384.6 Now sharing data to Trend Micro?

[Treadler]

All these threads about Trend Micro keep giving me doubts about enabling it on my ac86u.

Do they collect things like passwords and card data?

Anyone been running it for a while without problems.

Thanks

No issues here. Been using TM on Asus routers whenever the option was there.
Have I done the right thing? Nothing bad so far as I’m aware.....

 

[telUK]

No issues here. Been using TM on Asus routers whenever the option was there.
Have I done the right thing? Nothing bad so far as I’m aware.....

Might give it a go then, I was reading something about aiprotection needing your email password so it could send you alerts, is that something I can opt out of, don't fancy giving my email password.

Thanks

 

[skeal]

I've been using it for a few years and had zero issues. No it doesn't collect password and card data, rather, it is interested in securing the router from threats and finding new ones.

 

[skeal]

Might give it a go then, I was reading something about aiprotection needing your email password so it could send you alerts, is that something I can opt out of, don't fancy giving my email password.

Thanks

You can use the grant access feature in an Gmail address. You are then sharing a Sudo password not the real thing.

 

[skeal]

This way it uses 2fa.

 

[telUK]

You can use the grant access feature in an Gmail address. You are then sharing a Sudo password not the real thing.

I'm not to bothered about getting email alerts, just wanted to be sure I need not worry about that when I enable.

I would rather enable and forget about it and let it do its thing.

 

[skeal]

I'm not to bothered about getting email alerts, just wanted to be sure I need not worry about that when I enable.

I would rather enable and forget about it and let it do its thing.

Turn it on. Don't use the email alert feature. It is rally that easy. No further work required at any time.

 

[Treadler]

Might give it a go then, I was reading something about aiprotection needing your email password so it could send you alerts, is that something I can opt out of, don't fancy giving my email password.

Thanks

No, alerts not necessary. Just turn AiProtect on, & it will quietly go about its business.

 

[telUK]

Turn it on. Don't use the email alert feature. It is rally that easy. No further work required at any time.

No, alerts not necessary. Just turn AiProtect on, & it will quietly go about its business.

Thanks guys, have enabled, will update if I have any issues.

 

[M@rco]

Call me paranoid, but I'm not opting into anything anymore which isn't fully transparent as to what they're exactly collecting and more specifically why. I'm currently de-Googlifying our household. Man, that's a hellish job on it's own. I was shocked to find out they even know where I bought the tinfoil for our hats... But seriously, all joking apart, companies like these (not specifically TM, but in general) are gathering way too much -additional- info about our private lives that they don't need to provide a specific service. Nothing is free. 'If you're not paying for a product (or a service, for that matter), you're not the customer: you are the product.' True words, if you'd ask me...

 

[bsdsource]

No it doesn't collect password and card data, rather, it is interested in securing the router from threats and finding new ones.

Funny. Your missing a lot of information there. You have no idea exactly what they are doing with the all the information they have collected, and to the extent of what has and is being still collected from ASUS routers. Trend Micro supposedly didn't even know what it was collecting and had to conduct and internal investigation. Yeah, sending information to China is a good thing. You also might want to check who owns some of Trend Micro.

But no... no problems so far since I refuse to use it.

 

[Zonkd]

I'd steer people away from AiProtect because it's an unknown. Id encourage a customer to just use Skynet and Diversion (Medium+) for their security needs.

 

[skeal]

To each their own...that's the beauty of all this!

 

[M@rco]

To each their own...that's the beauty of all this!

Absolutely true, but I have a feeling millions out there don't have a clue as to what amount of personal data they're actually sharing (again, not specific to TM, but in general) or don't give a ... ehrm .... falafel (no typo, 10 year old with prying eyes sitting next to me). It's like those drawings when we were kids with all these numbered dots which you had to connect and most of the time it took a while before you could see the bigger picture. We're the paper with the dots. Guess who's drawing?

 

[Enzo]

I'd steer people away from AiProtect because it's an unknown. Id encourage a customer to just use Skynet and Diversion (Medium+) for their security needs.

Yea that's part of the issue I ran into...

I have no idea what they are finding and how to remedy it

Once I got an alert to a back door attack, no link back to TM to get more info or actions to take...

Just a dashboard with a warm fuzzy line item giving generic peace of mind...

 

[RMerlin]

Do they collect things like passwords and card data?

Anything sent over https is unavailable to Trend Micro since it's encrypted by your computer before reaching the router.

I use Malicious Website blocking, IDS and Adaptive QoS here. I keep disabled the option to block infected devices because I trust all of my devices, and would rather not have to deal with false positives.

 

[dugaduga]

You can get the full benefits of Trendmicros AI-Signature protection, which is highly useful against a multitude of threats, and you can do it with zero data collection and privacy issue with the proper configuration...

