How to Choose the Best Mesh Wireless System For Your Home


| How-To

Page 3: Software: Intrusion/Malware Protection, and Parental Controls

The Tri-Band Linksys Velop units stand tall and can often blend in well with other items in your home.

Software: Intrusion and Malware Protection

The more devices we have in our home, the greater the chances that one of them will get compromised and start doing something undesirable. For most of us this is largely a question of when, not if. The good news is that our routers are in a perfect position to detect, report, and even stop this activity. Even better news is that some routers are able to do exactly this!

  • Amped ALLY: ALLY has built-in AVG Security that provides protection against malware and phishing attacks, alerting you if/when there are issues.
  • eero: eero offers basic protection for everyone, including automatic detection and blocking of suspicious devices. Their $9.99/month (or $99/year) eero Plus service, available for all eero hardware, adds anti-malware, anti-phishing, anti-ransomware, and anti-virus.
  • Google Wifi: Not currently supported.
  • Linksys Velop: Not currently supported.
  • Luma: Malware and intrusion protection are built-in, and will alert the user via the smartphone app when a security threat is detected or blocked. The new, $5/month Luma Guardian service adds outbound VPN and antivirus features.
  • Netgear Orbi: Not currently supported.
  • TP-Link Deco: Deco includes a full-featured “Antivirus” system with a malicious content filter and intrusion protection system, and will quarantine infected devices. The entire Antivirus system is powered by Trend Micro’s database and is automatically updated every day. A three-year Trend Micro subscription is included with every Deco package sold, after which users would have to activate with a monthly fee.
  • Ubiquiti AmpliFi HD: Not currently supported.

Advice: This will become more and more important as time goes on. I don’t yet consider this a make-or-break feature, but it’s close. The good news is that it’s available on enough units that most folks will be able to get all the other features they want and have some level of intrusion and malware protection, too.

Software: Parental Controls

The term “Parental Controls” can mean a lot of different things, but at its most basic – and common – level, it means allowing you to set profiles for each person in your house, assigning all of that person’s devices to their profile. Then you can pause or resume any given person’s internet access, either manually or on a set schedule. Some devices go beyond this with packet inspection and active category filtering, as well.

  • Amped ALLY: In addition to a standard profiles-based feature, ALLY also supports blocking specific apps and site/service categories from specific profiles, providing a very comprehensive parental controls feature.
  • eero: eero includes a basic profile-based system by default. With an eero Plus subscription, you can get a little more granular with these controls.
  • Google Wifi: Basic profile-based feature included.
  • Linksys Velop: Velop supports a standard, profile-based parental control model, and adds to that the ability to block up to 10 specific website URLs per user.
  • Luma: Luma employs a standard profiles feature, and enhances it with a content filter that uses a G/PG/PR-13/R, movie-style rating to let you decide what types of content each user can access.
  • Netgear Orbi: Orbi uses Disney’s Circle for parental controls. Circle comes in both a free and $4.99/month Premium version. The free version allows filters, pause, and history for every user in the family. Premium adds things like Time Limits on apps/people, bedtime, rewards, and usage tracking.
  • TP-Link Deco: Profiles and time limits are supported in a fashion similar to the others, and in addition Deco contains a content filter that lets you not only filter from a pre-set list content categories, but also lets you configure the filter to block specific websites and apps on a per-user basis, too.
  • Ubiquiti AmpliFi HD: Parental Controls let you set quiet time for specific devices/profiles.

Advice: Most people we surveyed don’t seem to use or need any sort of parental controls, but for some this is a necessary feature. For us, the Amped ALLY and TP-Link Deco have the best out-of-box controls, and an eero Plus subscription brings that product up-to-speed, as well.

Table of Contents

  1. Summary Chart, Hardware: Streams/Antennas/Radios, and Ethernet Backhaul
  2. Software: QoS and BufferBloat Protection, Band Steering and Access Point Steering, and Cloud vs. Local Management
  3. Software: Intrusion/Malware Protection, and Parental Controls
  4. Geekier Features, Buying Advice, and Article Changelog

27 Comments Add a comment

  1. Graham McKay

    In the overview/summary it’d be nice to know which of these has been “internationalised”. Last time I checked there were a few mesh systems that were US only.

    • nicol

      From Google Wifi – we’re now available in the United Kingdom, Canada, Australia, New Zealand, Germany and France (we’re adding more countries later in the year too)

    • Dave Hamilton

      Plume is off the list solely because we’ve been unable to work with them on a test unit.

      I’ve heard very good things from Plume owners, but I only include things here that we’re able to personally test and work with, both short-and-long term.

      Every device listed here is up-and-running in some capacity, long-term, in a real household. I test short-term in my home and off office, and then relocate the systems with colleagues, friends, and family, to get true, real-world performance reports.

      We’d love to work with Plume, and have been trying for almost a year, but their review availability is unfortunately limited. We’ll get there with them. They just need some time.

      • John Kheit

        That is crazy. Do you have more than one going at a time. Just the sheer logistics of it all! Kudos Dave!

  2. whshep

    Surely this article should note a significant downside to the Eero: if the internet goes out, the whole network is likely to go out with it.

    According to Eero support, there is no guarantee of “Persistent LAN,” because while “the eeros will typically maintain the LAN when the internet connection drops,” eventually their “self-repair function” will try “to reestablish connection, and if the ISP service is still down when the eero does this, the LAN will be lost.” In other words, when you lose internet, you are likely to lose the entire network—no local streaming, no printers, no file transfer, no nothing. Forget listening to iTunes while you’re waiting for the Comcast truck.

