[oprah2018]

Any suggestions for a good router that is immune from this nonsense?

[jacob019]

Buy a small cheap computer with two ethernet ports and run debian.

[spydum]

And most importantly: keep it updated.

About the only thing I would trust without updates is a bsd box. And even that, may eventually fall victim.

[oprah2018]

Ok, but what if you are very busy and you don't have time for that.

[jacob019]

which BSD? And how is hardware support these days?

[sekh60]

You could build your own with pfSense.

[oprah2018]

What if you are too busy for that?

[fungi]

https://openwrt.org/

[Scoundreller]

As in another post, I’d suggest buying any router, taking it apart, identifying the flash chip, find the write-enable line in the data-sheet and MITM that line with a flip switch to block updates at all times.

[rorosaurus]

That's actually a really good idea! I would love to see this built-in to future router models after something widespread like this. It's fairly reasonable to force users to be physically present to update. Plus, you could force them to flip the switch back by not working until the write-enable line is disconnected again.

[Johnny555]

It could have the unintended side effect of making people even less likely to upgrade firmware.

[Scoundreller]

BIOS updates used to be like that. You would have to switch a jumper to do the update.

Then they got rid of that, even though most people that bothered with BIOS updates could be directed to switch a jumper around...

[oprah2018]

Ain't nobody got time for that.

[MikusR]

An updated one, with sane defaults.