Bing warns that VLC site may be dangerous
Microsoft's Bing search engine classifies the official site of the media player VLC as a site that might be dangerous currently.
While you may type https://www.videolan.org/vlc/ directly to open the site in your browser of choice, many users use search engines for that. It is understandable in the case of VLC Media Player as the URL of the project is not https://www.videolan.org/ and that is somewhat harder to remember.
A search for VLC on Bing returns the official VLC Media Player project website as the first result; while that is great, hovering over the link without clicking on it throws a warning overlay.
Bing states that the "site might be dangerous" and that continuing on to the site could lead users to malicious software that could harm the devices they use.
The report comes from Bing Site Safety, a security feature that Microsoft added to Bing to check sites in the index regularly.
Note: Bing won't display the safety notification if the width in the browser is small; that's quite the issue in itself.
The Bing Site Safety Report for the Videolan website provides details: the "URL is currently classified as suspicious due to the following detection types: Indications of malicious activity."
Microsoft's scanned the site on November 27, 2018 for the last time and detected suspicious content during that scan.
Bing does not provide additional information on the indicators of malicious activity that it detected.
A quick scan of the URL on Virustotal returned only clean readings from all major antivirus engines. A download of the latest VLC Media Player for Windows, VLC 3.0.4 64-bit, went through without issues; Windows Defender did not block the program from being downloaded to the local system.
A scan of the installer on Virustotal returned one hit -- Yandex -- out of 62 engines. It is unclear whether that is related to the warning or if the installer itself made Bing flag the site or something else.
The most likely explanation is a false positive. VideoLAN checked the binary and it has not changed and is still signed correctly.
Now You: What is your take on this? (via Born)
My feeling is that Microsoft is always right except when they’re not. I also think the company is in disarray but stumbled into huge profits and now consider themselves gods. On that basis, I’m not holding my breath for any positive changes that would show any respect for their customers.
This VLC thing may be a trial balloon to gauge the reaction to what is just an attack on a leading piece of free software.
It appears Bing is paranoid. If you do a search and select images for the result and start stepping through the images you will eventually get one that gets the Bing warning.
“URL is currently classified as suspicious due to the following detection types: Indications of malicious activity.”
Means “It bad because it bad.” Typical head up your butt tech drivel.
How do I get bing out of the new Thunderbird? I don’t want to search something and find it it’s really my search engine and it loads TBird with junk cookies even though Startpage appears in about:config and bing does not.
I see Claws in my future.
I have just tried myself to search “vlc” with bing, and I have no warning overlay…
Was this an error which is now fixed, or could you still see that now ?
I wonder what it will say about Microsoft.com.
Most security and privacy protection software can occasionally produce false positives. That’s at least my experience.
VLC is a great cross-platform media player, so is SMPlayer in my experience. MPC-BE/MPC-HC are also very good (for MS Windows systems). I prefer to use a separate audio player though.
This coming from the creator of the largest botnet on the planet? Say it isn’t so.
I have never used the Microsoft virus known as Windows 10.
I have never used the spyware known as Bing.
the last time I used Malware W7 was when I purchased this computer @ 3 months ago.
the seller had to walk me though how to see the hardware/components as I had forgotten
how to find that in windows.
My fave video viewer is VLC that came installed on my MX-17.
If there website is compromised, I wouldnt know as I never go there.
But…
If I did ….
Im 99.999% safe as its unlikely any malware could DO anything to my set-up.
I have never loved my computer or the internet more since I switched over to Linux.
Thank you to Martin & all of the Wise, wise poster here who have taught me so much.
Windows is the biggest malware on the planet. Obvious. Hey, how about that $480 million contract Microsoft just got from the US military? That should answer your question why Microsoft and Google can do anything they want.
They’ve always hated free an open source software. Funny because in almost all cases, free and open source software developed by small independent devs puts microsoft’s software to shame.
