- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Re: Does Netgear really "Push" critical security updates?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Does Netgear really "Push" critical security updates?
TLDR: Has Netgear "pushed" any firmware updates in the past 12 months? There have been critical security issues fixed during that period. User beware. If not: Be pro-active. Don't ass-u-me that everything is OK by default.
Some here have been advocating against updating firmware if the systems are otherwise functioning OK. The reasoning is that if the update was fixing critical security issues, Netgear would "push" it to the users, i.e., install it without any user intervention.
I am relatively new to the Orbi's, although I have been using various Nighthawk routers for decades before. I have NEVER had a firmware automatically install without my intervention.
Has that (push by Netgear) happened to Orbi users, like after March 2020, when some very critical security problems were revealed? These were rated 9.4/10 by NG themselves.
Thousands of Netgear routers are at risk of getting hacked (March 2020)
79 Netgear Routers Vulnerable to Serious Security Flaw (June 2020)
If, in fact NG does not push critical security fixes to the devices, then it is up to the user to keep up with firware update releases, find out the changes in the release notes, look up info on NETGEAR Product Security and install the updated firmware after taking everything into consideration.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Does Netgear really "Push" critical security updates?
If you're looking for the official Netgear policy, you may want to PM one of the moderators here and see if they will answer your question, otherwise what you'll recieve here is lots of personal opinions.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Does Netgear really "Push" critical security updates?
I don't need to ask NG because i know that they haven't pushed any updates in 2020. I can infer their policy from the underlying facts.
My logic is simple.
NG has had critical (9.4/10) security issues revealed (and fixed via firmware updates made available at their download site) in the past 12 months.
and
NG has not pushed any firmware updates to the units
therefore
If (you want to be be protected from those security issues)
then
update the firmware manually (and take the risks inherent in that process).
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Does Netgear really "Push" critical security updates?
Netgear does make firmware updates available to the live update feeds. If the device is configured for automatic updates, it will happen when available. If not - there is no unrequested or forced push of anything.
Disputable how smart the advise is to disable the automatic update as suggested. The problem was that many users had very bad experience with any kind up new updates.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Does Netgear really "Push" critical security updates?
OK
Nice post
Good luck with your inference
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Does Netgear really "Push" critical security updates?
@schumaku wrote:Netgear does make firmware updates available to the live update feeds. If the device is configured for automatic updates, it will happen when available. If not - there is no unrequested or forced push of anything.
On the RBK50's, NG will inform the user that there are updates available. They have been doing that recently, confusing people about which ver is the latest etc. AFAIK, the user has to choose to install the updates. Is there way to configure it for automatic install?
I have removed my R9000 and I don't recall that there was a way to have the new firmwares install automatically on those.
Disputable how smart the advise is to disable the automatic update as suggested. The problem was that many users had very bad experience with any kind up new updates.
I don't like automatic installs myself. But I tend to read up about the latest issues in the news, listen to Security_Now podcast etc. The casual user is in a no-win situation: They can be on older insecure versions or enable automatic installation (if that is even available for the Orbi's) with its risks.
With my short history (2 months) w the Orbi's, I was asking if NG pushed and automatically installed fixes in 2020. Because they certainly had a couple of serious issues come up last year.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Does Netgear really "Push" critical security updates?
@alokeprasad wrote:With my short history (2 months) w the Orbi's, I was asking if NG pushed and automatically installed fixes in 2020. Because they certainly had a couple of serious issues come up last year.
Perhaps the real question is, has anyone here had problems(?) with their system due to the 'serious issues' that came up last year you mention above?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Does Netgear really "Push" critical security updates?
This discussion is tilting philosophical.
Indeed, it is a matter of taking security issues seriously and fixing them before they have consequences. Many consequenses may not be apparent to the user. Like using their router as a hop in DDOS attacks , yadda yadda.
Fixing security issues is a matter of practicing "safe hex". We should do (or not do) these things after being aware of the issues, not with the complacency that someone else (like Netgear in this case) will take care of the problems automatically if it was "serious enough".
Still don't have any answer: Has NG push-installed updates on the Orbi's in the past year?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Does Netgear really "Push" critical security updates?
@alokeprasad wrote:This discussion is tilting philosophical.
I warned of this in the beginning
Still don't have any answer: Has NG push-installed updates on the Orbi's in the past year?
Couldn't tell ya, but it sounds like you have a plan.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Does Netgear really "Push" critical security updates?
@vajim wrote:and there's more
From that article (from 2018):
Some NETGEAR routers support automatic firmware updates. Automatic firmware updates ensure that important security updates are automatically delivered to your router to increase the security of your home network. Automatic firmware updates restart your router as part of the update process, which means that you lose Internet access for a few minutes.
Automatic firmware updates happen between 1:00 a.m. and 4:00 a.m. local time. To avoid firmware updates starting at an inconvenient time, make sure that your router is set to your local time zone.
Have they in fact done any of this automatic installs on the Orbi's and the Nighthawk R8xxx, and R9xxx in the last year?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Does Netgear really "Push" critical security updates?
