DOES IECLEAN PROTECT ME FROM MEDIA PLAYER 8?
In an article posted at:
http://www.ComputerBytesMan.com/privacy/wmp8dvd.htm
and reported widely by the Associated Press, a discussion of privacy concerns with respect
to Windows Media Player 8 functioning under WindowsXP is presented. The
security and privacy issues raised however extend to ALL Windows
platforms running either Media Player 8 (XP/2000 only) or Media Player 7
or 7.1 (all other platforms including Windows 95, 98, 98SE, ME, NT, 2000
and XP) and the created database file called wmplibrary_v_0_12.db exists
under all of these versions of Windows Media Player and contains the
listings which can be found in Media Player by clicking on the "Media
Library" tab on the left hand side of Media Player when it is running.
The "issue" is not limited to either Media Player 8 or exclusively to
Windows XP.
We first discovered the "reporting" possibilities during our development of IEClean 6.00 which was released on December 6, 2001. As a result of our determination that privacy issues existed in the original Media Player 7 and Media Player 8 betas, functions were added to IEClean to permit users to short-circuit these capabilities using IEClean 6.00. In IEClean 6.00's PRIVACY tab is an option marked "Block Media Player monitoring" which disables transmission of the UUID (Universally Unique Identifier) to remote sites as well as the automatic obtaining of licensing and passing of that information to sites which request same.
In addition, IEClean 6.00 provides a means of removing information regarding media files and URLs accessed by Media Player which are stored in several locations in the Windows registry by means of the "Remove Media Player opened file list" and "Common Dialog files" options in the MRU's tab of IEClean 6.00.
Windows Media Player, when permitted to access the Microsoft site which provides details on media files played, will obtain a cookie which contains a "tracking ID" within that cookie along with other cookies obtained from various Microsoft sites. Ordinary use of the "Remove unwanted cookies" on the main IEClean 6.00 screen as part of a cleanup will destroy the data and identifiers contained in those cookies.
Between these two options, any remotely-trackable information is thwarted through the use of IEClean and each time IEClean is used for a cleanup, this information is removed from the user's system through a secure deletion process. It is not possible to remove or alter the UUID installed with Media Player however without breaking its functionality, another issue we considered in IEClean 6.00's construction. This is the reason why we chose to permit blocking of transmission as opposed to modifying the data.
Examination of traffic generated by Windows Media Player during IEClean 6.00's development and re-examination after release determined that this large file was never transported nor were any of its contents. The file is in a format similar to Microsoft's ODBC (Access) Database and was accessed SOLELY by Windows Media Player during our monitoring of its behavior.
During our development of IEClean 6.00, using the beta release of Media Player it was determined that end-user licensing data was also kept within this database and it was determined that wiping this file would jeopardize customers who paid for licensed access by possibly destroying their "receipt" and could possibly result in their having to pay again to relicense media that they had already paid for.
At the time of IEClean 6.00's release, we made the decision NOT to remove this file as it was not at potential risk for transmission and was an essential part of Media Player's functionality. Our determination at the time still holds true, however Microsoft has not placed license information into this database and it seems unlikely that they will. Therefore, if you're still concerned about this file, it can be removed if you wish and Media Player will create a new, empty file the next time it is run. However, it is NOT necessary to remove this file and its privacy implications are limited solely to the machine the file resides on.
The wmplibrary_v_0_12.db file in question is not routinely kept in a fixed location - it can vary tremendously in where it lands from one machine to another and Microsoft does not provide a "where is it?" entry in the registry to locate this file as it normally does for most other files. This makes it difficult to automatically remove this file since it can be in a different place on any given machine, especially if multiple logins exist.
It can be located in any of the following places:
your \Windows or \WINNT folder
your \Windows\System or \WINNT\System32 folder
the \Documents and Settings\All Users\Application Data\Microsoft\Media
Index folder (Windows 2000 and Windows XP only).
the \Program Files\Common Files\Application Data\Microsoft\Media Index
folder (Windows 9x and Windows Me only).
or it can be present in other folders.
The easiest way to determine where yours is located is to use the FIND
or SEARCH feature from the Windows start menu and search for
"files/folders" containing the keyword:
WMPLIB*.DB
For those using IEClean, note the FOLDER in which yours is located and you can place this folder into IEClean's FILES tab in the box marked "Additional folders." It is not necessary to specify the file in IEClean. Before doing so however, you're advised to use the Windows file explorer and navigate to that folder and make sure that no OTHER files exist in that folder.
If you DO find any other files in that folder, and you're an IEClean customer, send an email to support@nsclean.com along with the NAME(S) of the files found in that folder so that we can help you determine if it's safe to add that folder for cleanup.
IMPORTANT: If your copy of wmplibrary_v_0_12.db is in your WINDOWS or WINNT folder, DO NOT add the "windows" folder for cleanup by IEClean or your system will be destroyed as IEClean will dutifully wipe the entire folder's contents. If your wmplibrary_v_0_12.db file is in the "Windows" or "Windows\system" folder, then you will need to use the included FileVac utility provided with IEClean to destroy the file for you on a manual basis (to keep it from going to the recycle bin where it can be resurrected).
To use FileVac in order to destroy the wmplibrary_v_0_12.db file, open
the Windows file explorer, locate the wmplibrary_v_0_12.db file and DRAG
it to the FileVac icon on your desktop. FileVac will then much the file
performing a secure delete of the file without risk to your "windows"
folder.
___________________________________________________________________________
You are receiving this email as part of our Opt-In Newsletter program.
You have either opted in with us or through Digital River. We value
your privacy. If you wish to stop receiving these, please email
newletter@nsclean.com with the subject of OPT-OUT and ONLY the email
address(es) to be deleted in the body of the message. If you have
received multiple copies of the mailing in error, please email
newsletter@nsclean.com with the subject of MULTIPLE and list ONLY the
email address(es) to be deleted in the body of the message, we will
retain the primary address and send one copy to you in the future. Thank
you.
©2002 Privacy Software Corporation. All rights reserved.