Auto Firmware Updates vs Security Risks

TikingAlien007

New Around Here
How do you if you have enabled Auto Firmware Updates manage it ? My understanding is that when Auto Firmware Updates are turned on, it will automatically patch the router which is fine and good for security but my concern is when this happens, does the Asus router keep the settings that were set up in the older firmware or do you go over the settings to double check them each time the update happens ?

I saw on different routers that when Auto Firmware Updates are enabled and new features are rolled out they will be automatically enabled by default, not sure how it is with Asus routers ? I think my main concern would be that Auto Firmware Updates that are coming from the official Asus repository would change some of my router's settings or more so the ones that are responsible for security like external access to the router etc that would end up exposing it to the internet more without my knowledge.

Any advice is appreciated.
 

L&LD

Part of the Furniture
My advice. Turn off Auto Firmware Updates.

The fact that you're here asking is enough for me to know you can make a better decision on your own than a blind update will, over the course of time.
 

OzarkEdge

Part of the Furniture
How do you if you have enabled Auto Firmware Updates manage it ? My understanding is that when Auto Firmware Updates are turned on, it will automatically patch the router which is fine and good for security but my concern is when this happens, does the Asus router keep the settings that were set up in the older firmware or do you go over the settings to double check them each time the update happens ?

I saw on different routers that when Auto Firmware Updates are enabled and new features are rolled out they will be automatically enabled by default, not sure how it is with Asus routers ? I think my main concern would be that Auto Firmware Updates that are coming from the official Asus repository would change some of my router's settings or more so the ones that are responsible for security like external access to the router etc that would end up exposing it to the internet more without my knowledge.

Any advice is appreciated.

Auto Firmware Update is not managed. That is its disadvantage. The best you will be able to do is schedule when it happens (requires ASUSWRT 2022 firmware, not yet released).

In general, it does not change your existing configuration/settings; may introduce new functionality with default settings; may introduce new default settings for existing settings, but not install them; may introduce new defects; etc. And not all settings are visible and user configurable. Pretty much anything is possible, imo... always review the release notes for any special instructions.

Ideally, nothing gets upset, but that is not a certainty.

If you want to be certain, manually update the firmware yourself, at your convenience, ideally when you can take the network down and troubleshoot any new issues. Worst-case is that you will recommission the network from scratch to begin troubleshooting any issues... reset the new firmware to its defaults and configure it from scratch... a clean reinstall. Or revert to using the previous firmware... another clean reinstall.

Reset FAQ
Reset button/webUI Restore/node removal - clears settings in NVRAM; reboot restores fw defaults from CFE (fw defaults)
Hard Reset via WPS button/webUI Restore+Initialize - also clears data logged in /jffs partition (fw defaults+clear logs)

As for security, you are likely no more at risk delaying security updates until you can install them yourself than you are waiting for them to be developed in the first place. If you want tight security, stay on top of your network administration.

OE
 
Last edited:

bbunge

Part of the Furniture
How do you if you have enabled Auto Firmware Updates manage it ? My understanding is that when Auto Firmware Updates are turned on, it will automatically patch the router which is fine and good for security but my concern is when this happens, does the Asus router keep the settings that were set up in the older firmware or do you go over the settings to double check them each time the update happens ?

I saw on different routers that when Auto Firmware Updates are enabled and new features are rolled out they will be automatically enabled by default, not sure how it is with Asus routers ? I think my main concern would be that Auto Firmware Updates that are coming from the official Asus repository would change some of my router's settings or more so the ones that are responsible for security like external access to the router etc that would end up exposing it to the internet more without my knowledge.

Any advice is appreciated.
Two against, one for..

I have not had issues with auto firmware upgrade. Yes, Asus did release an upgrade a while back that bricked some routers. Did not happen to me and I feel Asus is being much more cautious these days with firmware releases.
I feel it is much better to get the upgrade ASAP. Of course I also encourage using the default WIFI settings which I get creamed for all the time.

Hey, get over it you skeptics! It does work!!!
 

Justinh

Regular Contributor
About that 2022 firmware ... these two things do not inspire me.
1663799277467.png


edit: If they can't code a webpage, can we trust the firmware?
 
Last edited:

L&LD

Part of the Furniture
But it does tangentially have something to do with auto-updating firmware. ;)

This forum used to have such an open mind on the diverse perspectives different people offer.
 

Smokey613

Very Senior Member
Just be glad Asus allows us to choose to auto update or not. That is getting rare these days on consumer grade wifi routers. The new norm is not provide a way to opt out of auto update.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top