On Thursday, the U.S. Department of Homeland Security issued a strange warning to Windows users: please uninstall QuickTime. Apple announced that they wouldn’t be upgrading the old QuickTime media player software for Windows users (like iTunes, QuickTime has a non-Mac version for Windows users) anymore.
Without regular updates, the program quickly became vulnerable to security exploits. As John Oliver explained last month, digital security is a constant war of attrition between software companies and malicious hackers. Discontinuing security updates for a program is a bit like pulling out your goalie, and then letting the whole team walk off the field — there’s nothing to stop the opposing team from scoring goals (in this case, program exploits).
Shortly after the announcement, the TrendMicro blog’s ZeroDay initiative discovered two vulnerabilities in the QuickTime software — while the technical details are pretty complicated, both bugs give hackers an easy way into a computer’s data, allowing “remote attackers” to “execute arbitrary code.” Basically, if someone that is not you can force your computer to run code, you have a problem. A similar “trojan horse” virus was even responsible for Anonymous hacking a NASA drone and trying to crash it into the ocean, which fortunately failed but was equal parts scary and hilarious.
The bugs do require “user input,” meaning the computer’s owner still has to download a dodgy file or visit an unsafe website — but that’s extremely common. According to Google, their safe browsing software turns up as many as 90,000 new unsafe websites every week, so there’s no real way to protect yourself if your computer has a security flaw like the ones in QuickTime. On the map on the right side of this page, you can click on your country to see a “heat map” of how many of its websites Google classifies as unsafe (in the U.S., it’s less than one percent, but since there are almost 42 million registered web pages, that’s still a big-ass number).
As The Verge noted, Homeland Security’s Computer Emergency Readiness Team puts out warnings like this pretty often, but they’re rarely this explicit:
“…Using unsupported software may increase the risks from viruses and other security threats,” the statement reads. “Potential negative consequences include loss of confidentiality, integrity, or availability of data, as well as damage to system resources or business assets. The only mitigation available is to uninstall QuickTime for Windows.”
So, yeah. If you’re a PC user, it’s time to say goodbye to QuickTime (click here for help uninstalling!) If you’re like me, you’d completely forgotten you even had it on your computer, so it’s not like you’ll be missing much. Mac users, your QuickTime is fine. You probably don’t use it either, but if you do, no need to uninstall.