When you click the lock icon, the certificate of the Web site is displayed. (A certificate is a statement verifying the identity of a person or the security of a Web site.)
If you are about to send information (such as your credit card number) to a Web site, you should determine whether the connection is secure by checking for the lock icon in the status bar. If the security credentials of the site are suspect, the Player will not display the lock icon in an effort to warn you that the security of the site could not be verified.
Back to Top
Using secure authenticationWindows Media servers and certain Web servers use different technologies to verify or authenticate your identity before you can access digital media content. These technologies, which are also known as authentication packages, include the Basic, NTLM, Digest, Kerberos, and Negotiate protocols.
When connecting to a server, you might be prompted for user name and password. If the authentication protocol being used is not secure enough to protect these credentials, you will receive a warning. Consider carefully whether to submit your credentials at this time. You can choose not to submit your credentials by clicking Cancel.
Back to Top
File format validationA variety of content is available on the Web today. While much of this content is reliable and offered by a trusted source, not all content is safe. Some content has been tainted to perform malicious actions on your computer or to obtain personal information such as passwords or credit card numbers. In some cases, files are renamed with different file name extensions in an attempt to trick you into downloading unwanted content. When Windows Media Player attempts to play a music or video file that has been downloaded from the Internet, it verifies that the file name extension matches the format of the file. If a discrepancy is found, the Player asks you to confirm that the file should be played. Note that if the extension does not match the file format, unexpected playback behavior could occur.
Back to Top
Using a user account with limited privilegesIf your computer is running a version of Windows XP that enables you to use different types of user accounts, such as administrator or standard accounts, your computer may be better protected if you log on using an account with limited privileges. Since users with administrator accounts can make system-wide changes to the computer, including installing and removing programs, adding and deleting operating system files, and accessing other users' passwords and Library databases, malicious programs or viruses can use this type of user account to access personal information. Users with non-administrator accounts cannot allow programs and applications to be installed and run automatically, which could protect your computer from viruses. For more information about user accounts, see Windows Help.
Back to Top
Working offline with the PlayerWorking offline (disconnecting from the Internet) is the most secure mode in which to use the Player. Keep in mind, however, that many Player features are unavailable when you work offline. For example, if you are not connected to the Internet when you click Guide or one of the online stores, the Player displays a page informing you that the computer must be connected to the Internet in order to use this feature. Other features that require an Internet connection include:
Retrieving and displaying media information, including album art
Finding, viewing, and updating album information
Finding and viewing DVD information
Acquiring and restoring licenses
Downloading codecs, visualizations, portable device drivers, plug-ins, and skins
Checking for updates to the Player, and performing security upgrades
Setting the secure clock on portable devices based on Windows Media DRM 10 for Portable Devices
Browsing Windows Media Player Web Help
For more information about working offline and the Player features that require an Internet connection, see Windows Media Player Help
Back to Top
Maintaining your privacyMaintaining your privacy is closely related to protecting your computer. Windows Media Player 10 offers a number of options for controlling the way in which the Player handles your private information. To better understand which Player settings affect your privacy, see Windows Media Player Help and the Windows Media Player 10 Privacy Statement.
Back to Top
Updating your computerMicrosoft is committed to delivering timely updates to help maintain the security of your computer. When security and privacy issues are discovered, Microsoft will make information and software patches available as quickly as possible. For the latest information and patches for your computer, see the Trustworthy Computing Security Web page.
In addition, ensure that you understand the security features of Internet Explorer and install the latest security and privacy updates. To do so, see the Understand and Maintain Security with Internet Explorer Web page.
You can visit the Microsoft Windows Update Web site to install the latest service packs, device drivers, application compatibility updates, and security updates for your computer. Windows Update provides you with a tailored selection of updates that apply only to the software and hardware installed on your computer. Any update that Microsoft considers critical to the operation of your operating system, programs, or hardware is classified as a critical update and is automatically selected for you to install. Critical updates are provided to help resolve known issues and protect your computer from known security vulnerabilities. For more information about using Windows Update, see Windows Help.
Back to Top
Reporting security vulnerabilitiesThe Microsoft Security Response Center investigates all reports of security vulnerabilities affecting Microsoft products. If you believe you have found a security vulnerability affecting a Microsoft product, we'd like to work with you to investigate it. To report a security vulnerability, please contact the Microsoft Security Response Center. For more information about security vulnerabilities, see the Definition of a Security Vulnerability Web page.
Back to Top