This is why I still use yellowpages, library, phonebook, and newspaper n stuff when I want to search something. It helps me leave no footprints… 🌚
Perhaps Bing is warning for the CIA “Fine Dining” suite… ;-)
https://www.bleepingcomputer.com/news/security/vault-7-cia-developed-24-decoy-applications-to-spy-on-targets/
If Microsoft says it’s malicisious then it is malicisious. I just uninstllaed it
lol, you’re a rube.
“Indications of malicious activityâ€
That describes Microsoft to a T when it comes to Windows 10 updates.
This coming from Microsoft…
Just as Google and other large spying corporations sites Microsoft is blocked on my computers….. Bing is a load of BS !
Registrar & Domain Security Results for videolan.org (29 Nov 2018, 8:28 pm GMT):
https://www.cloudflare.com/domain-security-check/#videolan.org
→ Result: Failed 3 out of 4 Tests
1) REGISTRAR LOCK TEST FAILED
• Issue: Whois is missing below fields:
Status: clientUpdateProhibited
Status: clientDeleteProhibited
• Risk: Susceptible to domain hijacking via Auth Codes. ie. attackers can steal domain name by intercepting Auth Code (eg. by hacking email account, snooping on insecure internet connection, or compromising registrar itself).
2) DOMAIN EXPIRATION TEST FAILED
• Issue: Domain expires in 65 days (2019-02-03 T01:48:44Z), ie. less than the 6-month expiration window recommended for high-profile domains
• Risk: Potential accidental domain loss, due to lack of time leeway to deal with contingencies (eg. officer who maintains the domain registration leaves the company).
3) DNSSEC TEST FAILED
• Issue: Domain not using DNSSEC to authenticate all DNS queries with cryptographic signatures
• Risk: Domain is susceptible to DNS cache poisoning, ie. when an attacker tricks a recursive DNS server into caching a fake DNS record, thus silently redirecting website visitors to the attacker’s chosen web server.
Anyone using … BING? 🤔
Google started requiring me to complete a captcha every single time I tried to use it while connected through my VPN.
Bing doesn’t do this so, I use it as my main search engine now.
To be fair, Bing Maps is very good.
Related security analysis of: https://www.videolan.org/vlc
1) ImmuniWeb WebScan: https://www.htbridge.com/websec/?id=kprIsj2L
→ Check web server’s security hardening, implementation of Content Security Policy & other HTTP security headers, as well as 3rd-party content security
Final Grade: C (29 Nov 2018, 7:20 pm GMT)
MISCONFIGURATIONS OR WEAKNESSES:
• Some HTTP headers related to security & privacy are missing or misconfigured.
• Some potentially insecure HTTP methods supported by web server require the webmaster’s attention.
SERVER:
• Web server discloses its version. This may allow attackers to use known vulnerabilities & conduct further attacks against it.
X-FRAME-OPTIONS:
• Header not sent by server.
X-XSS-PROTECTION:
• Header not sent by server, enabling XSS exploitation (if not restricted by user’s browser).
X-CONTENT-TYPE-OPTIONS:
• Header not sent by server.
CONTENT-SECURITY-POLICY:
• Header not sent by server.
2) ImmuniWeb SSLScan: https://www.htbridge.com/ssl/?id=tA3yxKlX
→ Check website’s SSL/TLS security, as well as implementation for compliance with PCI DSS, HIPAA & NIST guidelines
→ Note: The scan tests the main domain, ie. http://www.videolan.org
Final Grade: A+ (29 Nov 2018, 7:41 pm GMT)
NON-COMPLIANT WITH NIST & HIPAA:
• Server supports cipher suites that are not approved by NIST & HIPAA guidelines.
SERVER CERTIFICATES SIGNED WITH WRONG ALGORITHM:
• The ECDSA certificate supplied has not been signed using the proper algorithm according to HIPAA & NIST guidelines.
SOME SUPPORTED PROTOCOLS NON-COMPLIANT WITH PCI DSS REQUIREMENTS:
• Server has TLS v1.0 enabled — which is non-compliant with PCI DSS 3.2.1 since 30 June 2018.
