Hmm, where is "see here"? :D

ixiHmm, where is "see here"? :D

Fixed, thanks.

ASUS is deeply committed to providing the highest level of product experience to our users

I'll never understand how these empty statements are still a thing. Surely even the most brain-dead focus group will roll eyes or at best slightly chuckle at this.

The router updates came out in March for most of their routers, so just because some media picked up on this recently, doesn't mean that you've been using an unsecure router for months, at least if you update your firmware or have enabled the auto update feature.

TheLostSwedeThe router updates came out in March for most of their routers, so just because some media picked up on this recently, doesn't mean that you've been using an unsecure router for months, at least if you update your firmware or have enabled the auto update feature.

"Auto update" feature also is vulnerable to being attacked and not something to be trusted blindly. I have seen "auto update" for Java connecting to random servers in Germany to download "updates".

TheLostSwedeThe router updates came out in March for most of their routers, so just because some media picked up on this recently, doesn't mean that you've been using an unsecure router for months, at least if you update your firmware or have enabled the auto update feature.

I was surprised they didn't change the SHA keys, I just deleted them. I flash firmware manually anyway.

Chaitanya"Auto update" feature also is vulnerable to being attacked and not something to be trusted blindly.

I remember when the built-in security update got botched (I think it was Microtrend?) in Asus routers that crippled them even if you didn't have it enabled. It's why I don't use Asus anymore. It might have been a one off oopsie but it costed me at least a day of work loss and I had to go around my house re-flashing my Asus routers in my poor mans vlan twice before I figured out what was going wrong as it kept re-downloading the crippling update.

Chaitanya"Auto update" feature also is vulnerable to being attacked and not something to be trusted blindly. I have seen "auto update" for Java connecting to random servers in Germany to download "updates".

So which do you prefer, people that automagically get their routers updated with a very slight chance of there being a man in the middle attack or that people run the firmware their router shipped with and that router now being a part of a botnet without the owner knowing about it?

A Computer GuyI remember when the built-in security update got botched (I think it was Microtrend?) in Asus routers that crippled them even if you didn't have it enabled. It's why I don't use Asus anymore. It might have been a one off oopsie but it costed me at least a day of work loss and I had to go around my house re-flashing my Asus routers in my poor mans vlan twice before I figured out what was going wrong as it kept re-downloading the crippling update.

TrendMicro. That was a separate update though, as that is not part of the firmware update feature.
It clearly didn't affect people that hadn't enable that feature, as I never had any issues with that, nor did anyone else that didn't have that feature enabled.

I agree that they should stop adding these type of features, as what is being sold as a security feature clearly doesn't deliver.

Also, if you haven't already discovered it, try Merlin's firmware for Asus routers.

This needs to be told so people are aware of reality vs ASUS marketing.

Detail - you have been warned - biased - etc ... :

ASUS and security. Having no uefi updates but public known CVE and security issues on amd Chipsets for 3 or 4 weeks on the mainboard I used a month ago.
that does not fit.
I have no issues with ASUS marketing. But ASUS and security marketing is a bit fraudulent in my personal viewpoint with recent purchasable and still can be purchased asus products.

This needs to be told so people are aware of reality vs ASUS marketing. that armory crate will not matter as the uefi itself did not get any newer updates for at least 3 or 4 weeks. The uefi itself was insecure for any, ! any !, operating system out there on asus amd mainboard.

I talk about my "garbage" lying around ASUS Prime x670-p mainboard. (provided an example - may 2023 - may 2025)
see yourself how often an asus mainbaord get an uefi update. Sadly this does not show when.
docs.google.com/spreadsheets/d/12zg6yT_H7H-W1voyw1ZoIrj0GSE7WI4Ug-uLlv-Asa8/edit?gid=937453961#gid=937453961

TheLostSwedeSo which do you prefer, people that automagically get their routers updated with a very slight chance of there being a man in the middle attack or that people run the firmware their router shipped with and that router now being a part of a botnet without the owner knowing about it?

This is a politics and law problem

I suggest a heavy fine for the end user which has to be paid by the router owner instantly.
More friendly way - the internet service provider get heavy fine for each of those users connected to them when not removed in the next 5 minutes.
We have so much stuff done by the internet service provider, so this does not matter much.

there is no right for internet access. Should be handled the same as with illegal x, or illegal y or harmful z.

