Video plugin issue with fullscreen
- 
 Steve and Leo LaPorte both report that they don't believe that AV really does anything for you today other than give you a false sense of security. And over all I agree with this. As long as you are fully patched and paying attention to what you're doing, you're about as safe as you can be. AV catching something is more like just dumb luck than anticipated catch of malware. 
- 
 @scottalanmiller said in Video plugin issue with fullscreen: @Dashrender said in Video plugin issue with fullscreen: What I find so damned funny - Steve Gibson preaches about how good old software is for being more secure because we've had time to beat on it, like his continued use of XP. But if we are to believe @scottalanmiller and that each new version of Windows is an evolution, Steve's continued push against moving to newer Windows versions because they are less secure is really stupid, yet at the same time, Steve is talking about moving to Chrome because it's newer, more modern ... it's just funny if you think about it. yes, I would say that he fundamentally doesn't understand how software maturity works and totally has no idea about how software gets made. XP isn't getting "honed" over time, it's just left to rot. If it were being regularly patched and maintained, there would be some value to the concept, but it is not. Windows 10 is the latest release that came from XP, not only with more and current patches, but with more than a decade more testing on it, more honing and major components upgrades when more secure ways of dealing with things were invented (or could be handled by the CPU.) I think his retort to that would be he's not worried about the old code, but the new code, the new features. It's kinda funny (again) he almost seems like a technophobe at times (I know I do at times) but then he's neck deep in it at the same time. He claims to have nothing to hide, as a public figure, like a news journalist, that he doesn't worry about using highly secure texting or email. While he loves Threema for their very secure messaging platform, he doesn't consider his need for privacy to be worth the hassle of trying to push this software upon his friends and family. So he's not willing to force this issue but at the same time, he's loudly refusing to use Windows 10 because of privacy concerns. 
- 
 @Dashrender said in Video plugin issue with fullscreen: Steve and Leo LaPorte both report that they don't believe that AV really does anything for you today other than give you a false sense of security. And over all I agree with this. As long as you are fully patched and paying attention to what you're doing, you're about as safe as you can be. AV catching something is more like just dumb luck than anticipated catch of malware. I get the false sense of security thing, a little. That's just about educating people not to be freaking idiots, though. If they think that, then there is no chance that they are doing the other things that they should be doing. For example, people who think this might also think that XP is safe. Clearly, my point is made. AV does protect you against some things and people who are avoiding it are in the tin foil hat crowd, in my opinion, and start doing insane things like running ancient code (read: immature code) because they don't think about how things really work and just start running off of emotions. 
- 
 @Dashrender said in Video plugin issue with fullscreen: I think his retort to that would be he's not worried about the old code, but the new code, the new features. It's kinda funny (again) he almost seems like a technophobe at times (I know I do at times) but then he's neck deep in it at the same time. Neck deep? He sounds like someone's grandmother who takes a passing interest. You guys have convinced me that these guys are total noobs and idiots on multiple occasions. they are like the media's joke version of Geek Squad techs. but with a show. 
- 
 Sadly, there are times that I feel that way to.. Leo is definitely nothing more than a hobbyist at best. Any pedestal that I used to have Steve Gibson on definitely doesn't exist anymore.. that said.. I do still learn a fair amount of knowledge, and like any place you gain knowledge from I have to temper what I hear from them with things I learn elsewhere. 
- 
 @Dashrender said in Video plugin issue with fullscreen: Sadly, there are times that I feel that way to.. Leo is definitely nothing more than a hobbyist at best. Any pedestal that I used to have Steve Gibson on definitely doesn't exist anymore.. that said.. I do still learn a fair amount of knowledge, and like any place you gain knowledge from I have to temper what I hear from them with things I learn elsewhere. That's my fear with the things that I hear that these guys say (I have to preface that because I have never heard either of them directly and only heard of them from people on here talking about them, so none of this is an opinion of what they have said, only what people have said that they have said) is that they act or sound like their technical and know what they are talking about and give horrendously reckless advice that would easily hinge on professional negligence if they worked in IT. The only thing that protects them is that they are just entertainers, but dangerous ones. Their audience, likely, thinks that they are experts and that's really horrible for end users. 
- 
 I have listened to three show so far, and made a lot of changes because they seem really to knoiw what they are doing. I mean, they are on the Internet, how bad could it be? (That was just for Jared to see if he was reading.) Anyway, I have really listened to 3 shows, and I think they could help people who have NO clue about security. But like everything they need to be taken with a grain of salt. 
- 
 @BRRABill said in Video plugin issue with fullscreen: Anyway, I have really listened to 3 shows, and I think they could help people who have NO clue about security. But like everything they need to be taken with a grain of salt. Does "running old systems and not running AV" sound like helping people? I think anyone at a level to where they would listen to a podcast of that nature is likely to a point where that would be pretty dangerous advice. 
- 
 I give you the craziness about the running of old systems.. but as for the AV, I see their point and in general don't disagree. As for backups, they do preach backups when the subject comes up. In fact Steve's daily + image/backup solution is pretty solid. There are times I disagree with some of the ideas they have/present, but that's no different than when I disagree with you. 
