Blue Iris vs. Milestone XProtect (for me)

[acecase]

I do realize both of those things.

I don't like to run old software. There are security reasons etc to keep your software, especially those that run accessible services, updated, but that's not it. It's more like ocd. I just hate to know that I'm behind on updates, and major versions bother me even more. The price is reasonable, so it's not a matter of being cheap. I'll pay more than that every 2 months for Ring. I just don't want it to be an extra hassle. For something like this that I generally just want to leave running, I want to be able to setup the system to auto update and you can't do that when there is no perpetual license option. Also, in hindsight, now that I've moved to XProtect and it's working, if I don't use any of the BI features and this is free, it just makes sense.

I'm not concerned with having my camera data on a third-party system for the same reason that we make fun of people who don't like their neighbors having cameras. I have no expectation of privacy when I'm outside in my yard, and I have no indoor cameras. Having the ability to have up to 10 cameras recording full-time, and events correlated for playback, and not have a storage server of any kind to keep up myself, has a lot of value. I can't really think of a problem with them having my video footage.

 

[acecase]

I do want to be clear about something, in case I wasn't. XProtect is not even close to BI when it comes to features. It's not as user friendly as BI either. For most people, I would still strongly recommend BI. I just updated this because when I search for "Blue Iris vs. XProtect" this was my first result, and I didn't want to leave it where it was. The first attempt with XProtect was a terrible experience, and this time it wasn't bad at all. It's still nowhere near as good as BI for most people.

 

[wittaj]

So you do not want to run an old version of BI for security reasons, when the computer itself and its antivirus is the one providing the protection and that virus protection software is ALWAYS being updated, yet you will allow a camera to have internet access that has firmware that is RARELY if ever updated and are full of security vulnerabilities....much worse than running an older version of BI......

When your cameras are exposed to the internet and have internet access, people are not using it to to watch your sunbathe in the nude LOL.

They do not care about your video feed. They want your internet access to perform DDoS attacks and get into your system thru the exploits of the camera and get your banking info.

Giving cameras internet access my friend is much more of a security risk than running an older version of BI...

EVERY camera that has internet access is exploitable due to the firmware rarely being updated. Even top tied Axis had a problem a couple months back.

 

[looney2ns]

When BI and your home network is installed, and secured properly. There is no reason to be concerned about "old" versions of BI running.
For stabilty reasons, you should turn off Windows updates as well. Again, not a concern if you have your network properly secured.
The cameras should never be allowed to touch the internet in the first place.

How to Secure Your Network (Don't Get Hacked!) | IP Cam Talk

VPN Primer for Noobs | IP Cam Talk

 

[LittleScoobyMaster]

As for resource leaks, when the client is left running on my Window 11 PC, it eventually starts dragging; to the point where the video stops updating. CPU and RAM utilization goes extremely high and the client becomes unresponsive until it's restarted.

If you are still using Xprotect set the cameras to show all information from Setup (includes the info line for Hardware Acceleration on each camera.)

The next time you notice the issue and the machine starts to feel slow and unresponsive, check to see if Hardware Acceleration for each camera is still showing the name of the video card or not. If it is showing Hardware Acceleration disabled, then it has switched to software decoding for at least one camera and software decoding has many performance issues even if it's only used on a single camera. The hardware acceleration feature is unfortunately dynamic with no setting to make it stay on permanently so if you use your video card for something else on one of your other monitors, or just at random intervals due to who knows why, the hardware acceleration turns itself off on some cameras most likely to give your other application priority and then it never seems to turn it back on when your other application is no longer used. I've noticed this issue in many versions and think they need a setting to force hardware acceleration all the time at the camera level.

How did the move to Ring go and did you bump into the 10 minute live view issue with the Onvif cameras or did they fix that for Onvif only?
Normally Ring cameras can only be viewed for 10 minutes at a time and since they pipe the onvif cameras through the same system I was curious if that limitation was then made to the onvif cams as well.

Ring were also in the news again recently for more employees watching the streams often and access to video they didn't need. FTC proposed a fine:

Ring security cameras gave every employee 'full access' to all customer video for years: FTC

Ring security cameras "gave every employee ... full access to every customer video" before 2017, the FTC says

abcnews.go.com

 

[acecase]

@LittleScoobyMaster

I am still using XProtect, and the client performance leaks have been addressed at some point by updates. I don't know which version fixed it, just that today it runs for weaks at a time without issues.

The move to Ring was nixed for several reasons. One was that I didn't appreciate that they would give my video to law enforcement. Not that I worry about them seeing anything specific, but for the same reasons that you don't talk to law enforcement without a lawyer. You never know what they may think or use against you, even if it is just a misunderstanding. It only makes sense to control your own video. Beyond that, the Ring system never picked up my cameras and, at the time, there was no way to manually add them. Ring Support just said that the cameras didn't support ONVIF and so I couldn't use them. They were all Axis cameras that supported ONVIF and used ONVIF on the XProtect system, but "Support" weren't actually "Technicians." They had a script and it said to tell me the cameras didn't support ONVIF and end the call. So, I still use Ring for some site security, but not for cameras.

@wittaj
If you are still paying attention to this years later, all due respect, but I secure coorporate networks for a living and you are assuming some things and oversimplifying a lot.
I don't expose my cameras to the internet. In fact, I don't expose my cameras directly to my local network. The only access I have to the cameras is through the XProtect system.

@looney2ns
If you are still paying attention to this years later...
You are absolutely correct about the cameras never being exposed to the WAN. In fact, the cameras have no need to be exposed directly to the LAN, and so I recommend blocking that. Unless your system requires them to be on the same subnet for some broadcast protocol usage or whatever, I recommend setting up a seperate vlan, and putting that on its own firewall zone and blocking the entire host subnet from reaching it or it from reaching back to the host subnet. The server should be on a dmz network, and the cameras shouldn't be allowed to communicate in either direction to hosts on THAT subnet either with the one exception for the video system. One big reason is that you don't want someone to be able to pull the cable from one of your cameras and be on your local home network with other devices that could include security systems.
So, yes, you are correct on that point. However, to your first point, you need to think a little deeper. ANY network software that is exposed to ANY network that isn't 100% trusted (which almost none should be, including your lan in some instances as discussed above) IS ABSOLUTELY a concern reguardless if your network is "properly secured." ANY software with a network component has the potential for exploitation, and once that system has been exploited it can be used to pivot to any other system that communicates over the network with it. For example, if a bug exists in the client (including your web browser in the case of a web client) then you could potentially expose every computer that is used to view video once that "server" system is compromised.

Security is FAR FROM SIMPLE, and there is almost never a scenario where your network is completely secured. Every single step you can take to make it a little more secure is time well spent. As to antivirus software, it's a nice small bonus to run on a system that you plan to use in a typical fashion, but it is FAR FAR FAR from "enough" to protect it.