Video plugin issue with fullscreen
- 
 I give you the craziness about the running of old systems.. but as for the AV, I see their point and in general don't disagree. As for backups, they do preach backups when the subject comes up. In fact Steve's daily + image/backup solution is pretty solid. There are times I disagree with some of the ideas they have/present, but that's no different than when I disagree with you. 
- 
 @Dashrender said in Video plugin issue with fullscreen: I give you the craziness about the running of old systems.. but as for the AV, I see their point and in general don't disagree. But AV remains an important piece of protection on Windows systems today. Why do no corporations with security consultants and cost analysts follow this advice? Because it is reckless. Why is it only some consumer guys on a podcast saying it? Because it's kind of crazy and only in the consumer space can you get away with it. I'm not saying that AV is as important as it was ten years ago, but in reality, isn't it? Nothing has made AV less important. There is a myth that because some threats aren't stopped by AV that AV isn't still needed. That's totally wrong. AV does a better job today and has stopped certain categories of risks - for those that continue to use AV. That doesn't mean that it is failing, that could equally mean that it is succeeding. The idea that AV isn't important to day I think is just crazy. That it gives a false sense of security is also, crazy, IMHO. I don't believe that any of their tenants of that theory hold water. It's one mistake on top of another. 
- 
 The idea of AV not being needed is predicated on someone knowing what they are doing. This is fundamentally flawed. End users absolutely do not know what they are doing. Are you really telling me that end users are not running as admins? That they are really not running old OSes? That they really keep them patched? that they really don't just download and install things? That they don't just visit any website? And even if you can convince me that end users are doing all of those things (which you cannot, even the people in question are not) AV is still regularly stopping threats. 
- 
 I'm going to have to think about that for a while. That said.. what AV are you recommending? FYI, while Leo has (and agree with you) crazily told people that they don't need AV - Steve specifically avoids the question and does not give an answer. 
- 
 @Dashrender said in Video plugin issue with fullscreen: FYI, while Leo has (and agree with you) crazily told people that they don't need AV - Steve specifically avoids the question and does not give an answer. My honest to goodness security advice is... do not listen to this podcast. I mean it. When you have reckless people like this, they are a lot like sales people - they are not your friends. Maybe they have an agenda, maybe they are just clueless, doesn't matter. They are attempting to give advice on things that they are not knowledgeable. Because of this, the format that they use, gives a sense of credibility even to things that should sound obviously insane. This is very dangerous because you are setting yourself up for an emotional response to take people who lack credibility as being credible. that means that you are increasing your likelihood of making bad decisions because you have bad input. You can't avoid all bad input. Of course. But you can identify known bad input sources and choose not to make that your continuous input. These are people who time and time again we see saying crazy things and no one is checking up on them. That's not a good thing to be feeding yourself and "hoping you can filter something good out of it." That's not how good data input works. You start with good sources and try to make them better. You don't start with random background noise and hope that the right filter turns it into something useful - that just doesn't work. 
- 
 @Dashrender said in Video plugin issue with fullscreen: That said.. what AV are you recommending? We use Webroot, it's been good. I've heard good things about Cylance. Vipre was okay, but not so much any longer. It's so so. Avast is good for home as is that other one that starts with an A and I just can't think of the name. And really, even Microsoft's own is fine. 
- 
 I think a big piece to understand is that security requires a lot of layers. Because of this, skipping any one layer often lets us be okay. Run as non-admin, have AV but skip firewall? You might be okay. Run as non-admin, have firewall but skip AV? Might might be okay. The problems start to come when you have people who intentionally skip key protections they then don't have those protections to cover for other mistakes that they make. A layer or two is gone. That's bad enough on its own. But people who skip important layers are exactly the people who make lots of mistakes, too. Or don't even know the basics. So we have a compounded problem. You take Leo, for example. First he skips AV because he doesn't understand it. Then he runs an ancient, unpatched OS because he doesn't understand software maturity. Then he starts running as admin all the time because he's unaware of security basics. Then he uses a short, but "complex" password that he can't remember so he writes it down which doesn't matter because it only takes two hours to crack anyway. Then he doesn't have a firewall because he decided to use a third party one tied to AV instead of the Windows one but then got rid of his AV and his firewall went with it. Next he downloads malware from a website because he needs to replace functionality missing from his old OS. Ooops... he's been rooted and his data is gone. It's a slippery slope of bad decisions. People who start down the path are most likely to be the ones to continue down it. So you never advise that someone start down the path - because the only people who will listen to you are the ones that need the protection the most. If anyone was in a position to skip AV, they'd have known it and never needed the advice. 
