This being Computerworld, the number of readers who update the firmware in their router is probably high. But, I suspect very few non-techies keep their firmware current, or even know that the software in their router needs updating (and is called "firmware" rather than "software"). It's quite understandable.
For one thing, the security issues raised by old firmware don't generally scream at you. And the update process is never correctly or fully documented. And, the process varies, us techies have to deal with different upgrade procedures for different routers.
Then too, it's dangerous. If a firmware update (like a BIOS update) fails halfway through, you're in deep trouble. And, even if the update works, the new firmware may have reset some settings, settings that very few people are likely to notice or understand.
So, it was with some trepidation that I recently updated the firmware on an Asus RT-N66U Dark Knight router owned by a relative.
Knowing the dangers, I had procrastinated the update. At end of September 2014 the router was still running firmware that had been installed in early January 2013 (version 188.8.131.52.260). That's too long, especially since there were multiple updates in the interim.
The firmware update hassle starts with learning about new firmware releases. Inconsistency is the rule.
The worst routers require that you periodically check the website of the manufacturer for updates. Next up the chain, are routers that offer a manual check for new firmware in their web interface. Some companies automate the process by sending you an email you when new firmware is released (Peplink and NAS vendor Synology do this). Other routers can automatically check for updated firmware, but they only notify you if and when you login to the router to look.
The RT-N66U works this way. When you login to it after it has detected new firmware, there will be a blinking yellow exclamation point in the top right corner. Hovering the mouse over the yellow icon produces the message shown here.
In the old days, updating firmware meant downloading a file (often a zip file) to a computer and then uploading a file to the router. Now, some routers, the RT-N66U among them, can do most of the work on their own. A couple clicks in the administrative website downloads and installs the newer firmware.
At first, the process went well and the firmware was updated to version 184.108.40.206.374_720 (what's with the looooong version numbers?).
Of course, when I say the process went "well" I'm grading on a curve. After the message that the firmware had been successfully updated, everything stopped. What next? Asus offers no clue. You're on your own.
I guessed, correctly, that the next step was to log back in to the router.
Experience has shown that routers don't always update themselves to the latest firmware, so after the update, I had the router check again for newer firmware. Sure enough, it was not current.
The first update had gotten me to September 2013. The next one would take me to June 2014.
The router doesn't identify the new firmware version that it wants to install in any way shape or form. Later, I learned that it wanted to install version 220.127.116.11.376_1071.
The second update proceeded like the first one, including the lack of instructions for what to do after the update completed. After it was done, however, I could not connect back into the router.
Had it lost its IP address? The default IP address of the router is not on the box itself, so this was a lesson learned the hard way: download the manuals for the thing before upgrading its firmware.
Turns out that I couldn't connect to the router because all the wireless networks were gone. Worse still, I couldn't connect to it by Ethernet either. Was the thing bricked?
With no other options, I unplugged the power from the router and let it sit. And sit. And sit some more. Why so long? Interesting story.
In early 2014, The Wirecutter picked the Asus RT-AC56U as the best router. A few months later, after "some stability issues", they switched to recommending the Netgear R6250. The issues were that clients had trouble connecting to the RT-AC56U on the 2.4GHz band.
Quoting The Wirecutter
.. Asus acknowledged via email that the RT-AC56U had had a 2.4 GHz problem but said that a firmware update last year fixed it. However, we encountered the same 2.4 GHz issues with our RT-AC56U, which had up-to-date firmware. At one point, our wireless-n connectivity ground to a near-standstill. The 5 GHz connection worked just fine, but on the 2.4 GHz band [we] couldn’t even access the router’s Web interface ... We power-cycled the router and even returned it to factory default settings with no success. The issue only fixed itself after we turned off the router off for a while and then turned it on again.
For a while? They had to turn the RT-AC56U off "for a while". A normal power cycle did not clear things up. So I let my RT-N66U sit unplugged for about 15 minutes.
And it worked.
That said, when I first logged in to the second new firmware, there was a warning about SAMBA sharing. The router is not used for file sharing, so I disabled SAMBA. While I was at it, I disabled the DLNA media server too. IP v6 was already disabled. Its good Defensive Computing to turn off features you're not using.
If not for the scare this put into me (a houseful of people with no Internet access), I would have updated the firmware a third time. A subsequent check of the Asus website showed that a newer firmware (18.104.22.168.376.2524) had been released two weeks earlier.
It's now almost a month since this latest firmware was released, and the RT-N66U still says that the version from June is the latest and greatest. So it goes.
The important point here is preparing for router failure. Even without a firmware update, a router can fail for other reasons, such as old age, an electrical surge or the cat knocking it to the floor.
One approach is having a backup router. Like a spare tire in the trunk of a car, it doesn't have to be as full featured, it just has to work. A bottom of the line router can be had for around $30.
Another option that can tide you over is using your smartphone as a Wi-Fi hotspot.
There is a third option too, but I have not seen it in a consumer grade router.
Most people make a 1-to-1 connection between a router and its firmware. That is, one router equals one firmware. It doesn't have to be that way. There are routers capable of maintaining two copies of the firmware.
Such a router would let you download new firmware and not use it immediately. If, for example, you downloaded new firmware on a Wednesday you could wait to reboot the box until the weekend to try out the new version. If there are problems, you can fall back to the prior, known good, version of the firmware.
Peplink is a router company that offers multiple firmwares, even on their cheapest models. Here is a screen shot from their low end Pepwave Surf Soho showing the two available firmware releases that you can reboot the box into.
If you know of other routers with multiple firmwares please leave a comment below or email me at my full name at gmail and I'll add a note here about it.
Which of these three approaches do I use? All of them, of course.