Page 3: Software: Intrusion/Malware Protection, and Parental Controls
Software: Intrusion and Malware Protection
The more devices we have in our home, the greater the chances that one of them will get compromised and start doing something undesirable. For most of us this is largely a question of when, not if. The good news is that our routers are in a perfect position to detect, report, and even stop this activity. Even better news is that some routers are able to do exactly this!
- eero: eero offers basic protection for everyone, including automatic detection and blocking of suspicious devices. Their $9.99/month (or $99/year) eero Plus service, available for all eero hardware, adds anti-malware, anti-phishing, anti-ransomware, and anti-virus.
- Google Wifi: Not currently supported.
- Linksys Velop: Linksys Shield, available on tri-band Velop units, adds some level of threat protection by keeping you and your devices from visiting malicious sites.
- Netgear Orbi: Orbi owners can subscribe to Netgear Armor, a Bitdefender-powered cybersecurity engine that, for $69.99/year, protects all the devices on your network from malware and visiting malicious sites.
- Plume SuperPods: Plume A.I. Security (previously “Secure & Protect”) includes advanced IoT protection, malware filtering, botnet protection, and more.
- TP-Link Deco: Deco includes a full-featured “Antivirus” system with a malicious content filter and intrusion protection system, and will quarantine infected devices. The entire Antivirus system is powered by Trend Micro’s database and is automatically updated every day. A three-year Trend Micro subscription is included with every Deco package sold, after which users would have to activate with a monthly fee.
- Ubiquiti AmpliFi HD: Not currently supported.
Advice: This will become more and more important as time goes on. I don’t yet consider this a make-or-break feature, but it’s close. The good news is that it’s available on enough units that most folks will be able to get all the other features they want and have some level of intrusion and malware protection, too.
Software: Parental Controls
The term “Parental Controls” can mean a lot of different things, but at its most basic – and common – level, it means allowing you to set profiles for each person in your house, assigning all of that person’s devices to their profile. Then you can pause or resume any given person’s internet access, either manually or on a set schedule. Some devices go beyond this with packet inspection and active category filtering, as well.
- eero: eero includes a basic profile-based system by default. With an eero Plus subscription, you can get a little more granular with these controls.
- Google Wifi: Basic profile-based feature included.
- Linksys Velop: Velop supports a standard, profile-based parental control model, and adds to that the ability to block up to 10 specific website URLs per user. As of February, 2019 support for the Linksys Shield service has been aded to the tri-band Velop models. Shield is $49.99/year and gives you parental controls, category blocks, and more.
- Netgear Orbi: Orbi uses Disney’s Circle for parental controls. Circle comes in both a free and $4.99/month Premium version. The free version allows filters, pause, and history for every user in the family. Premium adds things like Time Limits on apps/people, bedtime, rewards, and usage tracking.
- Plume SuperPods: Parental controls are possible via a clever password-based profile setup.
- TP-Link Deco: Profiles and time limits are supported in a fashion similar to the others, and in addition Deco contains a content filter that lets you not only filter from a pre-set list content categories, but also lets you configure the filter to block specific websites and apps on a per-user basis, too.
- Ubiquiti AmpliFi HD: Parental Controls let you set quiet time for specific devices/profiles.
Advice: Most people we surveyed don’t seem to use or need any sort of parental controls, but for some this is a necessary feature. For us, the TP-Link Deco has the best out-of-box controls, and an eero Plus subscription brings that product up-to-speed, as well.
Table of Contents
- Summary Chart, Hardware: Streams/Antennas/Radios, and Ethernet Backhaul
- Software: QoS and BufferBloat Protection, Band Steering and Access Point Steering, and Cloud vs. Local Management
- Software: Intrusion/Malware Protection, and Parental Controls
- Geekier Features, Buying Advice, and Article Changelog
Dave,
I was wondering when you might update your article? Some mesh makers are now offering WIFI 6 and while I am very happy with my Orbi’s performance I will need to update my son’s home someday soon and he may be the recipient of my Orbi’s. With all the chatter about the super plume, Ubiquiti, and others I would like to be able to make the best choice when his system fails. Is Synology going to have a new WIFI 6 mesh system? Also I thought that the ability to use WPA3 was controlled by the router but my network settings show that my OS is using it now?
