Decided to dip my toes in so I followed the guide to a website where I can download some content via google drive. Like an idiot, I didn’t research the risks of direct downloads before and so I’m now a bit paranoid. I understand the chances are low and my media player needs to be exploited but is there a way to be certain? A post on reddit said to use mkvtoolnix to check all the elements but I honestly don’t know what to look for. Any help?
Personally, even if I was on a highly targeted OS like Windows, I wouldn’t really worry too much about video files being infected - with the obvious exceptions of making sure they are actually video files not something like
.mkv.exe
and that your system isn’t compromised some other way (e.g. installing / running random apps or scripts off the web / email / etc).But if you want a little extra peace of mind, you could run an antivirus file scan on it or take steps to sandbox it in a VM or security container.
If you are on Linux, you can run the media player apps like vlc / mpv / smplayer / etc in security containers which would limit their capabilities if there ever was a successful exploit on the player software via something embedded in a video or music file. There are several different apps you can use to make use of such security containers. The easiest is probably to just use flatpak versions of applications (flatpak is a “universal” linux build format - most of these are available on flathub.org - and have a built-in security container called bubblewrap which you can control with a tool called
flatseal
). There are also other options besides flatpaks such asfirejail
(which I use myself), which has pre-made profiles for a lot of the more popular linux apps so like forvlc
I could simply launchfirejail vlc
in shortcuts or I think there is a graphical app for it too. edit: jsut checked and yup, there is a gui calledfiretools
: github | their blog which has screenshots and a 2min video demo.Linux security containers rely on features built into the Linux kernel so I’m not sure if there are comparable alternatives for Windows or Mac. But I suppose if you were on one of those, you could always just run things in a virtual machine.
Without an actual link to see what they said, I’m going to go out on a limb and guess their assumption was that you would either have some kind of corrupted exe that is NOT a valid video OR a valid video. I mostly agree with that assumption - there are things like steganography that can hide data in some other data files like pictures or videos but that is more just extra crap than exploit.
IF you accept this assumption, then what they probably meant was that you could use mkvtoolnix to confirm that the mkv file loaded successfully and had audio + video streams (e.g. a really really basic test for it being a valid mkv file). You could do the same thing with the
mediainfo
tool (I believe this is also crossplatform since that’s what RARBG used to use on their media detail pages… and God do I miss that, wish other public trackers all did the same thing).