NO SUPPORT FOR TLS V1.3:
• Server does not support TLS v1.3 — which is the only version of TLS with currently no known flaws or exploitable weaknesses.
HTTP SITE DOES NOT REDIRECT:
• HTTP version of website does not automatically redirect to HTTPS version (unless forced by user’s browser).
SERVER DOES NOT PROVIDE HPKP:
• Server does not enforce HTTP Public Key Pinning that helps prevent man-in-the-middle attacks.
VLC on SSL Labs, it’s a mixed bag.
http://www.videolan.org IP4 (88.191.250.2)
https://www.ssllabs.com/ssltest/analyze.html?d=www.videolan.org&s=88.191.250.2
Rating: A+
http://www.videolan.org IP6 (2a01:e0d:1:3:58bf:fa02:c0de:5)
https://www.ssllabs.com/ssltest/analyze.html?d=www.videolan.org&s=2a01%3ae0d%3a1%3a3%3a58bf%3afa02%3ac0de%3a5
Rating: A+
addons.videolan.org (46.101.238.240)
https://www.ssllabs.com/ssltest/analyze.html?d=addons.videolan.org
Rating: C (The weakness relates in particular to the key exchange)
* This server is vulnerable to the POODLE attack. If possible, disable SSL 3 to mitigate. Grade capped to C.
* This server accepts RC4 cipher, but only with older protocols. Grade capped to B.
* This server does not support Forward Secrecy with the reference browsers. Grade capped to B.
—
For the following site wiki.videolan.org SSL Labs gave rated it as good while HT Bridge was of different opinion, not sure what exactly causes the differences.
wiki.videolan.org IP4 (88.191.250.2)
https://www.ssllabs.com/ssltest/analyze.html?d=wiki.videolan.org&s=88.191.250.2
Rating: A+
wiki.videolan.org IP6 (2a01:e0d:1:3:58bf:fa02:c0de:5)
https://www.ssllabs.com/ssltest/analyze.html?d=wiki.videolan.org&s=2a01%3ae0d%3a1%3a3%3a58bf%3afa02%3ac0de%3a5
Rating: A+
@ Cigologic
Seems, sites like htbridgedotcom(ImmuniWeb) use FUD to sell their security software to gullible website owners.
M$ also uses FUD to scare Win 7/8.1 users into buying Win 10.
In this case, M$-Bing is using FUD against the very popular videolan/VLC website to scare Win 10 users into buying Windows DVD Player from M$ Store for US$15. Win 10 does not play DVD natively, ie no more Windows Media Center.
OTOH, criticisms against Win 10 forced auto-updates and Telemetry collection are often ignored by M$ and her sheepie-fans as FUD.
@ cigologic
Same test for wwwdotmicrosoftdotcom/en-us/software-download/windows10ISO
Final Grade C
Some HTTP headers related to security and privacy are missing or misconfigured.
Misconfiguration or weakness
Some cookies have missing secure flags or attributes.
Misconfiguration or weakness
X-XSS-Protection
The header was not sent by the server, enabling XSS exploitation if not restricted by the client’s browser.
Misconfiguration or weakness
X-Content-Type-Options
The header was not sent by the server.
Misconfiguration or weakness
Content-Security-Policy
The header was not sent by the server.
Misconfiguration or weakness
.
.
Same test for microsoftdotcom
Final Grade B
Some HTTP headers related to security and privacy are missing or misconfigured.
Misconfiguration or weakness
Some cookies have missing secure flags or attributes.
Misconfiguration or weakness
Content-Security-Policy
The header was not sent by the server.
Misconfiguration or weakness
Bing, the site that has REPEATEDLY served malware ads as the first result for innocuous things like chrome, or printer drivers, or just about anything you would come to need downloading, is telling you that legit software is a virus… that’s rich.