Best Wishes and don’t get caught!
NicevilleSteve 🤗
Are you peeps looking for a massive discount on VPNs this Cyber Monday?
One of the most reliable names in the industry, PureVPN, is offering their 5 Year plan at 88% OFF. This means you only pay $79 for 60 whole months of VPN service!
Yeah i also have no idea of it.
I had nice read on your informative write on wireless system. Keep up the good work and keep sharing such useful information. Share something on how to secure your wireless system and on VPN. Great deals are live this Black Friday like
PureVPN’s Black Friday VPN Deal With More Than 88% Off offering 5 Year Plan for $1.32/m per month and total $79.
Thumbs up and thanks…
Where are the tips?
https://www.macobserver.com/tips/how-to/best-mesh-wireless-system/
Hi Dave
Can’t wait much longer, need to either put in Synology mesh to extend my 2600 router, or scrap it and buy another mesh system (ouch), any hints or preview you are willing to share of your review findings so far?
Greg
I have just completed the installation of a MR 2200ac Synology Mesh router extending my 2600AC to my entire house. I started by following the instructions to set the two units physically together and go through the setup process via a wireless connection, then moved the 2200ac to the other side of my house and connected it via ethernet (for a wired ethernet backhaul) between the two units. It took a while for the units to complete each step, but the process was fairly painless and the units now appear to be working flawlessly. Speeds are at the max expected and consistent through both units, and the interface for testing and monitoring is working well. I am very happy. Next step is to get a managed switch between the two units to add more ethernet ports to my network, there are some internal switch configurations required according to Synology. This system is NOT for the technically challenged, but works extremely well and I am glad I made the jump.
I wonder how the new UniFi Dream Machine (and the pending “Pro”) will fare?
Hi Dave! Any updates on your Synology mesh test?
@greg_gehr – that’s coming in the next update. The Synology stuff needed some time to mature, as has been the case with a lot of these mesh products.
thanks, I will try
@Dave, thanks for the great comparison. Since you’ve used them all I wonder if you could answer 2 questions? Is there any other difference in the Ubiquity Gamer Edition? And do you HAVE to connect a social media account to do remote administration or can you creat an account with username/password?
Thanks!
Great compendium Dave. Any chance you might add the Synology mesh to this list? Also, any thoughts on if when we will see AX and/or AD added to these mesh offerings?
Indeed! Synology Mesh will be coming in the next update, most likely (I noted this as the last entry of this changelog, but I realize most folks don’t read that far! 🙂
As for Wi-Fi 6, I haven’t seen any yet, other than the Asus Mesh stuff (which is quasi-mesh, at the moment). But it’ll come, I’m sure. Likely end of 2019/beginning of 2020 (CES 2020 for sure, I’d think).
@davehamilton sounds good — I’m already such a huge fan of Synology that it might be nice to just use their mesh and be done with it. Looking forward to that review!
I got the two node Orbi system for a little over $200 back in Black November and it has been great. The three node (AC3000) system is regularly available at Costco for for about $300. A friend of mine put one of those in his more challenging for wifi home and it has also worked out very well. In both cases, wifi performance now matches the performance of ethernet direct to the cable modem anywhere in the house. The Orbi app and admin web page both are mediocre. Strangely, there are some functions one can only do on the app and others you can only do through the admin page. Neither seem to be suited for anyone who wants to do super geeky tweeking.
Great article. With the demise of Apple’s offering, the search for a worthy replacement has been daunting. This article definitely helps. However, I recently switched to CenturyLink fiber 1Gbs service. I’m told I don’t need a modem if the router supports PPoE and VLAN tagging. Do any of these mesh systems support those?
Thank you so much for info!
