Router operators don't have a lot of incentive to update a router, or even arrange for someone else to do it. The damage done by a compromised router is done to someone else, which means the owner is probably not even aware of it, and if he is, I can easily see him rationalizing away any responsibility to fix it.
The user's lack of interest in updating translates to a manufacturer's lack on interest in providing updates or even preventing defects in the first place.
This is one reason I think people need to pay for their impact on the Internet, and there should be no exemption for good intentions. If you get billed for all the spam your router is sending, you'll take the trouble to download new firmware, you'll buy a new router, you'll pay more for an upgradable router or an update service, and you'll also pay more for a router with a warrantee against being hacked. You'll also demand that your ISP place limits on your service to protect you -- e.g. ISP won't accept SMTP connections from your router; ISP won't take more than a million packets in an hour from you, etc.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds