Trying to Figure out What's OK and What to Block

So far I still didn't see any proof. All network communication behaviour of WMP is well-documented and can be disabled, even before ever attempted. If you left it enabled, intentionally or due to lack of interest, it's fully intended communication and no phone-home. Merely a privacy-concerning bad default configuration, but nothing evil.

Actually phone-home seems to be a total hype to me. I only know of 2 seemingly legitimate programs where a communication occurs unexpectedly and cannot be normally disabled.

The first one is DC++, an open-source DirectConnect P2P client. It searches for an update in the "About..." dialogue with no option to disable it. Anyway, you can modify the source and compile it on yourself.

The second one is, interestingly, Zone Alarm. Thanks to Volker Birk for pointing that out.

I was once pointed on a certain build of RealPlayer 10, but I could not verify the claims. Zero communication on correct configuration.

Wrong.

I have read many of the threads that you are in, and generally you are very knowledgeable. But on this one you are just plain wrong.

As I explained to Kerodo, after you configure WMP to not connect to the internet for any reason it goes ahead and does it anyway. And keeps doing it every time you use it. But you wouldn't know that because you don't believe in personal firewalls..er..packet filters or whatever you call them. I will not make any efforts to prove it to you. Your education is your responsibility, not mine. And if you choose to remain ignorant about WMP, I don't care. I know what it does (or tries to do) because I have watched it many times. That is enough for me. I don't care if you don't take my word for it.

Probably the biggest part of zonelab's business is selling statistics of what people are doing with their computers. How do you think they compile those statistics?

-Fishlips

"Delicious Fried"

So how did you configure it? Read the manual and did all the configuration available in the Options menu _and the Group Policy settings_ accordingly? I do know about some hidden settings, but none of them is related to network connections. Did you trigger something that is fully intended to create a network connecting, like playing a MMS stream or DRM-f***ed-up stuff?

But I do believe in netstat or GUI versions like TcpView. And they give me clear indication that everything works like documented.

I'm always interested in details on how your setup is and what communication you catched (preferably using a network sniffer). Usually it turns out to be some fully documented option that, if used correctly, does not create a connection any more.

I wouldn't call trying to reproduce your findings as ignorance.

Through the statistics that it sends when the related options are turned on by default and never turned off by clueless users?

I don't want to spend the time going through each menu and detailing each setting for you. But I am smart enough not to misconfigure WMP and then complain about what it's doing

I have set that program up every time I installed Windows - dozens of times, and it is always the same. It always tries to connect within the hour, ostensibly for updates, after being configured not to.

Nope.

Here is an interesting bit:

There is also an article somewhere that shows, from Zonelabs own documentation, that Truevector is designed primarily as a reporting tool to gather user behavior.

At one point a paid version came out that had a menu option which gave the user the choice to opt out of information gathering. Whether that setting actually worked or not is anybody's guess. The free version did not have that option, neither did any version of Zonealarm prior to that, although Zonelabs had been boasting of their data gathering capability for years.

At this point I don't care. I haven't used Zonealarm for years. But when I did use it, like the guy in the google thread above, I used a second firewall to block Zonealarm from connecting out, which it tried to do.

-Fishlips

"Delicious Fried"

Fishlips wrote:

The same for me, except that it doesn't connect. I can offer you the following relevant settings:

