> So... two of the routers affected by the recent VPNFilter malware? Interesting choice.
If you're looking for a router that's never had a documented security flaw, you're probably going to buy a no-name brand that's full of them (because no one's looked yet, so it has a "clean" record).
The factors that you really need to look for are 1) good engineering practices for security, and 2) prompt and effective response to flaws. 1) can hard to verify completely, but you can get a sense of 2) based on patch cycles.
I have a Mikrotik router at home, and I chose it because their products are inexpensive and aimed at professionals, which means the software support is much better than consumer routers. Mine is quite old, but it still gets patches.
I wasn't aware that the Unifi stuff was vulnerable to the latest VPN stuff. I own a few ER-Xs and a Unifi AP. They're reasonable kit, but I wouldn't recommend them at all as a set it and forget it system.
- Ubiquiti has a track record of GPL violations (e.g. u-boot which dovetails nicely with a security vuln)
- The Unifi AP is tolerable for a simple home env but not much else.
- Ubiquiti support is non-existent. They basically slapped a slick GUI on Vyatta and resold it. It's nice, but they don't have much in the way of developers. So, for instance, they still haven't fixed the hardware acceleration bugs in the ER-X or the WPA2 enterprise issues in the Unifi AP.
- Ubiquiti hardware itself is hit and miss. The ER-L, for instance, is known to overheat and cook itself to death. There was a mixup with some of the PoE stuff (UBNT historically used non-standard PoE) meaning you're not entirely sure what's in the box.
UBNT hardware cheap and you can hack on it, so that's nice. But, being aimed at professionals and actually suitable for professionals are two separate issues.
I'm looking for something to update to. If not Unifi, then what brand would you recommend that would be suitable for home use by a professional, that can be updated and has good support?
Same with UBNT, though i really like the functionality Mikrotik offers. Their UI takes a bit of getting used to. My favorite thing was when you made a setting change and it’s validation was to say “Not invalid”. :)
My experience with UBNT in the field is pretty solid - no overheating and cooking issues that I’ve seen yet. I’ve RMA’d one device in about 50 deployed, over the course of a few years.
This is pure FUD. If you don't patch your Cisco machine running iOS, your Juniper machine running JunOS, your Netgate machine running pfSense, your Deciso machine running OPNSense, your PC running OpenBSD or Windows or Linux or FreeBSD or NetBSD or whatever software you may be vulnerable and someone might write malware for that vulnerability.
If you're looking for a router that's never had a documented security flaw, you're probably going to buy a no-name brand that's full of them (because no one's looked yet, so it has a "clean" record).
The factors that you really need to look for are 1) good engineering practices for security, and 2) prompt and effective response to flaws. 1) can hard to verify completely, but you can get a sense of 2) based on patch cycles.
I have a Mikrotik router at home, and I chose it because their products are inexpensive and aimed at professionals, which means the software support is much better than consumer routers. Mine is quite old, but it still gets patches.