    Never in my wildest imagination did it occur to me that a modern router—a premium-priced one at that—would be completely disabled simply because it could not connect to the internet (which around here goes out all the time). I wouldn’t recommend Eero until this is fixed.

  3. John Kheit

    Great article and info Dave. One more column on your table would be great. Privacy. Several of those products send your data/surfing habits (anonymized or otherwise) up to the cloud for analysis. Those are nonstarters for many privacy minded Apple folks. It would be nice to know which are wiretaps, which are not, and which have an option to turn that off.

    Anyway, as always, your analysis is a super service to the gear head community, so thanks!

    • Dave Hamilton

      On page 2 there’s a section titled, “Software: Cloud vs. Local Management” that discusses this. For the chart, I chose to distill things that matter to most people… and the remainder of the article goes deeper into those and other topics.

      • John Kheit

        Yea the cloud part is very useful, and I guess you can just assume if it has cloud ability, it will take your traffic. I suspect there might be some control over that, but the conservative approach is to just assume, if it has a cloud option, it’s a wire tap, even if it aint necessarily so, or there is an option to opt out…

      • John Kheit

        Which means only the Netgear Orbi or the Ubiquiti AmpliFi HD are options if you have privacy concerns. Thanks Dave!

    • Dave Hamilton

      The main difference is essentially what I described in the intro to the piece:

      For our purposes, we define mesh as a system that uses multiple wireless access points positioned throughout your home that all broadcast the same wireless network name (SSID) and are all managed from one interface. This last bit is important because, in most cases, being managed from one interface means that all the devices are aware of each other and can work together to manage the Wi-Fi throughout your home without you having to worry about it.

      With multiple routers (from the same or different vendors), one must manage each individually. On top of that, the routers are (generally) not aware of the fact that others are involved, so things like handoffs between the two can’t be managed gracefully, nor can the access points all participate in load balancing between the radios and each other.

      The setup you have is what I call “quasi-mesh”, and is essentially what I ran at my home and office for over a decade. There’s nothing inherently wrong with it and, especially with Ethernet backbone tying everything together, can work very, very well.

      But management of a quasi-mesh is a headache, and that can get even trickier when you don’t have Ethernet and want to link everything together wirelessly. Mesh, as described in the piece here, solves all of those problems internally, making it a plug-and-play experience for most.

  4. Lou Burt

    Thank you so much for the great article! I have been using airport extremes since 2008 and the all still work unlike the parade of Linksys etc. routers I used and had to replace about every year.

    How is the build quality of the various units? This is a big deal for me and why I love Apple hardware.

    Thanks again for the best article on this subject that I’ve come across.

  5. pnielan

    Currently using Apple routers and access points. What will I give up by going to mesh? Back to My Mac, Screen Sharing, Any Bonjour services? Anything?

    Thanks very much for the continually updated article. Costco has $70 off Orbi this holiday and with ethernet backhaul added may pull the trigger.

    • Dave Hamilton

      At this moment, we have to recommend caution when considering Orbi, and I’ve updated the piece above to reflect this. OrbiOS 2.1 (specifically, 2.1.1.12 and the current-as-of-this-comment 2.1.1.16) have introduced a TON of reports about Wi-Fi stability, and we’ve experienced those in our test environment here, too. Things were quite stable before 2.1, so I have no reason to believe that Netgear can’t resolve this but, for right now, we don’t recommend you update to 2.1, and for new buyers I just want you to be informed. Read the thread and decide for yourself, as always, but I just wanted to make sure everyone had the info that we have.

      • pnielan

        Thanks very much for this update. I went to the Netgear site and see some of this reporting. (Also see many satisfied users of prior systems).

        To Dave and all, back to original question. Currently using Apple routers and access points. I see what is to be gained by going to mesh (which by definition is non-Apple). But what will I give up by going to mesh? Back to My Mac, Screen Sharing, Any Bonjour services? Apple TV throughput? Wake over Network? What is dependent on Apple router?

  6. jsafire

    What about port-forwarding? I need this for remote access to fam and friends’ networks 8-| I assume these devices all have this capability but, I don’t see it mentioned – unless you’ve called it something else and it’s just not obvious to me. Thanks for a most excellent review, Dave.
    Jeff

  7. krispucci

    Great article. Very comprehensive compared to the others that I have read.

    Might be useful to add a section pertaining to integration with voice assistants such as Alexa or Google Assistant.

    I have also come across Plume which is another option. https://www.plumewifi.com/

    I hope these come down in price as they are all very expensive in CAD dollars.

  8. NicevilleSteve

    To Mesh or not to Mesh that is the question.

    Dave,

    I just finished reading your excellent 2017 blog addressing Mesh networking and I like the use of tables to highlight their capabilities.

    My 2-story 4,000 ft. home has an Ethernet backbone and I currently use two 802.11ac Airport Extremes and an 802.11n Airport Express to seamlessly cover my home in Wi-Fi. I am going to update my connection with a DOCSIS 3.1 Cable Modem and am considering an upgrade my wireless network.

    You have spoken highly of the Synology Router RT2600ac capabilities and I notice they have a web page specifically talking about virtues of using their routers to “Upgrade from Your Apple AirPort Routers” (https://www.synology.com/en-us/solution/AirPort_replacement).

    This leads me to my question about the gains I would see using their technology vs adding a Synology Router RT2600ac as my router and operating my current devices in bridge mode?

    Thanks for the entertaining, informative and educational Podcast. It is truly the best on the web!

    Happy New Year

    Niceville Steve

Add a Comment

Log in to comment (TMO, Twitter, Facebook) or Register for a TMO Account