Tordex Community
Careful when installing winamp - Printable Version

+- Tordex Community (
+-- Forum: True Launch Bar plugins (/forum-4.html)
+--- Forum: Plugin features and improvements (/forum-15.html)
+--- Thread: Careful when installing winamp (/thread-589.html)

- Bob Freeman - 01-16-2003 04:04 PM

If you are planning on using winamp (True Launch Bar has winamp plugin) you might want to check into this:

Quote:Probably the worst software install trick, however, is the WinAmp3 installer. When you install WinAmp3, it will add an AOL.COM domain to your list of trusted sites in Internet Explorer and lower the security settings for the trusted domain list. The result is that visiting one of AOL.COM's domains will allow it to download and execute code on your system without so much as a prompt

I don't use winamp so I can't verify but others here might want to check.

- shapeshifter - 01-16-2003 07:44 PM

I don't know where you got this information, but your source appears to be inaccurate. I checked my trusted site list (I have WA3 and IE6), and it is empty. Just to be sure, I reinstalled Winamp3 and rechecked. Still nothing. One has to wonder what motivation Nullsoft (the makers of Winamp) would have to place AOL domains on the trusted site lists of their users' computers. The two companies share no affiliations.
I suspect that some unscrupulous "l33+ h@X()r" downloaded the WA3 installer, injected the code to add AOL domains to the trusted site list, and reuploaded the infected version for distribution at a third party's site. He (or she) could then take advantage of this newfound trust by uploading pages with malicious code to AOL domains. I don't know why she swallowed the fly. Perhaps she'll die.
I appologize for the strange style of this post. I just got done watching CSI, so I'm in a weird analytical mood Smile

Anyway, the moral of this story: always download code directly from the author's web page, if possible. When in doubt, virus scan it. If you suspct the author is capable of something like this, look elswhere. Chances are, somebody else has made a similar product. And always, always make your own coffee. It just might save your life.

- Bob Freeman - 01-16-2003 08:25 PM

My source was winamp users group in LA - original source was Yale Law School (of all places) Some say yes, some say no.


As i said I couldn't verify but as True Launch Bar users winamp 3 I thought it better to be safe than sorry.

Others may have different results

- Guest - 01-17-2003 04:29 AM

I hate to contradict you here shapeshifter, but as to Nullsoft and Aol's relationship AOL OWNS Nullsoft! And as a result owns winamp. Go to the winamp website and have a look at their disclaimer - it's not that much of a secret but they're not shouting it too loudly.

Although to be fair to them both i've not noticed any major downside to this relationship yet. I run winamp on my system and it's fine (apart from the slow startup of winamp 3).

Anyway, here's hoping that does'nt change (though it probably will)

- shapeshifter - 01-17-2003 06:42 AM

Wow, I stand corrected. Apparently the merger took place sometime back in 1999. Thanks for the info, Midian2k.

I guess that explains all the ICQ banner ads on the Winamp site, too....