The more devices you have on the home network, the more difficult it becomes to protect them properly. In the search for new security for the home network, the antivirus makers are targeting the router. But do antivirus routers really make the network more secure or are they just chasing the buyer at extra costs?
The router is the last reliable link in the home network and it therefore plays a crucial role in the security of that home network. What a router does not do, however, is to prevent malware from infecting a PC or from hacking vulnerable and difficult-to-protect home automation and IoT (Internet of Things) devices, such as IP cameras, smart lighting and smart TVs. A number of routers now offer additional security features to deal with these threats as well. Some of these routers are developed by antivirus makers, but there are also some that partner with router manufacturers and offer their product as a service.
The router checks
It is not surprising that the antivirus makers have come to the router for this extra security. After all, the router is the only device in the network that sees all the traffic that enters and exits the network and can monitor that. Increasingly, the router is also an IDS / IDP (Intrusion Detection / Prevention System) that, unlike a firewall, checks the connections that are allowed, checks for unwanted activities and can intervene where necessary.
As a DHCP server, the router also knows all the devices in the network and can create a profile of them and the users and intervene in case of deviant behavior. It can also scan the devices for vulnerabilities and, for example, isolate them until the latest updates are installed. In short, the router offers plenty of options to take the security of the home network to a higher level.
A router with antivirus
In this test, seven routers with additional security options are compared, in which we mainly assess the security options. Sometimes these are specific routers, sometimes they are ordinary routers that contain extra security options. That extra security comes from five different vendors, four of which are known as creators of antivirus software. Combating malware via the network is therefore a frequently mentioned advantage of these routers. After all, when the router catches the viruses, it can really keep all devices virus-free.
However, antivirus on a router is very different from antivirus on a PC. Because although the router is in the middle of the network, the device does not see any files. Only huge amounts of small data packets pass through the router at a very high rate and are then merged back into a file or stream on the PC or tablet. The router cannot scan those data packets, as antivirus on a PC does. Other techniques are used to play a role in protecting against malware.
The most important of these is threat-based antivirus, which is live information about online threats such as hashes of malicious software, knowledge of zero-days and exploits, IP addresses of command-and-control servers, but also reputation (reliability) of certain IP addresses and domain names. These are often petabytes of information that the router can access thanks to cloud computing. The router determines the character of a data stream with “deep packet inspection”, sends the characteristics to the cloud and gets back whether that data is safe or not.
Tying
Threat intelligence cannot clean malware, however, and regular antivirus is still required. Bitdefender (which is also used by Netgear), F-Secure and D-Link, which works together with McAfee, also provide that. However, that is always an expensive variant that also “secures” the Mac, Android and iOS devices. An important difference with regular antivirus is that Bitdefender, Netgear, F-Secure and D-Link (McAfee) routers also require a license for the security options on the router. With Bitdefender, this license is linked one-to-one with that for Bitdefenders Total Security antivirus.
F-Secure and D-Link (McAfee) do provide security software for the first time, but leave the choice to the user after one and two years respectively. However, they emphasize that for maximum security, their software must be installed on all devices in the network. With Asus, TP-Link and Ubiquiti, no antivirus is included and no license is required for the security options on the router, which are free for life.
One and one is three
It seems duplicated, antivirus on the router and on the PC, yet it is not. An important security principle is that of “layered security” or “defense in depth”. According to this vision, you never take just one security measure, but always several and preferably also at different places and different levels within an infrastructure. By overlapping the security measures and deliberately duplicating them, the total quality of the security increases. Antivirus on the router and antivirus on the PC can therefore be used together, especially when different techniques are used to detect the malware.
Security in corporate environment
In corporate environments, the anti-virus software on the devices on the network increasingly interacts with the router with its additional security options. Sharing information about threats and events in the network makes overall security smarter and stronger. Whether this also happens with the products for home use is unclear, because it is not always mandatory to use antivirus (from a certain brand). Although it does not seem to be the case with most routers.
Major challenges
The possibilities of these routers also pose some challenges. One is https. More and more network traffic is encrypted and the router cannot see it. One option is to break open the secure connection, check the traffic and then re-establish an encrypted connection to the server on the internet from the router. However, there are many drawbacks to this, including that it must be explicitly made known to the users of the home network that what they consider private is not always.
