There’s Apple software and then there’s Apple software running on Windows. One of the two is nice, the other not so much. Sad as it is, but somehow Apple never understood how to make “good” Windows software. Instead of working within established habits, best practices and ultimately Microsoft‘s guidelines they always seemed more busy trying to carry over their “Mac feel” and imposing it on the user rather than focusing on things like security, safety and good behavior.
Even iTunes, supposed to be the centerpoint of their online business, is a klutz on Windows and inevitably some of the more serious issues have blown up in their face on more than one occasion. Who wouldn’t remember their ill-fated attempt to bring Safari to Windows when it turned out to be a bigger security hole than even older versions of Internet Explorer?
In a similar vein, Quicktime, whether or not the flavor tied to iTunes, has always been a pain in the rear. It just had terrible performance and issues like being unable to access specific CoDec settings because panels would not be displayed correctly were just a massive annoyance. Add to that the fact that support and development have been lingering for years now, with ever only minimal updates coming out, you have yourself a veritable mess.
Why am I telling you this? Apparently some people think it’s now time to pull the plug on this piece of dysfunctional software over critical security issues. It has everybody in a scare and people are going all batty over those potential risks. But not so fast! As always, there’s a truth behind the truth and you have to stop for a minute to think about what those security issues actually mean to you. In fact those panicked reactions remind me of that alleged vulnerability in Photoshop, where malicious TIFF files could serve as an intrusion vector.
While I’m as paranoid as the next guy about these matters, let’s face the facts. Both the current Quicktime issue and the other issue required “user interaction” in that you would have to go to questionable web sites, download a file, ignore all warnings of your virus scanner and browser and then be dumb enough to actually open the files in a program that could be compromised. Now look at yourself very hard in the mirror and think about whether you would do that. Would you actually have a reason to do something like that? Granted, one cannot preclude random accidental pick-up from e.g. stock footage sites, but I would consider this a minimal risk since such issues fall back on the provider and taint their reputation. If such an incident occurs, you can be sure they will quickly pull the files and apologize a hundred times.
The other factor is of course the technical side. The provocative question to ask would definitely have to be do we even need Quicktime anymore? For pretty much everything it does there are better alternatives from encoding H.264 to mere playback and most programs support a lot of formats natively, eliminating the need for an intermediary media framework such as Quicktime is. If at all, people use it as a container for their own workflows, but then of course the obvious answer would be that you don not intentionally encode files that do damage to your own system or your collaborators. That alone should get you thinking.
So what’s the fuss about? Pretty much nothing. As far as I’m concerned, Quicktime has already been dead for a while. It has long surpassed its zenith and the only real use I had in recent years for it was as an intermediate format when we were still shuffling files to Avid systems or here at home to mangle my After Effects stuff through external encoders. Still, even then we could have used other methods, we were just often too lazy to put up with even weirder stuff than Quicktime ever was.
Of course their will be repercussions for everyone’s workflow if and when Quicktime gets nixed on Windows. Pretty much every software developer that hooks up to this infrastructure will now have to rethink their strategy. Yet it’s not the end of the world. As I already wrote, there’s plenty of other options and while Quicktime as a program may no longer exist one day, you will still be able to make use of the CoDecs via ffmpeg and other alternatives. Therefore you should be able to use your archived footage for years to come, regardless whether Apple decide to remove this stuff.
Until that happens and you need to use Quicktime and leave it installed, apply a dose of common sense and just be cautious. If you really only use it for your internal workflows, the risk is practically zero. If you exchange files with other people, have your virus scanner updated and get those alternative players and encoders to deal with those files. In case of doubt, just dump conspicuous files without even opening them. If it’s legit, a person you work with will gladly provide you with alternate formats such as image sequences or give you all the assurances you need. Same for commercial vendors. Everything else should not need any discussion.