It’s official! Quicktime for Windows is no longer supported by Apple. What does this mean for all the filmmakers out there who rely on the ProRes line of codecs?
Security holes in Quicktime for Windows
Nowadays, many cameras are capable of recording to the popular ProRes codec in various flavors. The codec is being used widely throughout the industry due to its robust set of features and its capability of being integrated flawlessly within a wide range of workflows. Every major NLE system can handle the *.mov file containers.
Two weeks ago, the security company Trend Micro published an article in which two major security flaws were uncovered. The article came along with an “urgent call to action” to immediately uninstall QuickTime from Windows machines to maintain data security.
According to Trend Micro, there are two primary reasons for their vigorous statement, first:
Apple is deprecating QuickTime for Microsoft Windows. They will no longer be issuing security updates for the product on the Windows Platform and recommend users uninstall it. Note that this does not apply to QuickTime on Mac OSX.
Second, our Zero Day Initiative has just released two advisories, ZDI-16-241 and ZDI-16-242, detailing two new, critical vulnerabilities affecting QuickTime for Windows. These advisories are being released in accordance with the Zero Day Initiative’s Disclosure Policy for when a vendor does not issue a security patch for a disclosed vulnerability. And because Apple is no longer providing security updates for QuickTime on Windows, these vulnerabilities are never going to be patched.
Apple’s official statement
And now, Apple have confirmed to the Wall Street Journal that they are not going to support Quicktime for Windows anymore. So what does all this mean for us as filmmakers? Well, it is quite a shock, because as of today you end up having two options as a Windows user:
1) Uninstall Quicktime – the safest option, but you’ll end up having no chance to play back or edit ProRes files anymore
2) keep Quicktime – shouldn’t be an option. Only do this if you have no alternative or if you are finishing a ProRes project as we speak
Solutions and workarounds
If number one is an option for you, then you should switch to a different codec right away, such as DNxHD or DNxHR. The problem lies in the fact that many modern cameras record to ProRes. Not quite as many are capable of recording to DNxHD/HR. So there should be a swift response from the industry, too. Red, for example, offers a free update for their whole lineup of cameras which unlocks recording to DNxHD/HR.
Adobe did make an announcement on that very issue, too. It is a bit confusing, though. They recommend uninstalling Quicktime for Windows. On the other hand, they also admit that some core functions of their Creative Cloud suite may be affected by doing so. Hopefully, they can come up with some solution very soon.
The seemingly small step for Apple to discontinue Quicktime for Windows could turn out to be a significant leap for the camera and filmmaking industry. Hopefully, the manufacturers will come up with—and provide—some solutions quickly. Red is a good example that others should, and will hopefully, follow.
For now, make sure to run an anti-virus scan on your Windows machine and think twice when handling Quicktime movies on Windows machines!
Please Note: The link to Wall Street Journal points to a subscription based article. However, the first paragraph tells you nearly everything that you need to know.
As you can see, there is a vivid discussion going on in the comments on this matter. It seems that only the Quicktime player for Windows as well as the web components such as browser plugins are affected by these security flaws. NOT the ProRes codec itself. So, it should be safe to work with Quicktime encoded files as long as you solely use the codec (within a NLE), not the player or browser plugin. However, you should be cautious when handling Quicktime files on Windows machines.
Thanks to Patrick Zadrobilek, PiDicus Rex and all the others for contributing! Check out Patricks article on this.