Synology DS224+ vs QNAP TS-262 NAS – Which is Best For You?

Synology DS224+ vs QNAP TS-262 NAS – Which is Better?

Isn’t it great when any facet of the tech industry gives birth to competition! In the early days of any new form of technology, the relative scarcity and newness of anything result in very few options for buyers to get the best value or competitive experience for their money. However, it doesn’t take long before competition emerges, innovation flourishes, and ultimately any different form of new tech becomes a more fleshed-out choice for the buyer. The same has certainly happened in the world of network-attached storage (NAS), and although there are several different brands available in NAS, the two biggest names are quite comfortable: Synology and QNAP. For buyers looking at a compact, fully-featured NAS solution, two of the very best options in 2023/2024 are the Synology DS224+ and the QNAP TS-262. Both of these solutions are targeted at home users who want to be able to do a little bit of everything and although they do have a decent amount of small business potential, they have slightly different attitudes towards what you can get for your money. Although it could be very easy to describe this comparison as hardware versus software, the reality is a little bit more nuanced. But before we go ahead and compare these two current-generation NAS solutions, we need to also highlight what both of these systems have in common. Regardless of whether you choose the DS224+ or TS-262 NAS drive, you are guaranteed the following:

  • Both units feature an Intel Celeron processor for a good price vs hardware balance
  • Both can Stream and Transcode on the fly (so, live) 1080p HD or 4K media, with superior performance natively and mid-range performance in Plex, as well as both arriving with integrated graphics, so more aggressive graphical manipulation (encode/decode/conversion) is done much more efficiently
  • Both the Synology DS224+ and TS-262 NAS support AI-supported photo and ‘thing’ recognition supported to a very high degree from the free branded software included
  • For Business users who currently enjoy the use of Google Workspace or Microsoft/Office 365, both of these NAS provide excellent means to backup your mass cloud accounts (as well as natively sync, dupe and configure rules on the fly)
  • Both the TS-262 NAS and DS224+ NAS support snapshots, for more incremental and version-protecting failsafe in efforts to protect you from Malware and Ransomware attacks, by allowing multi-versioning storage history to browse through and restore
  • Both units are DLNA certified so can be accessed, browsed and played from by popular DLNA devices, such as Amazon Firestick, Alexa, Google Home, Chromecast, DS224+ TV, Bose, Sonos, iPads, etc, as well as connectivity between these platforms with IFTTT
  • Both are multi-bay, RAID enabled devices NAS devices that support JBOD, RAID 0 and RAID 1, RAID 5, RAID 6 and RAID 10 (as well as Synology Hybrid RAID too for their Plus series range), though support of storage media on each device does differ significantly in places
  • Both devices run on their own proprietary operating system that can be accessed remotely or locally. These include regular updates to the firmware, security patches, applications and more. Ranging from multimedia, home and multi-tiered backup applications, to more business-end tools such as Surveillance software, Virtual Machine deployment and business-class backup and synchronization tools.
  • Both the TS-262 and DS224+ use and can be accessed equally by a multitude of mobile applications such as DS File, DS Video, Moments, DS Photo, DSCam and DS Music that are created by and constantly improved by Synology. As well as QFile, QMusic, QuMagie and QManager from QNAP for iOS and Android.
  • Both NAS are completely compatible with Windows, Android and Mac systems, as well as acting as a bring between software platforms to share and distribute files for migration and file sync (Synology Drive and QNAP QSync)
  • Both units can be used as mail and/or business servers, providing excellent 3rd party CRM and first-party CMS systems. There is the Synology collaboration Suite of applications Chat, Drive, Mail, Calendar, Office and Active Backup Suite. Whereas on QNAP there is the QMail, Hybrid Backup Sync 3, Virtualization station and BoXafe tools
  • Both systems support the NVR use with QVR Pro and Surveillance Station applications, support numerous cameras and arrive with at least 2 camera licenses with your purchase (8 Camera Licenses with the QNAP, 2 with the Synology)

Both systems are fully featured examples of what each brand can offer on their own individual server platform. However, you want to know what is different about them and which one best deserves your data!

