NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Does Netgear really "Push" critical security updates?
TLDR: Has Netgear "pushed" any firmware updates in the past 12 months? There have been critical security issues fixed during that period. User beware. If not: Be pro-active. Don't ass-u-me that ever...
Netgear does make firmware updates available to the live update feeds. If the device is configured for automatic updates, it will happen when available. If not - there is no unrequested or forced push of anything.
Disputable how smart the advise is to disable the automatic update as suggested. The problem was that many users had very bad experience with any kind up new updates.
schumaku wrote:Netgear does make firmware updates available to the live update feeds. If the device is configured for automatic updates, it will happen when available. If not - there is no unrequested or forced push of anything.
On the RBK50's, NG will inform the user that there are updates available. They have been doing that recently, confusing people about which ver is the latest etc. AFAIK, the user has to choose to install the updates. Is there way to configure it for automatic install?
I have removed my R9000 and I don't recall that there was a way to have the new firmwares install automatically on those.
Disputable how smart the advise is to disable the automatic update as suggested. The problem was that many users had very bad experience with any kind up new updates.
I don't like automatic installs myself. But I tend to read up about the latest issues in the news, listen to Security_Now podcast etc. The casual user is in a no-win situation: They can be on older insecure versions or enable automatic installation (if that is even available for the Orbi's) with its risks.
With my short history (2 months) w the Orbi's, I was asking if NG pushed and automatically installed fixes in 2020. Because they certainly had a couple of serious issues come up last year.
alokeprasad wrote:With my short history (2 months) w the Orbi's, I was asking if NG pushed and automatically installed fixes in 2020. Because they certainly had a couple of serious issues come up last year.
Perhaps the real question is, has anyone here had problems(?) with their system due to the 'serious issues' that came up last year you mention above?:mansurprised:
vajim wrote:and there's more
From that article (from 2018):
Some NETGEAR routers support automatic firmware updates. Automatic firmware updates ensure that important security updates are automatically delivered to your router to increase the security of your home network. Automatic firmware updates restart your router as part of the update process, which means that you lose Internet access for a few minutes.
Automatic firmware updates happen between 1:00 a.m. and 4:00 a.m. local time. To avoid firmware updates starting at an inconvenient time, make sure that your router is set to your local time zone.
Have they in fact done any of this automatic installs on the Orbi's and the Nighthawk R8xxx, and R9xxx in the last year?
This discussion is tilting philosophical.
Indeed, it is a matter of taking security issues seriously and fixing them before they have consequences. Many consequenses may not be apparent to the user. Like using their router as a hop in DDOS attacks , yadda yadda.
Fixing security issues is a matter of practicing "safe hex". We should do (or not do) these things after being aware of the issues, not with the complacency that someone else (like Netgear in this case) will take care of the problems automatically if it was "serious enough".
Still don't have any answer: Has NG push-installed updates on the Orbi's in the past year?
alokeprasad wrote:This discussion is tilting philosophical.
I warned of this in the beginning
Still don't have any answer: Has NG push-installed updates on the Orbi's in the past year?
Couldn't tell ya, but it sounds like you have a plan.
alokeprasad wrote:I have removed my R9000 and I don't recall that there was a way to have the new firmwares install automatically on those.
The feature exists for years on the R9000 (and many more devices)
Users actively managing devices will often read email notifications for security updates, will login so the firmware update annoucement will show up - before the automatic update will happen the following night. That's why many here are probably ahead of the automatic update.
Thx, schumaku. Thanks for the memories :smileyhappy: I had automatic updates disabled all along, so I never experienced an update without me initiating it. I am unaware if NG pushed automatic installations on the RXXXX devices. Are they actually updating those devices anymore?
I don't see automatic-update option (or how to turn it off) on the RBK50's web interface or user manual. The choices (from the manual p 89) are: You can use the router web interface to check if new firmware is available and update your router and satellite,or you can manually update the firmware for your router andsatellite.
So, I'm asking the community here if they, in fact, push automatic installs on the Orbi's.
I don't know what answer I like: I would not like push installs on MY Orbi. In fact, I want to turn all such automatic-anything off. But it would nice to have that be done in a reliable manner on users who don't follow the latest goins-on in IT world.
In real life, the users are stuck between a rock and a hard place: Have Systems with un-patched security holes or systems (out of warranty) that get bricked or reset overnight by NG. Sadly, I'm seeing many posts that are talking about bricking happening to them.
There as been resome recent posts regarding users seeing updates come down from NG on to there Orbi units. Seems NG is stil auto pushing with out any user intervention.
Orbi doesn't or will it ever seem to have the ability to let the user disable this either. Been like this since the beginning and users have asked about it. No change from NG stance.