- 
 Well, before you think I'm totally crazy, I've been running Webroot since I learned about journaling feature. 
- 
 I've only listened to a few of these podcasts, but in the recent one he did NOT say to avoid AV. He said the one built into Windows is OK to use. Now, if he has said other things in the past, I do not know. 
- 
 @BRRABill said in Video plugin issue with fullscreen: I've only listened to a few of these podcasts, but in the recent one he did NOT say to avoid AV. He said the one built into Windows is OK to use. Now, if he has said other things in the past, I do not know. Leo is the one that specifically says that AV is more or less pointless. 
- 
 @BRRABill said in Video plugin issue with fullscreen: I've only listened to a few of these podcasts, but in the recent one he did NOT say to avoid AV. He said the one built into Windows is OK to use. Now, if he has said other things in the past, I do not know. Problem would be... is he saying it is okay to use because he thinks that it is a good product? Or is it okay to use because he thinks that AV is pointless and doesn't care if they work or not? Basically, if you perceive something as snake oil, all you care about is that it isn't poison. 
- 
 @Dashrender said in Video plugin issue with fullscreen: Leo is the one that specifically says that AV is more or less pointless. I'd ask this... does he feel that it was always pointless? If not, why not? If so, I think pretty much all of us have evidence that suggests that this is very much not true. 
- 
 Funny that this gets mentioned now. I would point to an article on SW where someone asked if patching computers was still worthwhile for the same logic. He felt that "since there were two high profile breaches that could not have been prevented with patching" that it might no longer be worth doing. Of course that was completely failed logic. It's similar to wondering if because brakes can't save you from every possible accident that you should not bother installing them on cars. But the attitudes feel similar: someone perceives the threats that they concerned about being something different than what patching or AV helps primarily to protect against and then thinks that that protect isn't viable because of that perception. 
- 
 If I let it run for a few seconds first, it works fine in full screen (using chrome) - if I attempt to go full screen straight away the same thing happens as you reported... 
- 
 @scottalanmiller said in Video plugin issue with fullscreen: @Dashrender said in Video plugin issue with fullscreen: Leo is the one that specifically says that AV is more or less pointless. I'd ask this... does he feel that it was always pointless? If not, why not? If so, I think pretty much all of us have evidence that suggests that this is very much not true. Steve Gibson does advocate for people to run a local AV of some sort. Security Essentials had been testing to be at about the same level of protection as the other big security vendors ~2 years ago, which is why he says it's "good enough". Partially outdated at this point. He did recently move to Windows 7, but is backwards with his arguments for holding back.j Leo named his network perfectly imo, twit. He is really just a news person, and we've been over what we think of American based news already this morning! 
- 
 From my perspective, what little I have seen of Leo, he only styles himself a news person. Which makes it mostly innocent. But sadly, a news person relaying opinion stops being a news person. 