None of the routers offers this option. However, this does not mean that the routers are completely sidelined in encrypted traffic. When setting up an encrypted connection, the name of the server to which the connection is being made is often communicated. This Server Name Indication offers routers the opportunity to check the reputation of threat intelligence in the cloud.
A second limitation of security on the router is in the home network. Because although the router sees all the incoming and outgoing network traffic, it hardly sees any traffic between the systems in the home network. Everything that happens within the home network probably does not pass the router and that certainly applies to systems that are linked to a switch in the network. In theory, therefore, a larger or smaller part of the network can become infected without the router noticing and intervening.
Asus AiProtection Pro with Trend Micro (tested on RT-AX88U)
Asus works together with antivirus maker Trend Micro for its security. AiProtection Pro, which is available on various Asus routers, consists of two parts: network security and parental controls. The network security scans the router configuration for weaknesses, such as the quality of the admin password, the lack of Wi-Fi encryption or the status of the UPnP service.
In addition, there are three components that can be explicitly enabled or disabled: blocking malicious websites, the two-way IPS to combat hacks and botnets, and blocking infected devices. These features use Trend Micro’s threat-intelligence cloud database. In addition, there is parental controls to apply filters per device to certain apps and web content and to set time limits.
PC users will appreciate full-fledged web access to the router, but there is also an Asus router app for router management and network insight. However, the security options in the app, as well as the information about the status of the devices in the network, are clearly less than when logging in to the router with the browser. The cooperation with the app is completely disappointing with parental controls. Where the router only has devices, you can also create people and profiles in the app, but these do not synchronize with the router.
Trend Micro security is free and lifelong with Asus. No additional antivirus for the devices on the network is included.
Asus AiProtection Pro with Trend Micro
price
Free with router
Website
www.asus.com/AiProtection
6 Score 60
- Pros
- Security functionality for free
- Browser access router and security
- Extensive router functionality
- Negatives
- Limited security extras
- No anti-malware for devices
- Little extra insight
- App could be better
Large absentee
A notable absentee in the test is Kaspersky. While the company sells both antivirus software and threat intelligence and even has its own operating system with Kaspersky OS, a Kaspersky router is missing. According to security researcher Jornt van der Wiel, Kaspersky is “a software company and (very likely) will therefore never enter the hardware market”.
According to Van der Wiel, the usefulness of a router with additional security tasks depends strongly on the network and the possibilities of the router. “In a household with anti-malware on the PCs and only some solar panels that automatically update regularly, it is of limited use. But if there are more IoT devices, the router applies advanced techniques such as network segmentation and comes with very good intelligent firewall rules and IDS functionality, it can certainly contribute to the security of the network. ”
Bitdefender Box 2.0
Bitdefender is already in its second edition of the Box, but just like its predecessor, it is also not officially available in the Netherlands yet. Buying one is no problem and does not pose any restrictions, even the Bitdefender app is in Dutch. That app is important because connecting to the router through the browser is impossible. Installation and use, everything goes through the app.
The Box can be used in two ways, as a real WiFi router behind the modem or, if you already have a good WiFi router, as an in-line filter and access point. After installation, the Box scans all devices on the network and provides security options for each device. Often this will be installing the Bitdefender Total Security that comes with the router. This vulnerability analysis can also be restarted at any time and for any device.
Each device can be linked to a family member, and per family member can set parental controls with filtering by web content or limiting internet access according to a time schedule. This is very simple. What is disappointing is the real router functionality. Other than setting up the Wi-Fi, including an optional guest network, port forwarding and adding extra DNS servers, there is little to configure in the Box that does not support the latest standard in terms of Wi-Fi.
After a year, the license on the Box must be renewed, this includes the security software for all devices in the home network.
Bitdefender Box 2.0
price
First year included, then € 99.99 per year
Website
www.bitdefender.com/box/v2
8 Score 80
- Pros
- Security functionality
- Full management via the app
- One year Bitdefender Total Security
- Vulnerability analysis
- Good information about security incidents
- Negatives
- Management via app only
- Only one LAN gate
- Needed after 1 year of subscription
- Little router functionality
Dropouts
While most router manufacturers and antivirus makers are just starting their adventure, Symantec and Sitecom have already stopped. This is extra sour for Sitecom, the company was way ahead of its time with the Sitecom Cloud Security. It protected the home network against malware and blocked unsafe websites. Sitecom used a cloud service developed by Mark Loman, the man behind HitmanPro. However, Sitecom has completely left the router market and with that the Sitecom Cloud Security is over.
