bought an ASUS AC-87U Router, do I still need an AV?

Kindly share what you learn about the QOS settings. I tried enabling QOS in my Netgear router and experienced the same massive loss of throughput.

 

Sure I will, just waiting for Mr. Mayhana to get free so we can connect.

PS: I even tried factory resetting the router and installing the latest Merlin Firmware, no difference, with QoS on, the speeds are horrible. Now with QoS on and all the security stuff in the AI Protection on, speed is still superb with a 5 ms connection according to speedtest.net which is 1ms faster than my previous AC68U which was @ 6ms

 

I just setup Mortal from remote.. He's looking good now.

I demonstrated how effective ASUS w/Trend is at blocking nefarious sites and files. Only hitch was, Trend will 'cede' to a running AV. So the only ones that looked like they were getting through were actually Emsisoft being cede to by Trend. If Emsisoft was disabled, Trend would usually snag them. Often on my system due to layered approach, I have 3-4 different things arguing over who wants to handle the issue.. (Trend(ASUS), Untange, Google, Adguard, Norton) It doesn't cause any harm, but to really see how good this is the layers need to be peeled back.

 

Were you able to figure out why QOS was crippling performance?

 

There was a variety of settings that weren't correct.

 

Thanks a LOT to Mr. Mayahana! he fixed my router speed issues while having QoS active and ensured the security is top notch! this is a great security layer as it intercepts most anything before it even gets to your computer! Not only is the AC87U one of the fastest routers in the world, but these integration with Trend Micro for security is priceless!!

 

You could in theory, run ASUS w/Trend, and simply on-demand scan any downloads without any AV running realtime. Or do what I do, install the lightest, least intrusive AV like Norton 2015 (since the toolbar issue seems fixed), and not worry about it. It's a great security layer for sure. Glad to help.

 

What!? You're spreading FUD. Router does absolutely NO file scanning. It just checks the accessed URL and that's it. It has nothing to do with the fact that it recognizes it later. Every AV company is either partnering with these sites or they monitor them for samples. Of course they eventually get on all blacklists one way or another. Every single AV that does HTTP URL blocking is using such tech. It's just that router doesn't really have software scanner inside, it simply queries every URL access to Trend Micro and blocks it if found on blacklist. So you don't need updates and it's always as up to date as possible, meaning ASUS hardly ever needs to update their component in router's firmware. But you're saying like some black magic is running behind the scenes. It's a very simple tech really.

 

You're wrong in some part. Firstly it is not just a URL blocking, but includes IPS, they call it virtual patching but it's essentially network-based IPS.
Second, URL reputation is different from any blacklisting. Blacklisting can only block known bad, but URL reputation can block even unseen site (of course not perfect) by calculating its reputation.
Third, it needs update for its IPS signature.

 

Oh dear, you really believe companies would strictly use blacklists? It's a figure of speech. I'd expect you'd understand it considering you're already here on Wilders being very much security conscious. I guess i was wrong...

 

It may be simple tech, but for the moment this is the only consumer home router that has it AFAICT. Do you think it provides significant protection compared with the common NAT router with limited SPI firewall? If so that's an important improvement.

 

Agreed. As Victek points out, it's a remarkable advancement over simple NAT routers. While not a full fledged NGFW, it provides a home with a very very potent security upgrade that never needs to be renewed/updated, or subscribed. What people fail to realize is how IPS is working with other technology now like ZyXel where IPS and AV work together to form a complete threat package. IPS is alerted to virus, AV is alerted to threat, information is shared between to facilitate a sort of virtual patching. In a few years everyone will have UTM-Like appliances in their home because it's the best way to protect blended devices from a variety of threats.

 

This same router also block all .tk domains just for the lolz and hates referal removal services. Yeah, really intelligent. Remember, I know this router very well...

 

Can you substantiate these claims? Apparently you don't know it all that well if you said it's nothing more than a simple URL scanner.