Nice article. Can you also visit how well Apple AirPlay works with the various mesh Wi-Fi systems? I installed Google WiFi and it substantially degraded the Airply performance between a newer iPad and older Apple TV located just 3 feet away.
thanks for that
In the conclusion, you cited Plume’s adaptive management service as one of the features that earned Plume its recommendation. However, I have scanned the article (albeit from my phone) and cannot find any mention of such a service. Can you help me by pointing to what I am missing?
thanks for that
Thanks for this article! 🙂
Speed, especially backhaul speed between the Eeros themselves, would be the biggest advantage to having that third radio. But the “width” of the pipe would also be better, meaning that you’d have more endpoints for the clients to attach to, as well, and that can be just as important. If you’ve got several devices streaming simultaneously, not having to share radios makes things a lot more efficient.
along those lines, it’s very much worth investigating Plume, too, especially with their new SuperPods that each include a 4×4 radio for even higher bandwidth and longer range.
@Dave — I’ve heard you speak highly of Plume, though I’ve found the Comcast XFi Pods (which you say are white-boxed Plumes?) to be kind of crappy. I’ve swapped out XFi Pods for Eero more than once and found significant improvements to general network performance.
Great distinction, @tech_hero! The original Plume pods are NOT impressive in my tests (or any of the anecdotal reports we’ve had from listeners and readers). They tend to be pretty weak in terms of range.
The new Plume SuperPods, however, are quite stellar. They added another 5GHz radio, but this one is 4×4, which really gives it a leg up on the competition out there.
thnkew for sharing this info
Great article, Dave! Thanks!
I currently use a Time Capsule to do Time Machine backups and I have a couple of questions…
1. Are any of these units easier (or harder) to connect a Time Capsule to in order to continue backups? And, how is that connection made?
2. My Time Machine is starting to give me occasional issues, and so it might be on it’s way out. Do any of these mesh units allow easily connecting a hard drive (via either USB or ethernet) in order to do Time Machine backups that way? If so, which units allow that, which are the easiest to implement, and how is that done?
Thanks again!
You can Ethernet your time capsule into any of these setups, no problem. Just put it in bridge mode and disable the Wi-Fi, so it’s just sharing it’s drive.
As for sharing drives from a router, I don’t think any of the mesh options will do this, at least none that I’ve tried. There are some routers that will, most notably the Synology ones, but obviously those aren’t mesh.
Dave,
Thanks for the reply. It’s nice to know that I can attach my Time Capsule to one of these systems to continue backups. Though it’d also be nice to be able to simply attach a hard drive directly to one of these mesh systems to do Time Machine backups (for when my Time Capsule eventually fails).
I’ve got a ~4000 sq ft house (one level with a basement, no ethernet in the walls) and based on your article, I’m leaning slightly toward the three piece eero system. But, they have two versions of that: one eero (3×3) and two beacons (2×2, I think) and the eero “pro” which is three eeros (all 3×3). Would the bandwidth throughout the house be significantly faster having all 3×3 units compared to one 3×3 unit and two 2×2 units? BTW, I’ll very soon be upgrading to FiOS gigabit internet, if that matters (currently have FiOS 75Mb/75Mb).
Other than speed, (and with no ethernet in the walls), would there be any advantage to the three 3×3 units vice one 3×3 and two 2×2?
Thanks in advance for any info you provide!
My setup uses an 802.11n Apple Time Capsule and an 802.11n AirPort Extreme connected in bridge mode using Ethernet backhaul. It covers my entire house and seems to work quite well.
I’m wondering if a newer mesh network would deliver any meaningful performance improvements compared to my legacy Apple setup.
I am a firm believr in the “if it ain’t broke, don’t fix it” mentality, though admittedly I sometimes fall prey to the “if it ain’t broke, fix it ’til it is!” mindset. 🙂
If everything is working well, then it’s working well. No reason to change.
Things to look for: if you start to develop dead spots in your house (not likely), if you add more simultaneous streaming devices (mesh adds more access points, and therefore more parallel bandwidth), slow speeds in areas where you need faster Wi-Fi bandwidth.