Also stopped and barely started is Symantec (now NortonLifeLock). Introduced in 2017, the Norton Core network security router would be available worldwide after its introduction in the United States, but it never got that far. The company has already taken the Core off the market with its striking geodesic dome shape. The company is still investigating whether it will release the Core platform together with partners.
D-Link with McAfee (tested on DIR-2660)
D-Link is the first in Europe to offer various routers with the McAfee Secure Home Platform. This is a router add-on developed by McAfee that blocks malicious sites, detects network traffic anomalies, reports new devices and protects the children through parental controls. Security leverages McAfee’s own cloud-based threat intelligence. The D-Link router itself leaves little to be desired and can be installed and used both via the web GUI and an app.
The McAfee security functions cannot be accessed via the web interface, but only via the D-Link Defend app, which is actually the McAfee app but in a D-Link jacket. Both the firmware of the router and the D-Link Defend app are in English, the D-Link router app is in Dutch. Every device that connects to the network is detected, scanned and monitored by McAfee. Threats are reported in the app. Each device can have an owner associated with an age profile to manage web content and usage times.
After five years the license of the Secure Home Platform expires, the price of renewal is still unknown. McAfee provides up to two years of LiveSafe security for all devices. A unique feature of McAfee Secure Home is the ability to disconnect one or more devices from the network at the touch of a button. Unfortunately, this feature also suffers from the slowness with which the router processes the actions in the McAfee Secure Home Platform. All in all, the McAfee Secure Home Platform should be a bit faster and more informative.
D-Link with McAfee
price
Including five years
Website
www.dlink.com/en/mcafee-protection
6 Score 60
- Pros
- Security functionality
- Web GUI router has a lot of functionality
- Extensive router functionality
- Two years of McAfee LiveSafe
- Negatives
- Separate apps router and security
- Security via app only
- Needed after five years of subscription, price unknown
- In English
- Slow in processing changes
F-Secure Sense
The tastefully designed Sense is primarily intended to be connected to an existing modem or existing router to make it an intelligent and secure access point. The Sense offers AC1750, which is certainly not the latest WiFi technology. Once the Sense is turned on and the firmware updated, it will scan the connected devices and begin security. The protection is mainly based on blocking suspicious sites and monitoring network traffic for deviations. It is possible to put a blocked site on the exception list, but the function to block sites yourself is missing. F-Secure only checks the URL, so it doesn’t use deep packet inspection.
It is striking that parental control is also missing, at least centrally via the router. It’s included in the F-Secure Sense lightweight antivirus software that you can install on any Windows PC or Mac, but then it only works on that device. The Sense has been around a bit longer, but that means that it is now time at F-Secure for a major update of the hardware and software.
F-Secure Sense
price
Included in the first year, then € 119 per year
Website
www.f-secure.com/nl_NL/web/home_nl/sense
6 Score 60
- Pros
- Full management via one app
- Design with display
- Flexible employability
- One year of F-Secure Sense
- Negatives
- No web GUI router, only management via app
- No web GUI security features, only via app
- No parental controls
- Very slow in booting and updating
- Apps
Netgear Armor with Bitdefender (tested on R7000P)
Netgear offers the Armor security package on an increasing number of routers, including the Nighthawk R7000P. Along with the Ubiquiti, this is the only router in the test that recommends two-step verification for admin access. Unfortunately not via a Google or Microsoft Authenticator app, but via SMS or “trusted devices”. The extra security comes in two parts, for the network security there is Netgear Armor which is based on the Bitdefender technique, and for the parental control there is Disney Circle. Both functions must be paid after 30 days. If you don’t want that, you’re left with a regular Netgear router with an alternative to Disney Circle parental controls from Netgear.