HKCU,"Software\\Microsoft\\MediaPlayer\\Player\\Settings","Client ID",,"" HKCU,"Software\\Microsoft\\MediaPlayer\\Preferences","AutoAddMusicToLibrary",65537,00,00,00,00 HKCU,"Software\\Microsoft\\MediaPlayer\\Preferences","AutoAddRemovable",65537,00,00,00,00 HKCU,"Software\\Microsoft\\MediaPlayer\\Preferences","ForceOnline",65537,00,00,00,00 HKCU,"Software\\Microsoft\\MediaPlayer\\Preferences","PromptLicenseBackup",65537,00,00,00,00 HKCU,"Software\\Microsoft\\MediaPlayer\\Preferences","StartInMediaGuide",65537,01,00,00,00 HKCU,"Software\\Microsoft\\MediaPlayer\\Preferences","AcceptedPrivacyStatement",65537,01,00,00,00 HKCU,"Software\\Microsoft\\MediaPlayer\\Preferences","UpgradeCheckFrequency",65537,02,00,00,00 HKCU,"Software\\Microsoft\\MediaPlayer\\Preferences","UpgradeCodecPrompt",65537,00,00,00,00 HKCU,"Software\\Microsoft\\MediaPlayer\\Preferences","AccessLock",65537,00,00,00,00 HKCU,"Software\\Microsoft\\MediaPlayer\\Preferences","AddToCDDVDHistory",65537,00,00,00,00 HKCU,"Software\\Microsoft\\MediaPlayer\\Preferences","AddToMRU",65537,00,00,00,00 HKCU,"Software\\Microsoft\\MediaPlayer\\Preferences","AutoMetadataFuzzyMatch",65537,01,00,00,00 HKCU,"Software\\Microsoft\\MediaPlayer\\Preferences","AutoMetadataUpdate",65537,01,00,00,00 HKCU,"Software\\Microsoft\\MediaPlayer\\Preferences","AutoOrganize",65537,00,00,00,00 HKCU,"Software\\Microsoft\\MediaPlayer\\Preferences","CDRecordDRM",65537,00,00,00,00 HKCU,"Software\\Microsoft\\MediaPlayer\\Preferences","DisableMRU",65537,01,00,00,00 HKCU,"Software\\Microsoft\\MediaPlayer\\Preferences","FirstRun",65537,00,00,00,00 HKCU,"Software\\Microsoft\\MediaPlayer\\Preferences","HDCDMode",65537,02,00,00,00 HKCU,"Software\\Microsoft\\MediaPlayer\\Preferences","LibraryPersonaName",,"" HKCU,"Software\\Microsoft\\MediaPlayer\\Preferences","LibraryPersonaSetting",65537,00,00,00,00 HKCU,"Software\\Microsoft\\MediaPlayer\\Preferences","MetadataRetrieval",65537,00,00,00,00 HKCU,"Software\\Microsoft\\MediaPlayer\\Preferences","PlayerScriptCommandsEnabled",65537,00,00,00,00 HKCU,"Software\\Microsoft\\MediaPlayer\\Preferences","SaveDRMMusic",65537,00,00,00,00 HKCU,"Software\\Microsoft\\MediaPlayer\\Preferences","SendPlayerGUID",65537,00,00,00,00 HKCU,"Software\\Microsoft\\MediaPlayer\\Preferences","SendUserGUID",65537,00,00,00,00 HKCU,"Software\\Microsoft\\MediaPlayer\\Preferences","SilentAcquisition",65537,00,00,00,00 HKCU,"Software\\Microsoft\\MediaPlayer\\Preferences","SilentDRMConfiguration",65537,00,00,00,00 HKCU,"Software\\Microsoft\\MediaPlayer\\Preferences","StartInMediaGuide",65537,00,00,00,00 HKCU,"Software\\Microsoft\\MediaPlayer\\Preferences","TrackFoldersDirectories",65537,00,00,00,00 HKCU,"Software\\Microsoft\\MediaPlayer\\Preferences","TrackFoldersUseRipDir",65537,00,00,00,00 HKCU,"Software\\Microsoft\\MediaPlayer\\Preferences","UpgradeCheckFrequency",65537,02,00,00,00 HKCU,"Software\\Microsoft\\MediaPlayer\\Preferences","UsageTracking",65537,00,00,00,00

HKCU,"Software\\Microsoft\\Windows Media\\WMSDK\\General","ResetTime",65537,B3,62,05,F5 HKLM,"SOFTWARE\\Microsoft\\MediaPlayer\\9.0\\Registration","ProductID",," " HKLM,"SOFTWARE\\Microsoft\\MediaPlayer\\PlayerUpgrade","AskMeAgain",,"no" HKLM,"SOFTWARE\\Microsoft\\MediaPlayer\\PlayerUpgrade","EnableAutoUpgrade",,"no" HKLM,"Software\\Policies\\Microsoft\\WindowsMediaPlayer","NoFindNewStations",65537,01,00,00,00 HKLM,"Software\\Policies\\Microsoft\\WindowsMediaPlayer","NoMediaFavorites",65537,01,00,00,00 HKLM,"Software\\Policies\\Microsoft\\WindowsMediaPlayer","NoRadioBar",65537,01,00,00,00 HKLM,"Software\\Policies\\Microsoft\\WindowsMediaPlayer","DisableAutoUpdate",65537,01,00,00,00