With the app release of version 2.17, eero introduced a new section in the app called eero Labs as well as the first feature in Smart Queue Management (SQM). This seems like their QoS implementation at the moment. Here’s what it does per Jeff, an eero Community Manager, unlike traditional QoS, which only allows specific devices to receive priority bandwidth at the expense of others, SQM works automatically across your whole system – removing confusing manual steps from the process, and making the overall internet experience better at any given moment. This means all devices can benefit from better queue management without having to push other devices into a worse network experience.
I installed the 3-unit TP-Link mesh in January 2018. While I have not tested all of the others, it works fantastically well with great coverage over our 2,850 sqft two-story home. In fact, there’s no where on our 5th acre lot that we cannot get reception, and it only weakens in the furthest corners of the lot. I would guess we are an average use home for which the network supports a desktop, a laptop, a couple iPads, three AppleTVs, two Apple Watches, four iPhones, and half a dozen HomeKit light devices. Only issue is that after three month one of the Deco units died, which TP-Link replaced for free.
Truly shines a very fact-based light on the this emerging home network technology, and the vendor offerings. Everything else that I’ve read up until this point has been opinion first – then only the facts that support that opinion. Thanks.
Huawei has also just recently announced their solution in this space.
https://www.cnet.com/news/huawei-wifi-q2-thinks-its-solved-wireless-router-problem/
I’ll pass on anything from ZTE or Huawei. I’m not interested in having the Chinese government monitor my internet connection.
Dave,
I just finished reading your excellent 2017 blog addressing Mesh networking and I like the use of tables to highlight their capabilities.
My 2-story 4,000 ft. home has an Ethernet backbone and I currently use two 802.11ac Airport Extremes and an 802.11n Airport Express to seamlessly cover my home in Wi-Fi. I am going to update my connection with a DOCSIS 3.1 Cable Modem and am considering an upgrade my wireless network.
You have spoken highly of the Synology Router RT2600ac capabilities and I notice they have a web page specifically talking about virtues of using their routers to “Upgrade from Your Apple AirPort Routers” (https://www.synology.com/en-us/solution/AirPort_replacement).
This leads me to my question about the gains I would see using their technology vs adding a Synology Router RT2600ac as my router and operating my current devices in bridge mode?
Thanks for the entertaining, informative and educational Podcast. It is truly the best on the web!
Happy New Year
Niceville Steve
Great article. Very comprehensive compared to the others that I have read.
Might be useful to add a section pertaining to integration with voice assistants such as Alexa or Google Assistant.
I have also come across Plume which is another option. https://www.plumewifi.com/
I hope these come down in price as they are all very expensive in CAD dollars.
Hi Dave,
Will any of these work with Strong VPN (Open VPN) or any VPN service provider?
What about port-forwarding? I need this for remote access to fam and friends’ networks 8-| I assume these devices all have this capability but, I don’t see it mentioned – unless you’ve called it something else and it’s just not obvious to me. Thanks for a most excellent review, Dave.
Jeff
Indeed, yeah, they all support port forwarding at some level.
Currently using Apple routers and access points. What will I give up by going to mesh? Back to My Mac, Screen Sharing, Any Bonjour services? Anything?
Thanks very much for the continually updated article. Costco has $70 off Orbi this holiday and with ethernet backhaul added may pull the trigger.
At this moment, we have to recommend caution when considering Orbi, and I’ve updated the piece above to reflect this. OrbiOS 2.1 (specifically, 2.1.1.12 and the current-as-of-this-comment 2.1.1.16) have introduced a TON of reports about Wi-Fi stability, and we’ve experienced those in our test environment here, too. Things were quite stable before 2.1, so I have no reason to believe that Netgear can’t resolve this but, for right now, we don’t recommend you update to 2.1, and for new buyers I just want you to be informed. Read the thread and decide for yourself, as always, but I just wanted to make sure everyone had the info that we have.
Thanks very much for this update. I went to the Netgear site and see some of this reporting. (Also see many satisfied users of prior systems).