Bing, Bang, Bong. Boom. I never understood the pertinence of this search engine unless as a dedicated Microsoft toy for the company to have it’s own. Irrelevant IMO. I never used it and I doubt I ever will.
The only thing that is dangerous is Microsoft and Bing.
“Indications of malicious activity”
Talk about a uselessly vague explanation! That’s pretty much the same as saying “URL is currently classified as suspicious due to the following detection types: suspicious site.”
VLC is the most overrated software ever. Such a bad player. People go for it just because it have a “cute” icon and a famous name. MediaPlayerClassic still kicking!
Cute? Boi I hate that stupid cone icon with a passion. The interface is mediocre compared to other players.
People use VLC because it works with everything and it’s completely free. Plus it still provides high quality reproduction with potato hardware on any software platform, not every media player can claim this.
Agreed, VLC is garbage – it still doesn’t even support keyframes!
I always used KMPlayer but then the dev sold it to some company and joined the development team of PotPlayer, so I’ve been using that ever since and it is unbeatable!
Is it possible to remove this supposedly “cute” icon ? So ugly, so offensive. Don’t you prefer it when things around you are beautiful, including software ?
MPC is my goto for movies and sometimes flac. VLC’s strength is accessing network streamed video, for instance monitoring surveillance cameras within your network. Once you get the cameras network address right, monitoring the stream feed is cake and you can record with VLC too. If MPC can do that, I’ve yet to discover how.
I use Real media player, mIRC, ICQ, AOL chat…. and all that on Win98. Beat that! 😀
MPC-BE is the best player for most video extensions. VLC for the rest.
PotPlayer represent
@Alex
I will say this, as a user of Media Player Classic…what seems like over ten years. I don’t believe it has had much Dev support the last two. But, it obviously was my go to player.
I came across a Pot Player recommendation by a user here on GHacks…after a VirusTotal check, I installed it.
I then watched an MPEG-4 media file (animated feature) X1080
I observed a stunning improvement visually, and the audio was much more solid.
My Intel(R) Graphic 520 Display Adapter lit up like a Christmas Tree.
Pot player is my new number one. Although the UI is a bit clunky for me. I love MPC, and I still use it intermittently.
One has to be open for change. Better is just that.
SMPlayer FTW!
I can second that. I use MPC-BE (Black Edition)
Lol, VLC is very much a great player (and last time I checked cross platform) so I think I’ll stick with VLC
How exactly is it bad?
I always go for it because it works. Perfectly. On quite a large number of PCs I’ve tried it. And phones as well. And because whenever I had problems with it, simply reporting issues to their forums got it fixed within days/hours. And because it has a cute icon which wears a Santa hat once a year which I find to be quite a nice touch ;)
VideoLAN is a great organization and a good example of how free and open source software should be like.
@Yuliya : I say the same as You ! + MediaPlayerClassic overrated trash…
Microsoft used Bing to show a link to malware-to filled Chrome last month
The most funny and ridiculous thing happened recently is that people are so mad at the Goolag’s censored Chinese search engine project named *Dragonfly* witch compromises with the CCP government. They don’t say a word about or they just even don’t know what M$ and Bing search have already done:
https://en.wikipedia.org/wiki/Bing_(search_engine)#Censorship
I think this is because the M$ has already been EVIL enough that nobody has any expectations for them, which becomes kind of *advantages* in their PR instead the Goolag and Mozilla so suck from.
So for everybody, cherish your life, stay away from M$.
Don’t use VLC! Pay ten buck$ on Microsoft® Windowsâ„¢ Store© to play DVD on your Windowsâ„¢ 10â„¢ PC!!! >:(
It’s dangerous to Microsoft. The more people who download VLC, the fewer stay on Windows Media Player.
True, as with LibreOffice and Gimp. On those one has to temporarily disable folder protection of windows defender just to install without a hassle. Seems like ongoing subtle coersion sometimes.
True, as with LibreOffice and Gimp. On those one has to temporarily disable folder protection of windows defender just to install without a hassle.