HKCU,"Software\\Microsoft\\Windows\\CurrentVersion\\Group Policy Objects\\{C53CC3C5-91AA-4A5D-833D-4E7060228333}User\\Software\\Policies\\Microsoft\\WindowsMediaPlayer","PreventCDDVDMetadataRetrieval",655537,01,00,00,00 HKCU,"Software\\Microsoft\\Windows\\CurrentVersion\\Group Policy Objects\\{C53CC3C5-91AA-4A5D-833D-4E7060228333}User\\Software\\Policies\\Microsoft\\WindowsMediaPlayer","PreventRadioPresetsRetrieval",655537,01,00,00,00 HKCU,"Software\\Microsoft\\Windows\\CurrentVersion\\Group Policy Objects\\{C53CC3C5-91AA-4A5D-833D-4E7060228333}User\\Software\\Policies\\Microsoft\\WindowsMediaPlayer","PreventMusicFileMetadataRetrieval",655537,01,00,00,00 HKCU,"Software\\Microsoft\\Windows\\CurrentVersion\\Group Policy Objects\\{C53CC3C5-91AA-4A5D-833D-4E7060228333}User\\Software\\Policies\\Microsoft\\WindowsMediaPlayer","PreventCodecDownload",655537,01,00,00,00 HKCU,"Software\\Microsoft\\Windows\\CurrentVersion\\Group Policy Objects\\{FC589191-9618-4C96-BF6A-128212CCE6E3}Machine\\Software\\Policies\\Microsoft\\WindowsMediaPlayer","GroupPrivacyAcceptance",655537,01,00,00,00 HKCU,"Software\\Microsoft\\Windows\\CurrentVersion\\Group Policy Objects\\{FC589191-9618-4C96-BF6A-128212CCE6E3}Machine\\Software\\Policies\\Microsoft\\WindowsMediaPlayer","DesktopShortcut",,"no" HKCU,"Software\\Microsoft\\Windows\\CurrentVersion\\Group Policy Objects\\{FC589191-9618-4C96-BF6A-128212CCE6E3}Machine\\Software\\Policies\\Microsoft\\WindowsMediaPlayer","QuickLaunchShortcut",,"no" HKCU,"Software\\Microsoft\\Windows\\CurrentVersion\\Group Policy Objects\\{FC589191-9618-4C96-BF6A-128212CCE6E3}Machine\\Software\\Policies\\Microsoft\\WindowsMediaPlayer","DisableAutoUpdate",655537,01,00,00,00 HKCU,"Software\\Microsoft\\Windows\\CurrentVersion\\Group Policy Objects\\{FC589191-9618-4C96-BF6A-128212CCE6E3}Machine\\Software\\Policies\\Microsoft\\WMDRM","DisableOnline"",655537,01,00,00,00

You might need to readjust the latter for matching your local GUID, or use the relevant Groo Policy settings.

ROFLMAO!

Rather than spend hours trying to figure out how to block these programs from dialing out, it would seem best to just use other programs, no? I have seen others do similar things and waste a tremendous amount of time and energy on this. There are Media Player alternatives, mostly free, and there is no shortage of firewalls also. So IMO, if you don't trust the product you're using, then don't use it. Simple enough. :)

>

True. I use VLC player as my default, but it occasionally doesn't play a file. When it can't, I find that WMP usually does.

-Fishlips

"Delicious Fried"

>

BTW, it doesn't take hours to figure out how to block these programs. With most of the PFW products there is a "learning"mode. It says something like "WMP is trying to connect to Microsoft, what do you want to do? Block just this time, or Block always?" Click "Block always." It writes a rule that you can modify if you wish. Done.

-Fishlips

"Delicious Fried"

>>

So far I've only seen this for either defective AVI files with defective MSVideo1 codec or with WMV/ASF. Guess that's why it's called "Windows Media" Player.

Expect that blocking programs doesn't work, neither in theory nor in practice.

I can't see any button "STFU, I already told you the local IPC via sockets is OK."

It can be modified by any malicious program, and if you need to block a program you're threating it as malicious, for sure!

>>

Well, seems like it might be a bit more complex than that. With Media Player, if you block it all then you can't do any streaming video from the internet either. What people typically do in Kerio or other rule based firewalls is block the specific MS sites that MP tries to connect to. I've seen lists of IP addresses for this, don't remember where now though, but I'm sure you can find them via Google. There were perhaps 4 to 6 or so IPs if I remember right.

Fishlips wrote: [Fullquoting snipped]

Dear "Fishlips",

would you mind to read

?

Yours, VB.

Done, if the program wants to be controlled. Not done otherwise.

Yours, VB.

Why don't you save me the trouble and just tell me what you object to?

-Fishlips

"Delicious Fried"

Obviously: only quoting what you're actually referring to and is important for the context.

Thanx for obviously doing so ;-)

The problem was your fullquoting, which was very hard to read. And I find this a pity, because I'm interested in what you're writing here.

Yours, VB.

Thanks for the tip.

I will try to be more mindful of it for now on.

-Fishlips

"Delicious Fried"