There was reference to a serious security vulnerability in one of the fairly recent Security Weekly podcasts and quiye some ridicule for QNAP. Something about the ease with which you could obtain the root password.
What are QNAP like for patching vulnerabilities? IME Synology seem quite fast producing patched versions of DSM with fairly frank admissions as to what the patches are for.
That needs a link...
I didn't read anything in the reviews and Googling I did before purchase.
If you mean they publish the default root password and don't force it to be changed on first use, then you have them on that one.
Only port 8080 and 443 are open on the web server and both of those can be simply turned on and off.
The other ports only get opened up when you enable the appropriate App.
Installation prompts for either a Home setup or Business setup. Business is a minimal set of Apps which you add as needed. Home gives you everything and offers a huge range of ports and services.
I could easily believe that the Home setup isn't particularly secure as there is WAY too many routes into the files; especially if the root password isn't changed.
You'd still need to get past my router to attempt a hack.
It prompted me to install a recent firmware update before proceeding with the configuration, so yes they seem to be actively maintaining the system.
The info about the update gave more details about the bugs that were fixed than I would expect from most vendors; unfair to criticise them on that one.
I have FreeNAS running on an old PC and it does the job.
It's not really comparable with Synology and QNAP. It's not a plug and play system, it doesn't offer the rich array of services and I wouldn't know where to start adding user accounts and access controls.
If you have an old PC with lots of disk slots and a chunky power supply, and all you want is networked storage, and you are willing to get your hands dirty then it's a good option.
My old PC is only a mini-tower and only has two slots (hard disk plus CD drive), the power supply isn't up to the job either; so it hasn't been particularly effective for me. Even my full size tower only has fours slots, and I had to upgrade the power supply when I fitted the extra disks. So even when it is retired it won't be an alternative to my QNAP.