To Dave and all, back to original question. Currently using Apple routers and access points. I see what is to be gained by going to mesh (which by definition is non-Apple). But what will I give up by going to mesh? Back to My Mac, Screen Sharing, Any Bonjour services? Apple TV throughput? Wake over Network? What is dependent on Apple router?
Thank you so much for the great article! I have been using airport extremes since 2008 and the all still work unlike the parade of Linksys etc. routers I used and had to replace about every year.
How is the build quality of the various units? This is a big deal for me and why I love Apple hardware.
Thanks again for the best article on this subject that I’ve come across.
How is this different from using two or three AirPort Extreme units as I do?
The main difference is essentially what I described in the intro to the piece:
With multiple routers (from the same or different vendors), one must manage each individually. On top of that, the routers are (generally) not aware of the fact that others are involved, so things like handoffs between the two can’t be managed gracefully, nor can the access points all participate in load balancing between the radios and each other.
The setup you have is what I call “quasi-mesh”, and is essentially what I ran at my home and office for over a decade. There’s nothing inherently wrong with it and, especially with Ethernet backbone tying everything together, can work very, very well.
But management of a quasi-mesh is a headache, and that can get even trickier when you don’t have Ethernet and want to link everything together wirelessly. Mesh, as described in the piece here, solves all of those problems internally, making it a plug-and-play experience for most.
Great article and info Dave. One more column on your table would be great. Privacy. Several of those products send your data/surfing habits (anonymized or otherwise) up to the cloud for analysis. Those are nonstarters for many privacy minded Apple folks. It would be nice to know which are wiretaps, which are not, and which have an option to turn that off.
Anyway, as always, your analysis is a super service to the gear head community, so thanks!
On page 2 there’s a section titled, “Software: Cloud vs. Local Management” that discusses this. For the chart, I chose to distill things that matter to most people… and the remainder of the article goes deeper into those and other topics.
Yea the cloud part is very useful, and I guess you can just assume if it has cloud ability, it will take your traffic. I suspect there might be some control over that, but the conservative approach is to just assume, if it has a cloud option, it’s a wire tap, even if it aint necessarily so, or there is an option to opt out…
Which means only the Netgear Orbi or the Ubiquiti AmpliFi HD are options if you have privacy concerns. Thanks Dave!
Surely this article should note a significant downside to the Eero: if the internet goes out, the whole network is likely to go out with it.
According to Eero support, there is no guarantee of “Persistent LAN,” because while “the eeros will typically maintain the LAN when the internet connection drops,” eventually their “self-repair function” will try “to reestablish connection, and if the ISP service is still down when the eero does this, the LAN will be lost.” In other words, when you lose internet, you are likely to lose the entire network—no local streaming, no printers, no file transfer, no nothing. Forget listening to iTunes while you’re waiting for the Comcast truck.
Never in my wildest imagination did it occur to me that a modern router—a premium-priced one at that—would be completely disabled simply because it could not connect to the internet (which around here goes out all the time). I wouldn’t recommend Eero until this is fixed.
Just wondering why you left Plume off of your list of mesh providers…
Plume is off the list solely because we’ve been unable to work with them on a test unit.
I’ve heard very good things from Plume owners, but I only include things here that we’re able to personally test and work with, both short-and-long term.
Every device listed here is up-and-running in some capacity, long-term, in a real household. I test short-term in my home and off office, and then relocate the systems with colleagues, friends, and family, to get true, real-world performance reports.
We’d love to work with Plume, and have been trying for almost a year, but their review availability is unfortunately limited. We’ll get there with them. They just need some time.
That is crazy. Do you have more than one going at a time. Just the sheer logistics of it all! Kudos Dave!
Thanks for posting a detailed guide on this. This is really helpful.
Which one provides traffic information on connected devices, eg what is using up all bandwith?
A brilliant piece! If only all analysis was this clear and succinct.
In the overview/summary it’d be nice to know which of these has been “internationalised”. Last time I checked there were a few mesh systems that were US only.
From Google Wifi – we’re now available in the United Kingdom, Canada, Australia, New Zealand, Germany and France (we’re adding more countries later in the year too)
Superb article and great information, Dave. Thank you very much.