Are there any video media players geared towards security? VLC seems good but are there any better? A more toned down on features to only play video to have less possible code and so less vuln?
Threat model - being infected with malware from opening downloaded videos or music.
Are there any on Linux? Or is VLC the best option? If VLC is the best option does any person know of a hardening guide or is that not needed?
Asking as the rec section of the site has nothing on this topic.
Thanks.
I don’t know of any well established security-focused media players. In fact, most popular video players on Linux are written in C, including VLC, mpv, and GNOME Videos, so you have no guarantee of memory safety.
Opening a video/music file which exploits a zero-day in an up-to-date media viewer is a pretty extreme threat model, even if you regularly download and view lots of media.
That said, I won’t say the threat model doesn’t exist. The FBI once caught a child predator using Tails OS by exploiting a vulnerability in GNOME Videos:
I would just reconsider if this is really your threat model.
just sandbox it down…
I tend to download things for later viewing when traveling, other times for offline veiwing when the internet in my area goes down again.
Sure running it through AV is a must because of that but sandboxing isn’t really possible to my knowledge for traveling unless I start bringing a laptop. Which is a bit much for my case.
My concern is after looking around and finding nothing it highlighted how little it is talked about and how large a concern it can be.
No, I do not need to worry about some FBI level threat or even general concentrated threat. This to me is a step up from basic security but still some thing to talk about.
Unless some one has more information maybe the best bet is to dig deep in VLC to try to turn off all settings not needed and block it from accessing the internet.
Remember some previous vuln that had url that ran when you used the video which then downloaded the malware, closing down internet access should help there at least.
I was about to say stream to browsers instead of using VLC because browsers are more secure than VLC if the media server is self hosted, but then you do have to secure a local server.
So you choose between lots of software with funding/many eyes looking for issues or just one software with less funding/less auditing.
why are you using antivirus on linux? and sandboxing is easy, just use firejail or flatpak and harden the settings (e.g. with flatseal)
sandboxing isn’t really possible to my knowledge for traveling unless I start bringing a laptop
not sure what you mean, if you’re talking about using it on android then android already has sandboxing, especially on something like grapheneos you can disable internet permission
You don’t use AV on Linux despite the continue rise of how many people use Linux? The more that use it the more it is targeted. At over 4% while ignoring Android it is tasty enough for those that want it.
ClamAV is free, doesn’t send any thing back to servers & vey light on resources. Why wouldn’t you use it or a different AV on Linux is the better question.
Sure GrapheneOS does it but that means buying a new rather expensive phone. That is why I was looking for an app as that seemed the faster and far cheaper option.
Seems like with all things privacy it is pay out big instead of low pay apps to fix a issue.
When home the things mentioned are already being done with VM with no network. That is not possible without paying hundreds and hundreds of euros for a new device.
@HauntSanctuary That is a interesting idea. Using a rather secure browser that is locked down with no JS or internet access, etc, with just the video format allowed might work.
Why would you need a local server? Just open up the file in the browser instead of the media player. The media, movies and music, is saved on my device for traveling already. Unless I’m missing some thing?
Sure GrapheneOS does it but that means buying a new rather expensive phone. That is why I was looking for an app as that seemed the faster and far cheaper option.
does your phone not even allow you to disable an app from using Wifi? then u could use a firewall app like netguard or something