Jump to content

Remove Quicktime from Windows Version of Vectorworks


Recommended Posts

Quicktime is a huge security hole.

In 2008, out of 91 published vulnerabilities by the Zero Day Inititive, 14 were in Quicktime (15.5%).

http://www.zerodayinitiative.com/advisories/published/2008/

So far in 2009, 4 of 16 published vulnerabilities are in Quicktime.

http://www.zerodayinitiative.com/advisories/published/2009/

There is no way to remove quicktime and run Vectorworks and patched versions are not compatible.

Furthermore, there is no way for a windows user to unassociate quicktime from the .mov file extension. Malicously formed data files are the mechanism by which quicktime creates vulnerabilities.

Link to comment

Before we all go jumping off the cliff and demanding the excision of critical core functionality.

Perhaps a better understanding of the issues involved is in order.

Please read:

http://developer.apple.com/documentation/Security/Conceptual/SecureCodingGuide/SecureCodingGuide.pdf

Yes .. a "huge security hole" is always a problem ... but did you know that pilot error is also a "huge problem" ... cus' it's the number one cause of most airline fatalities.

Logically, the ideal solution is to eliminate the pilots in order to save the passengers.

If NNA programmers do their jobs well enough to garner the faith and trust of Users over many years and versions, then perhaps the 'maliciously formed data' vulnerabilities are manageable ... and we... the proverbial passengers... will survive to tell our story.

Link to comment

I would also like to see quicktime go away. I would think things have advanced so it can be replaced with system graphics.

I like to keep my computer lean. Quicktime insists on being a startup item, which is not needed for VW. You can disable it to startup but it always enables itself.

Link to comment

Islandmon,

If NNA programmers were patching Vectorworks every time a new version of Quicktime came out, it would be one thing.

But the current situation is quite another.

Vectorworks 2008 was released in Sept 2007. It is compatible with QT 7.2.

QT 7.3 was issued in November of 2007.

QT 7.4, 7.4.5, and 7.5 were released during the support cycle for Vectorworks 2008, but it wasn't patched to support them on the windows platform.

Current Version of quicktime is 7.6. Vectorworks 2009 supports only version 7.5 on windows.

Reading through the Zero Day vulnerabilities, it seems that the vulnerabilities remain consistent through each update to Quicktime.

Windows users cannot upgrade Quicktime reliably, and cannot unassociate it from the .mov files...it's simply not allowed in preferences. So there is no protection...Windows users are forced to run a less secure lecacy version of the software on their machines.

Link to comment

The idea that NNA should be willing to forego the development of VW and spend the time reinventing the 'graphic wheel' is extremely naive . The idea that NNA engineers would somehow manage to avoid the 'security holes' which cause such consternation is an interesting concept considering the all-to-common bug reports involving legacy code.

If anything .. Quicktime is a mature technology with highly trained and skilled engineers toiling away in the dungeons somewhere on this planet. May of us recall when QTv1 arrived on the scene ... and how far it has progressed. Our lives are infinitely better because of it and so is VW.

Link to comment
As far as QT upgrades, I've never had a problem running the latest QT in any version of VW.

I have...twice due to automatic updates. Once on my laptop and then on my desktop after it became my primary machine.

Both times I had to reload off the original VW disk. The first time was with QT7.3 right after I purchased Vectorworks. Second time was QT7.4.5.

NNA must see enough problems to specifically state that other versions aren't supported on Windows.

-

Edited by brudgers
Link to comment
The idea that NNA should be willing to forego the development of VW and spend the time reinventing the 'graphic wheel' is extremely naive . The idea that NNA engineers would somehow manage to avoid the 'security holes' which cause such consternation is an interesting concept considering the all-to-common bug reports involving legacy code.

If anything .. Quicktime is a mature technology with highly trained and skilled engineers toiling away in the dungeons somewhere on this planet. May of us recall when QTv1 arrived on the scene ... and how far it has progressed. Our lives are infinitely better because of it and so is VW.

I don't think quicktime was ever intended to be the basis for a design program running under windows...the fact that NNA can't easily make Vectorworks support updates in a timely manner is evidence of it. And I seriously doubt that making it so is a priority for Apple's code monkeys...there's a lot more money to be made at the iTunes store.

As for NNA, they just swapped out the entire 3d engine, how hard can it be to link the windows version to a native code library?

Link to comment
Before we all go jumping off the cliff and demanding the excision of critical core functionality.

Perhaps a better understanding of the issues involved is in order.