- 
 @Dashrender said in Video plugin issue with fullscreen: I give you the craziness about the running of old systems.. but as for the AV, I see their point and in general don't disagree. But AV remains an important piece of protection on Windows systems today. Why do no corporations with security consultants and cost analysts follow this advice? Because it is reckless. Why is it only some consumer guys on a podcast saying it? Because it's kind of crazy and only in the consumer space can you get away with it. I'm not saying that AV is as important as it was ten years ago, but in reality, isn't it? Nothing has made AV less important. There is a myth that because some threats aren't stopped by AV that AV isn't still needed. That's totally wrong. AV does a better job today and has stopped certain categories of risks - for those that continue to use AV. That doesn't mean that it is failing, that could equally mean that it is succeeding. The idea that AV isn't important to day I think is just crazy. That it gives a false sense of security is also, crazy, IMHO. I don't believe that any of their tenants of that theory hold water. It's one mistake on top of another. 
- 
 The idea of AV not being needed is predicated on someone knowing what they are doing. This is fundamentally flawed. End users absolutely do not know what they are doing. Are you really telling me that end users are not running as admins? That they are really not running old OSes? That they really keep them patched? that they really don't just download and install things? That they don't just visit any website? And even if you can convince me that end users are doing all of those things (which you cannot, even the people in question are not) AV is still regularly stopping threats. 
- 
 I'm going to have to think about that for a while. That said.. what AV are you recommending? FYI, while Leo has (and agree with you) crazily told people that they don't need AV - Steve specifically avoids the question and does not give an answer. 
- 
 @Dashrender said in Video plugin issue with fullscreen: FYI, while Leo has (and agree with you) crazily told people that they don't need AV - Steve specifically avoids the question and does not give an answer. My honest to goodness security advice is... do not listen to this podcast. I mean it. When you have reckless people like this, they are a lot like sales people - they are not your friends. Maybe they have an agenda, maybe they are just clueless, doesn't matter. They are attempting to give advice on things that they are not knowledgeable. Because of this, the format that they use, gives a sense of credibility even to things that should sound obviously insane. This is very dangerous because you are setting yourself up for an emotional response to take people who lack credibility as being credible. that means that you are increasing your likelihood of making bad decisions because you have bad input. You can't avoid all bad input. Of course. But you can identify known bad input sources and choose not to make that your continuous input. These are people who time and time again we see saying crazy things and no one is checking up on them. That's not a good thing to be feeding yourself and "hoping you can filter something good out of it." That's not how good data input works. You start with good sources and try to make them better. You don't start with random background noise and hope that the right filter turns it into something useful - that just doesn't work. 
- 
 @Dashrender said in Video plugin issue with fullscreen: That said.. what AV are you recommending? We use Webroot, it's been good. I've heard good things about Cylance. Vipre was okay, but not so much any longer. It's so so. Avast is good for home as is that other one that starts with an A and I just can't think of the name. And really, even Microsoft's own is fine. 
- 
 I think a big piece to understand is that security requires a lot of layers. Because of this, skipping any one layer often lets us be okay. Run as non-admin, have AV but skip firewall? You might be okay. Run as non-admin, have firewall but skip AV? Might might be okay. The problems start to come when you have people who intentionally skip key protections they then don't have those protections to cover for other mistakes that they make. A layer or two is gone. That's bad enough on its own. But people who skip important layers are exactly the people who make lots of mistakes, too. Or don't even know the basics. So we have a compounded problem. You take Leo, for example. First he skips AV because he doesn't understand it. Then he runs an ancient, unpatched OS because he doesn't understand software maturity. Then he starts running as admin all the time because he's unaware of security basics. Then he uses a short, but "complex" password that he can't remember so he writes it down which doesn't matter because it only takes two hours to crack anyway. Then he doesn't have a firewall because he decided to use a third party one tied to AV instead of the Windows one but then got rid of his AV and his firewall went with it. Next he downloads malware from a website because he needs to replace functionality missing from his old OS. Ooops... he's been rooted and his data is gone. It's a slippery slope of bad decisions. People who start down the path are most likely to be the ones to continue down it. So you never advise that someone start down the path - because the only people who will listen to you are the ones that need the protection the most. If anyone was in a position to skip AV, they'd have known it and never needed the advice. 
- 
 Well, before you think I'm totally crazy, I've been running Webroot since I learned about journaling feature. 
- 
 I've only listened to a few of these podcasts, but in the recent one he did NOT say to avoid AV. He said the one built into Windows is OK to use. Now, if he has said other things in the past, I do not know. 
- 
 @BRRABill said in Video plugin issue with fullscreen: I've only listened to a few of these podcasts, but in the recent one he did NOT say to avoid AV. He said the one built into Windows is OK to use. Now, if he has said other things in the past, I do not know. Leo is the one that specifically says that AV is more or less pointless. 
- 
 @BRRABill said in Video plugin issue with fullscreen: I've only listened to a few of these podcasts, but in the recent one he did NOT say to avoid AV. He said the one built into Windows is OK to use. Now, if he has said other things in the past, I do not know. Problem would be... is he saying it is okay to use because he thinks that it is a good product? Or is it okay to use because he thinks that AV is pointless and doesn't care if they work or not? Basically, if you perceive something as snake oil, all you care about is that it isn't poison. 
- 
 @Dashrender said in Video plugin issue with fullscreen: Leo is the one that specifically says that AV is more or less pointless. I'd ask this... does he feel that it was always pointless? If not, why not? If so, I think pretty much all of us have evidence that suggests that this is very much not true. 