 

[dugaduga]

Login to the router, disable Trend Micro malicious websites blocking. Enable /jffs/ scripts under administration/system; winscp into your router

Create / Edit: /jffs/scripts/dnsmasq.postconf

Add:

#!/bin/sh

##########################
#### Block PTR & ARPA ####
##########################

CONFIG=$1
source /usr/sbin/helper.sh
sed -i '$a\ ' $CONFIG
sed -i '$a\################################' $CONFIG
sed -i '$a\#Block Calling home PTR Queries#' $CONFIG
sed -i '$a\################################' $CONFIG
sed -i '$a\ ' $CONFIG
sed -i '$a\##################################################' $CONFIG
sed -i '$a\#Can Speed up Browsing Considerably [UPON REBOOT]#' $CONFIG
sed -i '$a\##################################################' $CONFIG
sed -i '$a\ ' $CONFIG

sed -i '$a\#Success!: Disable all Arpa: https://www.iana.org/domains/arpa' $CONFIG
pc_append "bogus-priv" $CONFIG
pc_append "server=/arpa/" $CONFIG
pc_append "server=/url.trendmicro.com/" $CONFIG

Create/Edit /jffs/scripts/hosts.postconf

add:

#!/bin/sh

#############################################################
#### Block Trendmicro / Asus / Google / Unknown Entities ####
#############################################################

##########################################################
#### Block redundant NXDOMAIN dnsmasq querys and logs ####
##########################################################

# Blocks most repated 10-14 second querys to google
# Blocks All Querys to Asus / Trend Micro
# Blocks Redundant Logging for cleaner logs

#Be sure to ping google.com, and replace IP with what you see, in the first append line (I found the google entry necessary on earlier versions of the firmware, it may be redundant on 384.7-beta1

CONFIG=$1
source /usr/sbin/helper.sh
sed -i '$a\#' $CONFIG
sed -i '$a\## begin of silently block all redundant querys to Google, TrendMicro, and Asus ##' $CONFIG
pc_append "74.125.205.147 google.com" $CONFIG
pc_append "192.168.50.2 fbsv1.trendmicro.com" $CONFIG
pc_append "192.168.50.2 fbsv2.trendmicro.com" $CONFIG
pc_append "192.168.50.2 gslb1.fbs.trendmicro.com.akadns.net" $CONFIG
pc_append "192.168.50.2 rgom10-en.url.trendmicro.com" $CONFIG
pc_append "192.168.50.2 trendmicro.com.edgesuite.net" $CONFIG
pc_append "192.168.50.2 slb1.fbs.trendmicro.com.akadns.net" $CONFIG
pc_append "192.168.50.2 activeupdate.trendmicro.co.jp" $CONFIG
pc_append "192.168.50.2 backup21.url.trendmicro.com" $CONFIG
pc_append "192.168.50.2 backup37.url.trendmicro.com" $CONFIG
pc_append "192.168.50.2 wrs.trendmicro.com" $CONFIG
pc_append "192.168.50.2 e5110.dscd.akamaiedge.net" $CONFIG

pc_append "#AsusWRT AI Protection Signature updates" $CONFIG
pc_append "#https://dlcdnets.asus.com/pub/ASUS/LiveUpdate/Release/Wireless/sig2nd_update.zip" $CONFIG
pc_append "#https://raw.githubusercontent.com/RMerl/asuswrt-merlin.382/master/release/src/router/rom/webs_scripts/sig2nd_update.sh" $CONFIG
pc_append "#remove  --no-check-certificate from sig2nd_update.sh to assure no MITM. Just unblock host, run at leisure, reblock" $CONFIG
pc_append "192.168.50.2 dlcdnets.asus.com #Unblock just this for AI-Protection sig updates; permanent unblock will factory sigcheck every reboot" $CONFIG
pc_append "192.168.50.2 dlcdnets-ds.asus.com.edgekey.net" $CONFIG
pc_append "#Signature updates In Asia?" $CONFIG
pc_append "192.168.50.2 wideip-dlcdnets.isoi.asia" $CONFIG
pc_append "#Noticed during initial sig update check, not subsequent checks. Not necessary for sig-updates." $CONFIG
pc_append "192.168.50.2 ntd-asus-2014b-en.fbs20.trendmicro.com" $CONFIG
pc_append "192.168.50.2 ntd-asus-2014b-en-cfg.fbs20.trendmicro.com" $CONFIG
sed -i '$a\## end of Silently Block All Redundant Querys to Google, TrendMicro, and Asus ##' $CONFIG

reboot

 

[sone]

This is great dugaduga.. do you have a pastbin or site where you keep the code updated in case some of these references changes?

 

[Zonkd]

Yea that's part of the issue I ran into...

I have no idea what they are finding and how to remedy it

Once I got an alert to a back door attack, no link back to TM to get more info or actions to take...

Just a dashboard with a warm fuzzy line item giving generic peace of mind...

I'm an advocate for security at the network layer, but AiProtect in it's current form is closed, hurts privacy and how much proof it makes customers safer? Would the average customer change their behavior due to false sense of security? Would they check the router for threat events often enough to catch them? Would they know what action to take? It's a lot of faith to put in Trend Micro which just recently somehow let spyware into it's Mac software. AiProtect adds more moving parts and code bloat for ASUS to implement (poorly) with increasing likelyhood of new vulnerabilities. Hell, simply using the ASUS mobile app triggered exposing the UI to WAN and complaints of getting hacked. They stuff up bigtime. Keep things secure and just let the router be a router.

With open projects like Diversion and Skynet and DNSCrypt available to us technical users I think there is way less justification for us to use AiProtect. Diversion and Skynet is the way to go.

I love AMTM. https://github.com/decoderman/amtm

At least Merlin said he's using AiProtect and he's well informed, so thats a good sign for anyone who really feels compelled to use it