- 
 @scottalanmiller said in Video plugin issue with fullscreen: Funny that this gets mentioned now. I would point to an article on SW where someone asked if patching computers was still worthwhile for the same logic. He felt that "since there were two high profile breaches that could not have been prevented with patching" that it might no longer be worth doing. Of course that was completely failed logic. It's similar to wondering if because brakes can't save you from every possible accident that you should not bother installing them on cars. But the attitudes feel similar: someone perceives the threats that they concerned about being something different than what patching or AV helps primarily to protect against and then thinks that that protect isn't viable because of that perception. I disagree. The patches thinks keeps most know, hopefully all known, bad things at bay. With AV, the rate of new infections, etc... unless you're running heuristic, the sig only based solutions are pretty pointless, as long as you have the rest of your defenses up and running. I only am willing to pay for and run Webroot because of journaling. If not for this feature, I would, well not skip it since Windows Defender is free - so I'd just stick with Windows Defender. Leo's point, assuming I remember correctly is that most AV still use primarily definition files and they are pretty useless considering how fast things continue to morph. I don't recall him specifically making a recommendation to use or not use, but he's stated that he himself doesn't use, but in the same breath he says he doesn't use Windows much any more, mostly using Linux or Mac stuff. 
- 
 Here is the transcript from this week where they discuss it. (And also my issue with using Malwarebytes instead of a reformat.) P.S. Maybe time to fork this post? Leo: Nice to wipe them out. All right. This is the no-antivirus question: Steve and 
 Leo, I've been listening to the show since the start of the year, and I'm hoping - so
 these are all people who are fairly new, I guess; you know? I'm hoping that I will
 become more knowledgeable in security, mostly by osmosis. Thank you so much for
 your interesting conversations and for sharing your infinite wisdom. Aw. Thank you.
 My questions may show my true naivete, though: I was listening to a recent Security
 Now!, and Leo mentioned that you need not have an antivirus. What? I personally
 use Avira's free antivirus, and I like to scan to make sure that I have no intruders. Is
 there a better way to do this? Does this even protect me in the slightest? Can you
 recommend any episodes of Security Now! that could possibly teach me some more
 basics, or any other free - minimum-wage laborer here - educational tools. Thanks
 so much. I look forward to your podcast every week. Marissa.Steve: So you and I are on the same page on this, which is that the AV which is now 
 available for free - and I assume that Marissa is a Windows user. She didn't say. But
 Windows incorporates either, what, Windows Defender or Security...Leo: It used to be called Security Essentials. And in Windows 10 it's just called 
 Defender.Steve: Right. And it's being updated. It's constantly updated. Microsoft has sort of slowly 
 crept into this business so they wouldn't upset the existing AV industry that first formed
 around Windows. But at this point I just - I don't suggest anyone use a third-party AV. If
 something really gets - somehow passes that and gets in, I like - I just use
 Malwarebytes, free edition, run that to clean a system, and then remove it. But
 otherwise, I don't have anything running all the time.Leo: I pretty much agree with that. The problem is that viruses spread so fast now 
 that an antivirus probably isn't going to protect you.Steve: Correct. Leo: So in some ways that's a false sense of security. You get a free antivirus. You 
 don't need one on a Mac, really. There's really not an issue on the Mac. And the
 other one I would say is there are a lot of companies trying to sell you antiviruses on
 mobile, on iOS and Android. And there's no reason in the world to use those. They
 can't do anything of value. And Google and Apple already do everything that can be
 done. In fact, Google will scan every app before you install it. And Microsoft won't
 even allow you to have an app that isn't scanned before. Doesn't keep stuff out of
 the store, but they have ways of killing it. And even if you download it, and it gets in
 the store, having a antivirus on iOS or Android is not going to prevent you from
 getting hurt.Steve: Right. Leo: So they're of limited utility. And they have some negative impacts. They slow 
 your machine down. Sometimes they can keep you from doing things. A lot of the
 bugs that I hear about on the radio show, first question, I say, do you have security
 software running?Steve: Well, and we also know that they've had some questionable practices, too, that 
 they have installed security certificates in the root store, and they're looking at all of the
 security traffic coming in and out of your machine. Now, on one hand, it's like, well, yes,
 but that's local, and it's for your benefit. But if they're not careful, third parties can
 obtain the key and use that as a means of getting into your system. So it just - I don't
 think that, on balance, the benefit outweighs the collection of problems. And, for
 example, if you do have Windows, just use what's there.
- 
 So he has the "Macs are magically safe" issue, too. 
- 
 Although I think there might be confusion. Is he saying no AV, or no third party AV? 