Will home deployed UTM's kill off AVs? No.. Anymore than they've killed off AV's in the enterprise market. However quality UTM's make deployment of desktop solutions more trivial, as virtually any product will function as a 'layer'. A major automaker we manage IT for has strong, upper level Fortigates, and MSE on desktops. We rarely have to do any remediation of malware. I think AV companies are probably a bit worried about the movement of UTM's and NGFW's into the home market. A smart AV company will be working to TRIM DOWN their product, because over the next few years homeowners deploying these UTM-Type/UTM devices will be seeking a layer (and a light one), rather than bloated security suites. Norton knows this, which is why SEP (and TES) are being integrated into consumer versions, and they are streamlining everything down.

 

Sorry but please don't expect I can catch any figure of speech as I'm very beginner on English language.
Most AV/IS company combine URL blacklisting and heuristics into thier web reputation, but not all web reputation are equal and Trend has one of the strongest, if not the strongest, web rep. Almost no other vendor can block unseen malicious sites to the degree Trend does, though such aggressiveness also causes some FPs.

And anyway NIPS is completely different from URL blocking, so statement "This is just URL blocking." is wrong, and I believe it is not matter of figure of speech.

 

Most Asus routers affected by hijack bug; exploit posted

ASUS Router infosvr UDP Broadcast root Command Execution

 

Nope.. The most important part of this article;

Summary:An unpatched router can be hijacked, if the attacker is on the same network.

This refers to the AC66 - an old ASUS router.. (not the RT-AC87) Testing was performed against 3.0.0.376.2524-g0013f52

Release Date: 9/9/14 ASUS RT-N66U Firmware version 3.0.0.4.376.2524

Release Date: 11/7/14 ASUS RT-N66U Firmware version 3.0.0.4.376.3602

Release Date: 12/1/14 ASUS RT-N66U Firmware version 3.0.0.4.376.3657

Release Date: 1/5/2015 ASUS RT-N66U Firmware version 3.0.0.4.376.3715 CURRENT

That doesn't even include beta versions.. So a guy finds a potential (But EXTREMELY unlikely) exploit while testing unpatched device....6 month old firmware on an 'older' legacy router? Someone is very bored, or was hired by a different router manufacturer to create FUD. Then rely on someone to spread the FUD for him....

 

=
Security researcher Joshua Drake published an advisory warning that "all known firmware versions for applicable routers (RT-AC66U, RT-N66U, etc.) are assumed vulnerable."

 

http://dnlongen.blogspot.com/2015/01/asus-bug-lets-those-on-your-local.html?m=1

Quote from article (3rd paragraph):

 

http://forums.smallnetbuilder.com/s...74c4302d7dfa210eb726667da&p=158461#post158461

 

While the issue is serious, it isn't all that serious. You have to be a part of the network in order to gain access to it. Meaning you have to be physically connected to it or through wireless. If the one is encrpyted with AES and strong enough password, good luck with the hijacking. So, we'll just simply wait for the update and in the meanwhile, not much will really change.

 

If you're concerned, there are various workarounds available:
https://github.com/jduck/asus-cmd#workaround

If you're using the Merlin firmware, an update was already released 2 days ago:
http://asuswrt.lostrealm.ca/changelog

 

In effect, it would be impossible for this to be exploited. This is like saying 'If you have a kid sleeping over inside of your home, he may steal a cookie out of the cookie jar.'. I got news for you, almost EVERY device can be compromised from 'within' a network. This is why we do things like VLAN's and Subnet/device segregation. It's actually possible (and sometimes easy) to compromise advanced networking gear from within a location, such as Fortigate 'maintainer mode'. This is a storm in a teacup for the most part.

But we still don't have confirmation this bug even impacts the latest firmware, which was released 5 days ago.

 

Hopefully it's no longer the case, but I seem to remember that some routers had remote management "enabled" by default.

 

Another option is poor man VLAN... Which you can easily do on almost any router.

Put a 50 character password on your primary radios, and hide the SSID's. Now assign a 'guest' network, give everyone in your home that password, and cut off 'Access Intranet' (LAN). Now you have a poor mans VLAN for the most part, and anyone on your SSID can't access anything on the lan, can only reach WAN (Gateway), and can't even access the DEVICE itself (as that is on the LAN, with WAN access off). Guest network is more than a 'Here, access my internet friend', in the background it turns on additional restrictions, that honestly help secure a network.

Presto.