Read the title and went: What? They want you to keep your network hardware ON, when unattended, to increase the undetected malware entry opportunities?
Turns out it as their own devices they wanted to push updates to.
I would really prefer to use my own device though and even better, configure it myself after learning how the ISP’s network works. But convenience is what it is.
Yep, after moving from Germany to the UK I was pretty surprised that in the UK you’re not supposed to get this kind of information from your ISP.
In Germany you can get your own DSL/cable/fibre modem and your ISP has to give you the necessary information to get these devices into their network.
Most providers in the US allow it too. It’s great that Germany has it enshrined in law, but in practice it’s not the exception.
you’re not supposed to get this kind of information from your ISP
Wait, do you mean, it’s illegal to ask for it?
In my case, it just depends upon the ISP’s policy.In fact, with the current ISP, even though they provide their on modem (copper line), it has a pure bridge mode available, which I can connect to my other router and have fun looking at those packets with full transparency and the tech even went ahead and explained to me what I messed up, before resetting the modem for me, when I did use the bridge mode.
Not illegal, but the ISPs are seemingly under no obligation to give you those details. In Germany, there’s the “freedom of routers” embedded in the telco law. So they HAVE to give you everything you need to get your custom router online via their wire/fibre.
Bridge mode is just using the ISPs router and bridge that into your router. It’s not the same - you still need the ISP’s access device instead of just yours.
Not illegal, but the ISPs are seemingly under no obligation to give you those details. In Germany, there’s the “freedom of routers” embedded in the telco law. So they HAVE to give you everything you need to get your custom router online via their wire/fibre.
OIC, so, same as here. Germany seems to be having pretty well made laws in these cases.
Bridge mode is just using the ISPs router and bridge that into your router. It’s not the same - you still need the ISP’s access device instead of just yours.
Except that it is a layer 2 bridge and I couldn’t connect to the network directly, either way, because their line is copper [1] and consumer routers/modems are usually RJ45/RJ11.
The malware argument is a bit weak, if your router is vulnerable to something it’ll likely be found and pwnd in a matter of minutes, so turning it off a night won’t really save you. And once a patch is released, it’ll be reverse engineered in a few hours/days, so ideally you want patches as soon as they are released.
Using your own device is usually a good idea anyway, telco stuff is usually pretty mediocre. And as soon as your device is slightly custom, it becomes a less valuable target.
The malware argument is a bit weak
It’s much more than just a bit weak, unless you are somehow continuously monitoring it, so yeah, in most end-user scenarios, it would hardly make a difference to keep it on, even if there were no updates.
This might save a tiny bit of electricity,
…and therefore it is the users perfect right to do it or not to do it.
Unless the provider pays for that “tiny bit of” electricity, they have no say in this decision.
Have the router ask the server if there’s an update available when turned on. If none, proceed as usual; if there is, force the update, regardless of the time of the day. Problem solved.
Of course, for that you need to acknowledge that you violated the “ask, don’t be an assumer” rule, instead of bossing customers around with “golden rules”. You won’t change their silly and pointless habits anyway.