Please read:

http://developer.apple.com/documentation/Security/Conceptual/SecureCodingGuide/SecureCodingGuide.pdf

Yes .. a "huge security hole" is always a problem ... but did you know that pilot error is also a "huge problem" ... cus' it's the number one cause of most airline fatalities.

Logically, the ideal solution is to eliminate the pilots in order to save the passengers.

If NNA programmers do their jobs well enough to garner the faith and trust of Users over many years and versions, then perhaps the 'maliciously formed data' vulnerabilities are manageable ... and we... the proverbial passengers... will survive to tell our story.

I'm not worried about a maliciously formed Vectorworks file.

But an .mov file is another matter.

It's not an issue with the quality of NNA's code, in this case.

It's an issue of the overall architecture.

Link to comment
I don't think quicktime was ever intended to be the basis for a design program running under windows...the fact that NNA can't easily make Vectorworks support updates in a timely manner is evidence of it. And I seriously doubt that making it so is a priority for Apple's code monkeys...

And the bad nooz is that Apple switched over to Intel chips 4 years ago.

Let's not rule out those pesky VideoCard developers either.

Link to comment

I just do not update Quicktime - what a hassle hey

and as for

Personally I'd like to see the Windows go away.

Who you are screams so loudly in my ears it is difficult to hear what you are saying

I am so sick of the Windows versus Mac c**p

I just do my work and get on with it

Link to comment
Personally I'd like to see the Windows go away.

Even Apple knows that you can't really be productive without Windows, that's why they emphasize the ability to run it in their advertizing.

As for Windows going away, I doubt it's going to happen. More likely you'll see the demise of the Mac as you know it. Pystar is still selling Mac clones and Apple hasn't been able to get an injunction (that's huge). http://www.psystar.com/

In the long run, it would make sense for NNA to just drop the Mac and focus on windows. Once they stop fooling around with making two versions, they can easily make Vectorworks good enough to drive platform choice.

Besides given the technical limitations of OSX there isn't really a plausible single platform alternative...it's been 20 years since there was a platform determining application for the Mac.

Link to comment

In the long run, it would make sense for NNA to just drop the Mac and focus on windows. Once they stop fooling around with making two versions, they can easily make Vectorworks good enough to drive platform choice.

i think you'll find MiniCAD started as a Mac App, not Windoze so if anything has to go . . . . . . .

:):):)

Link to comment
It puzzles me why people participate in these discussions yet purport to be sick of them.

I thought essentially the discussion was about security flaws in Quicktime

But again it seems it is degenerating again into another Mac versus Win

And a comment like

Personally I'd like to see the Windows go away.

Just does not help

Fact is - Windoze is not going away

Perhaps Win versus Mac debates should be banned so we can all get back to business

Who cares what you use as long as you get your work done

No puter is perfect

Link to comment

In the long run, it would make sense for NNA to just drop the Mac and focus on windows. Once they stop fooling around with making two versions, they can easily make Vectorworks good enough to drive platform choice.

i think you'll find MiniCAD started as a Mac App, not Windoze so if anything has to go . . . . . . .

:):):)

Actually, you're making my point.

Twenty five years ago, back in the big hair eighties, it was possible to build a Mac only app and make money. [100% Mac effort]

About a dozen years ago, NNA split their efforts between windows and OSX. [50% Mac effort]

I wouldn't bet on the trend reversing...or even stopping.

As they say, time marches on, and history's dustbin is full of wonderful computers...like the Amiga, the C64, etc.

Link to comment

On this point I totally agree with Mr. brudgers ... life would be a whole lot simpler and we would all be much better off... if there was only a single source Operating System running all the computers on our small isolated planet.

In this regard Microsoft with their 90+% market share is the only rational choice. If history is any indicator, the lessons of the past 25yrs. point convincingly to a reality in 2025 in which Microsoft will control 100% of the computing experience.

And since AutoCad is the acknowledged standard CAD package for WinOS, we should all be eager to drop our use of VW and simplify our live's with the WinOS/Acad advantage.

Furthermore, WinOS & AutoCad are not plagued with any gapping security holes or nefarious Quicktime components either. This... then ... is the wave of the future we can all look forward to according to the mystic Microsoft brotherhood.

Link to comment

Considering that Adesk is offering free academic licensing to unemployed professionals, I wouldn't be surprised to see their market share increase radically when work picks up.

My point is that dual development consumes resources that could go into making a stronger single platform implimentation...ADSK increased it's market share after going to a single platform.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...