I think writing it in more details or going more specific will get me a message warning. Please accept it as it is without details or specifics.

@_roman_ actually, internet access is a human right in Finland.

But yes, ISPs should be a lot more proactive against botnets and cut those user off and inform them that their hardware is compromised.

Wireless routers should be really simple.

A host interface
Firmware

Nothing else. Fantastic that you can bloat yours routers with gimmick GUI's and functions but obviously at the cost or expensive of other things, security.

Any router i used to use i turn the things i don't need off. And i make sure the router does not see a daylight on the internet hooked, other then a pass through from something being firewalled in the first place.

Yes some routers are directly linked to the internet, with zero firewall, and that is the main cause of problems. Always put something in front of it that blocks 99.9% of incoming connections to begin with.

_roman_This needs to be told so people are aware of reality vs ASUS marketing.

Detail - you have been warned - biased - etc ... :

ASUS and security. Having no uefi updates but public known CVE and security issues on amd Chipsets for 3 or 4 weeks on the mainboard I used a month ago.
that does not fit.
I have no issues with ASUS marketing. But ASUS and security marketing is a bit fraudulent in my personal viewpoint with recent purchasable and still can be purchased asus products.

This needs to be told so people are aware of reality vs ASUS marketing. that armory crate will not matter as the uefi itself did not get any newer updates for at least 3 or 4 weeks. The uefi itself was insecure for any, ! any !, operating system out there on asus amd mainboard.

I talk about my "garbage" lying around ASUS Prime x670-p mainboard. (provided an example - may 2023 - may 2025)
see yourself how often an asus mainbaord get an uefi update. Sadly this does not show when.
docs.google.com/spreadsheets/d/12zg6yT_H7H-W1voyw1ZoIrj0GSE7WI4Ug-uLlv-Asa8/edit?gid=937453961#gid=937453961

Gamers Nexus recently posted a long video about all the vulnerabilities of Shitsus products and the radio silence from this side over the issues and "fixes" that they have "made".

TheLostSwedeSo which do you prefer, people that automagically get their routers updated with a very slight chance of there being a man in the middle attack or that people run the firmware their router shipped with and that router now being a part of a botnet without the owner knowing about it?

This particular instance wasnt man in the middle attack rather a compromized auto updater pushed as part of Trust exploitation. Ultimately person sitting on the other end is the weakest link and as we have seen with this particular manufacturer who install rootkits/malware via firmware on its products cannot be trusted to perform auto updates reliably.

AoyagiI'll never understand how these empty statements are still a thing. Surely even the most brain-dead focus group will roll eyes or at best slightly chuckle at this.

Well, PR is the perfect job for anyone good at making up bullshit. Speaking of which, it reminds me of this wonderful site..

ChaitanyaGamers Nexus recently posted a long video about all the vulnerabilities of Shitsus products and the radio silence from this side over the issues and "fixes" that they have "made".

What is Asus supposed to say, when all of the issues they brought up in the video where already addressed?

I'm not trying to defend Asus here, but every tech company out there is affected by problems and Gamers Nexus was late on the ball here, which made it all a bit weird.

ChaitanyaThis particular instance wasnt man in the middle attack rather a compromized auto updater pushed as part of Trust exploitation. Ultimately person sitting on the other end is the weakest link and as we have seen with this particular manufacturer who install rootkits/malware via firmware on its products cannot be trusted to perform auto updates reliably.

Well, it seems like Asus needs a better system for pushing updates, but I would say 99% of people are better of having an auto firmware update on their router, than not.
In your honest opinion, how many percentage of consumers update their router firmware regularly (assuming there are available updates)?
If you read the text in Asus routers, you'll also see that they allegedly push out security fixes, regardless of if the auto firmware option is enabled or not, although I'm not quite sure how the can do this for older firmwares, but I don't have enough insight into how their firmware works. I just know it's not that easy to push out such an update on embedded Linux systems like routers, due to how the OS works. For those not aware, the router OS is stored as a compressed image which is extracted to RAM once you power the router on and doesn't run in flash, on most routers. This is also why it takes so long to save the settings, as they have to be written to the flash image, as if they were just "saved", they would be forgotten when the router was rebooted or lost power.

Bios security aint much better from Half ass Asus....