Three Vulnerabilities Discovered in Real Player

prostoalex writes "British Next-Generation Security Software discovered three vulnerabilities in popular Real Player. A malicious attacker can execute arbitrary code by offering corrupted RealAudio stream. Real Networks posted the instructions on dealing with security flaws."

Instructions

[DarkHelmet]

Here are some nice instructions on how to deal with Real Player's security flaws:

1. Click Start, go to Control Panel
2. Click Add / Remove Programs
3. Find the program entitled RealPlayer, and uninstall it
4. Run Adaware to make sure any spyware they might have installed is no longer on your machine
5. Convince people to Use better alternatives

I still hate RealPlyaer. Any sort of file format that requires me to install the company's software to use I will eternally hate, regardless of who it is. I hate Real, and I hate Quicktime. I'd ask that they both die a slow miserable death, but I honestly want them both out of the way so that more open standards will take their place faster.

I love the disclaimer...

[HermesHuang]

Warranty: While RealNetworks endeavors to provide you with the highest quality products and services, we cannot guarantee and do not warrant that the operation of any RealNetworks product will be error-free, uninterrupted or secure. See your original license agreement for details of our limited warranty or warranty disclaimer.

Essentially, we don't guarantee our product works, but you should still pay us for it. Seems to be the philosophy of many software companies...

Re:I miss Progressive Networks...

[orthogonal]

So, I guess I'm not surprised that there's a "lazy programmer" style security flaw in their products today.

Lazy programmer? Abashed, ashamed, depressed programmer is more like it.

Real is so widely reviled -- by techies, hell, by anyone who has ever downloaded it -- that I'm sure a large number of Real's programers are dispirited, depressed, and resentful that management turned what had been a reputation for technical innovation into a reputation for deceptive marketing practices.

Once a programmer has dragged his ass into Real in the morning only to be told for the tenth week in a row to forget codec improvements, it's time to hide another five opt-out click boxes on a drop-down list at the bottom of narrow scroll pane behind a button on the third page on a fifteen page tab dialog, it's no surprise that even if he does get to patch the codecs, he won't be doing anything near his best work.

"upgrade to the latest" strategy, no real patching

[MMHere]

Real's approach has always been to have their latest & "greatest" software running on your PC. ("greatest" software is less well tested).

So I run RealPlayer8 Basic when I need to. Their fix is to have me replace it with RealPlayer10 Gold? I don't wanna.

I also don't like having to upgrade to a newer set of local softwares simply because the "file format" has changed. There aren't that many advances in formats/compression over time, and it seems to me that: new formats are released more frequently than necessary, thus "requiring upgrades" to new readers of said formats.

(A) Patch the buggy apps you still support; don't make us install new (less well tested) software so often;

(B) Don't tie the desire to distribute your latest code to [often] unnecessary media format changes.

"I Sam thee to Dayton! (It's worse than Cleveland.)"

Re:I miss Progressive Networks...

[gnu-generation-one]

"I just don't get all you privacy freaks. Really, it doesn't take that much effort to lie to a few simple questions. Grow up"

You lie to protect your privacy, yet verbally abuse those who take their own privacy seriously and dislike lying?