The interface of the router is in Dutch, but all other parts such as the separate web GUI from Armor and all apps are not. Armor is the strongest and most beautiful part of the router. It can be fully operated via web GUI and app and there is a lot of useful information. Changes are processed quickly and if Bitdefender Total Security is on a device, you can, for example, start a virus or vulnerability scan via the app. Armor is the only one that lists smart home devices as a separate category. The Armor license includes security on the router and Bitdefender Total Security for one year each, but without the parental controls included in the standard version of that package. Netgear apparently prefers that you pay for Disney.
Netgear Armor with Bitdefender
price
Armor: € 69.99 per year, Circle: € 49.99 per year
Website
www.netgear.nl/landings/armor
6 Score 60
- Pros
- Security functionality
- Good reports
- Integration router with Bitdefender
- Easy remote management (via the internet)
- Negatives
- App chaos
- In English
- Pay extra for parental controls
TP-Link Archer AX6000 with Trend Micro
Like Asus, TP-Link uses Trend Micro’s cloud service to provide the already childish router with additional security features. TP-Link calls it HomeCare, which is translated as “Home Care” in the router’s web interface, but everyone understands what it means.
The security offers three components, parental controls, QoS and antivirus, but the router configuration is not checked. Of the three security components, only the antivirus bears the TrendMicro logo. It blocks malicious websites, protects against attacks and vulnerabilities, and quarantines infected devices. It is not possible to switch on or off more than each part separately, and that will remain the case if you use it in combination with TP-Link’s Tether app.
Also, since there aren’t a lot of notifications coming out of the system and you can only view the warning history while logged in, it seems mostly a matter of trusting the parts to do what they say they do. When a site is blocked or a device is completely blocked remotely, it shows that it is all right, although manual actions should certainly be processed faster. No antivirus for the devices on the network is included, but this extra protection is free for life.
TP-Link Archer AX6000 with Trend Micro
price
Free with router
Website
www.tp-link.com/en/homecare
8 Score 80
- Pros
- Security functionality for free
- Security functionality
- Extensive router functionality
- Negatives
- No anti-malware for devices
- Slow processing of changes
- Limited security extras
- Web GUI translation errors
- Little extra insight
Ubiquiti USG
Including Ubiquiti’s UniFi Security Gateway in this test is actually cheating, because although it is a router with security options, it only comes into its own when you have a management station and preferably many more network equipment from Ubiquiti. The Unifi network equipment can be configured from one central point, something that especially appeals to network enthusiasts. One of the lifelong free firmware updates brought threat management. On the tab, still marked as “beta” in the web GUI (unfortunately not yet in the fantastic app), a series of options have been added for the security of the network. Access to the tor network can be blocked, as well as to known untrustworthy IP addresses.
Unreliable sites can also be blocked, with a choice of a number of categories such as malware, mobile malware, p2p sites and shell code that is widely used by hackers and botnets. There is also a whitelist option and at a high level you can switch between all security off, IDS that only detects and IPS that actually intervenes. Threat management at Ubiquiti is free, but the price when it comes to impact on the performance of this small USG is high.
Ubiquiti USG
price
Free with router
Website
www.ui.com/unifi-routing/usg
4 Score 40
- Pros
- Security functionality for free
- Extensive router functionality
- Web GUI router has a lot of functionality
- Easy remote management (via internet)
- Negatives
- No security in the app yet
- Full use requires more Ubiquiti hardware
- Threat management depresses performance
- No parental controls
- No anti-malware for devices
Conclusion
Extra security is always welcome, especially when it complements the measures that have already been taken. A router with additional security measures, such as antivirus and checking the network traffic, is such an addition. Nevertheless, the feeling prevails with all devices to watch a first version. There are too many rough edges, too many mediocre apps and too often options or insights that you as a user just want to know about the security of your home network. In addition, a number of suppliers charge too high a price, even if their best security software is included for years. For the moment it is a nice innovation, we prefer to wait for the next versions.
Privacy
Using cloud services to scan network traffic means analyzing information about network traffic in the cloud. This mainly concerns the source and target address of IP traffic, DNS queries, URLs that are queried, domain names with which to communicate and MAC addresses to recognize devices. All brands have a privacy policy in which they explain how they handle this, that they upload as little data as possible, keep nothing for too long and that they anonymize the data where possible. Surfing habits should therefore not be traced back to individual users. Whether this is sufficient to agree to the use of these products is a personal consideration. If in doubt, it is best to check the exact working method of each manufacturer before purchasing.
.