- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Re: Netgear routers: No automatic firmware security updates or user notification system
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have the R7000 and recently, my mail wasn't synchronizing itself, because their server addresses no longer got properly resolved. After a long and ardourous "support-battle" with my professional mail provider, we managed to pin the problem down to my Netgear router. Turns out, the router's firmware was in need of updating, including a security update (!), after which DNS resolution and hence mail worked properly again.
I understand that I *could* look at my router setup every x months to make sure there might, maybe, under some circumstance, be an update around that I should (have! see next) install(ed). But I don't think that is user-friendly or scalable (I've got another router at my office, another router at my parents site, and another at my parents-in-law, each of which I maintain). Also, say, an urgent security update is released the day after I made my routine check - my networks would be unprotected for months, until I check again. So that's a clear: No, that suggestion is neither scalable, and its a security liablity. So if the router is not able to update the firmware by itself (I had expected that was happening by default, and am quite astonished its not possible to turn such functionality on for my router!), I would have expected that Netgear is able to provide some kind of email notification support for this. Turns out, that isn't an option, either. As this is a security liability you buy-in with owning Netgear products, it certainly is a big red flag for my next router purchase.
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
All Replies
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Netgear routers: No automatic firmware security updates or user notification system
Netgear routers can update itself, but you need to enter to web GUI or use Netgear genie which checkes if new firmware is available and give you a notice to update, you just need to press button to make an update, in both cases router will automatically download new firmware and make a flash of new firmware. Other router muanufactures such as Asus, D-Link didn't have such ability. For those router manufactures you need to download new firmware youself and install it.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Netgear routers: No automatic firmware security updates or user notification system
Which isnt to say that other manufacturers (e.g. Peplink/Pepwave) provide solutions.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Netgear routers: No automatic firmware security updates or user notification system
I use Netgear routers for more then 5 years and i can say to you that updating is very simple. Also i have an experience of using D-Link, Asus, TP-Link and Zyxel. Netgear updating is very simple and router give an notification when new firmware is available and also Zyxel have the same functionality with the exeption of only program (for Netgear it is Genie app) for Windows and Mac OS.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Netgear routers: No automatic firmware security updates or user notification system
Now, this NetgearGenie "solution" is even worse: Foremost, I need to maintain routers on several sites, so I'd have to connect to each one with that (or a different?) app over the net, opening an even larger security liability. Indeed, I'd need to enable admin access from the external interface (to the router). Even if only run on the internal interface side, I might consider that setup a security liability: Someone might have hacked my wife's/parent's/friend's computer and is evasdropping on my home network. Or an update might be happening while I'm traveling for a week, so I'd need external interface acces after all to use Genie (or some complex desktop sharing and VPN setup). Etc.
Second, I use Linux (and Mac). And no, I will not run Wine with components from an OS that is even less secure (as we've seen with quite firghtening news just this week again) to get an insecure web-polling mechanism going that augments my network's attack surface.
If you are cozy with your "setup", I'm happy for you. Am I being paranoid? Maybe. Is this possible? Certainly. Whatever, I prefer to not wake up to a bot farm/identity theft/money extortion scheme one day because I did not update my devices. However, "Hey, I've been using the Internet for 10 years now and had no problems; what's your stress?" isn't an answer to me - I've been using the Internet before we had HTTP and I certainly have seen someone with a last-mile connect coming out of China even getting onto one of my machines.
Overall: We live in 2017, security issues abound (Intel, Windows, OSX, Android, you name it... all a liability). So what is wrong with hardware and software manufacturers (like Netgear, apparently) that can't set up secure push notifications for updates and security-related issues for their clients? Even just a plain old mailing list I subscribe to would be enough.
[EDITS: fixing some spelling and text clarity issues]
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Netgear routers: No automatic firmware security updates or user notification system
To further prove my point - just querying for "Netgear" on HackerNews lists a ton of very tough security flaws with their routers (NB that I am not querying for something like "netgear AND security," say). All of that I would miss patching if I don't get secure push notifications at all times.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
• What is the difference between WiFi 6 and WiFi 7?
• Yes! WiFi 7 is backwards compatible with other Wifi devices? Learn more