The problem is asking other users to install DD-WRT/Tomato/OpenWRT in order to get a secure device. That's not something I would reasonably expect my parents to know about or do.
Consumer networking hardware needs to be secure out of the box, and automatically keep itself updated without any end-user intervention.
Installing alternate firmware should be an option, but it shouldn't be necessary.
Heck, as someone who used to run alternative firmware they seem to be making it harder for all. After a few years of a forced all-in-one device (thanks, Windstream), I went looking again... things do not seem as organized. Wiki pages argue with each other and point to forum posts without indicating which piece of information is most relevant, and in general things only look stable for routers that are at least two years old, with newer routers having regular, massive regressions. I get enough of JTAG at work, thanks.
> "and in general things only look stable for routers that are at least two years old, with newer routers having regular, massive regressions."
Yep. New hardware is shipped first with proprietary drivers, then shitty open-source code dumps. When the hardware vendors don't participate in the open-source process, it takes the community quite a lot of time to clean things up enough to be merged upstream. Usually by the time that happens the vendors will have secretly changed all the guts of the model with completely incompatible hardware at least once.
Just requiring a new model number for new hardware would get rid of most of the confusion. If the router and chipset vendors would actually maintain their operating systems as flavors of current OpenWRT instead of 5+ year old private branches, most of the problems wouldn't exist in the first place.
That's not something I would reasonably expect my parents to know about or do.
Then you should be teaching them, much like how I've taught friends and family to reformat and reinstall the OS on any prebuilt device before actually using it.
The only way things will get better for everyone is if we, the ones who know how, try our hardest to educate the ones who don't. If we remain complacent and want others to solve our problems for us, we're implicitly giving up our freedoms to the governments and corporations who are more than willing to take control of more and more aspects of our lives. Asking for "secure out of the box" will make them interpret it to mean secured against their owners. It certainly won't be easy, but that doesn't mean we should give up.
Not everyone is willing to take the time to learn. Some folks just aren't interested in the inner workings of their computer, or maybe they have other things they'd rather spend their time on.
It's like asking everyone to change their car's oil. Sure, it's easy enough to learn to do and will save you money, but some folks would just rather pay somebody else to deal with the problem. Both options are valid.
Consumer networking hardware needs to be secure out of the box, and automatically keep itself updated without any end-user intervention.
Installing alternate firmware should be an option, but it shouldn't be necessary.