@vajim wrote:
@alokeprasad wrote:This discussion is tilting philosophical.
I warned of this in the beginning
Still don't have any answer: Has NG push-installed updates on the Orbi's in the past year?
Couldn't tell ya, but it sounds like you have a plan.
Yes. I tend to install security related updates. On my PC's and routers.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Does Netgear really "Push" critical security updates?
@alokeprasad wrote:
Yes. I tend to install security related updates. On my PC's and routers.
OK...wouldn't it been easier to have stated that in the beginning?
The process of auto-updates is hot button discussion here only because of it's history.
IF Netgear were to NOT be pushing auto updates you'll still have the group, as yourself, who will perform manual updates while others perhaps not so much.
My only advice to your thinking on updates is be prepared for potential failures. There are numerous cases where users here jump on the first evidence of an update only to find it slowed or crashed their system. Some end up reverting. I may have not seen or heard of any auto pushes but at the same time I haven't seen or heard of a update that was flawless.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Does Netgear really "Push" critical security updates?
@alokeprasad wrote:I have removed my R9000 and I don't recall that there was a way to have the new firmwares install automatically on those.
The feature exists for years on the R9000 (and many more devices)
Users actively managing devices will often read email notifications for security updates, will login so the firmware update annoucement will show up - before the automatic update will happen the following night. That's why many here are probably ahead of the automatic update.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Does Netgear really "Push" critical security updates?
Thx, schumaku. Thanks for the memories I had automatic updates disabled all along, so I never experienced an update without me initiating it. I am unaware if NG pushed automatic installations on the RXXXX devices. Are they actually updating those devices anymore?
I don't see automatic-update option (or how to turn it off) on the RBK50's web interface or user manual. The choices (from the manual p 89) are: You can use the router web interface to check if new firmware is available and update your router and satellite,or you can manually update the firmware for your router andsatellite.
So, I'm asking the community here if they, in fact, push automatic installs on the Orbi's.
I don't know what answer I like: I would not like push installs on MY Orbi. In fact, I want to turn all such automatic-anything off. But it would nice to have that be done in a reliable manner on users who don't follow the latest goins-on in IT world.
In real life, the users are stuck between a rock and a hard place: Have Systems with un-patched security holes or systems (out of warranty) that get bricked or reset overnight by NG. Sadly, I'm seeing many posts that are talking about bricking happening to them.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Does Netgear really "Push" critical security updates?
There as been resome recent posts regarding users seeing updates come down from NG on to there Orbi units. Seems NG is stil auto pushing with out any user intervention.
Orbi doesn't or will it ever seem to have the ability to let the user disable this either. Been like this since the beginning and users have asked about it. No change from NG stance.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Does Netgear really "Push" critical security updates?
This article applies to:
- Wireless AC Router Nighthawk (35)
- Wireless AX Router Nighthawk (WiFi 6) (19)
- Cable Gateway AX (2)
- Wireless AC Router (21)
- Wireless N Router (72)
- Legacy Wireless Router (5)
- Wireless G Router (35)
- Legacy Wireless N Router (10)
Orbi is not listed here so we can presume Orbi is done differently.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Does Netgear really "Push" critical security updates?
How do I make sure that automatic firmware updates happen in the middle of the night for my Orbi WiF... applies to all Orbi, Orbi AX, Orbi Pro, Orbi Pro Wifi 6, Nighthaww mesh.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Does Netgear really "Push" critical security updates?
Thanks all for the replies.
It is settled. NG can, and apparently have started again, push auto-installs of firmware.
They must be fixing something important to take that step.
Too bad that one cannot disable auto-installs.
We are also in a world of hurt if the push-installs are glitchy, either in the installation process or the firmware quality. Some of the "hacking-type" methods like tftp and nmrpflash are totally unsuitable for non-techies.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Does Netgear really "Push" critical security updates?
@alokeprasad wrote:
Too bad that one cannot disable auto-installs.
you can please some of the people some of the time but you'll never be able to please all the people all the time.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Does Netgear really "Push" critical security updates?
@alokeprasad wrote:NG can, and apparently have started again, push auto-installs of firmware.
Are you stating "push without the user allowing"? Auto firmware update is perfectly normal.
It's all based on the same process - an XML feed(s) used for the auto firmware update. There is no push-like thing overriding anything. Worth mentioning that they can make different version available based on the location and based on features enabled.
@alokeprasad wrote:Too bad that one cannot disable auto-installs.
How do I enable/disable auto firmware update?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Does Netgear really "Push" critical security updates?
@schumaku wrote:
@alokeprasad wrote:
@alokeprasad wrote:Too bad that one cannot disable auto-installs.
How do I enable/disable auto firmware update?
The instructions in the link above are not available for the Orbi RBK50. See screenshot.
Maybe the codebase for the Nighthawks and Orbi's forked at some time and they removed the option to disable auto updates on the Orbi's.
• What is the difference between WiFi 6 and WiFi 7?
• Yes! WiFi 7 is backwards compatible with other Wifi devices? Learn more