Synology DS224+ vs QNAP TS-262 NAS – Price and Value

Normally, in these comparisons, I would very quickly highlight that when comparing Synology and QNAP, the latter would be the more affordable choice. It has kind of been that way for a while, but things changed towards the end of 2022 when Synology revamped and reorganized their portfolio. In brief, Synology changed a number of the positions of their solutions while simultaneously removing a few different tiers in a portfolio to change which solutions were covering home, small business, medium business, and large-scale deployments. This meant that some systems had their hardware and their price point realigned up or down to better suit the overall portfolio and choice for buyers, and the result is that the DS224+ surprisingly manages to be the lower price of these two very similar systems in some (not all) locations. The DS224+ arrives at around $350 (give or take currency exchange, tax, and shipping), whereas the TS-262 arrives much closer to the $400 mark and in some regions actually crosses this a little higher too. Part of this raised price on the QNAP TS-262 is because of a change in memory implementation (arriving as a fixed 4GB memory and later changing to 2 SODIMM slots and more flexibility). More affordable examples of the TS-262 are available online (couple below), but typically the price is going to be a pinch higher.

Neither of these prices includes storage media and, depending on the capacity of the drives you are considering in either of these two main NAS systems, that is going to take its toll on your budget. So if the price tag of the system you are buying carries a lot of weight in your decision, the Synology DS224+ is probably going to be a better cost choice for you. However, we do have to factor in that not only is the price difference between these two devices comparatively small in the grand scheme of things, but we also have to think about what we get for our money and ultimately ‘value’! In this context, a NAS can be judged on its value in two very distinct ways: the hardware that you are getting for your money and the inclusive software the system arrives with, and it is in this way that these two NAS systems are remarkably different in terms of their priorities.

Synology DS224+ vs QNAP TS-262 NAS – Hardware and Connections

Very few of my comparisons have displayed two NAS systems that, although at a casual glance are very similar, are so wildly different in the finer details and scalability than these two NAS devices. The Synology DS224+ system is easily the less hardware-rich of the two, heavily relying upon a hardware architecture that feels somewhat dated in comparison to the QNAP TS-262. In Synology’s defense, they have had a lot of time experimenting and testing their software with this particular CPU (the Intel J4125 quad-core Intel Celeron) and clearly know how to make the most out of it within their software in terms of efficiency and capability. Nevertheless, for PC builders, those who understand how hardware innovates over time, and those who are looking for the best value for money in their kit, this Synology CPU choice is pretty underwhelming. Thanks to that portfolio change I mentioned earlier by Synology, the hardware you find in this home user multimedia NAS is actually near enough identical to the 2020 generation prosumer and fully-featured TIA. That would be pretty good if it wasn’t for the fact that the CPU was released in 2019 and that despite this system’s similarity to the 2020 prosumer tier, some scalability options and upgrade options are not available here. The QNAP, by comparison, manages to scale up over the Synology in so many different ways, with a couple of slightly peculiar backsteps along the way. First, let’s look at the arrangement of that hardware side by side:

Synology DS224+ vs QNAP S-262 NAS Hardware Comparison
Synology NAS
Amazon Price: $305 (09/08/23 – Check Amazon)

$332 (09/08/23 – Check Amazon)

Processor model Intel Celeron N5105 Intel Celeron J4125 (2019 Gen)
processor architecture 64-bit 64-bit
processor clock 2-core 2.0 (base frequency) / 2.9 (burst frequency) GHz 4-core 2.0 (base frequency) / 2.7 (burst frequency) GHz
Integrated Graphics Yes (450-800Mhz) Yes (250-750Mhz)
Hardware encryption engine (AES-NI) Yes Yes
system memory 4GB DDR4 non-ECC 2 GB DDR4 non-ECC
Pre-installed memory modules Yes, Fixed Yes, Initial 2GB Fixed
Total number of memory slots 0 1
Maximum memory capacity 4GB 6 GB (2 GB + 4 GB)
The maximum number of disk slots for an expansion unit 2x USB 3.2 (Supports 2/4/8 Bay Expansions) N/A
M.2 drive bay Yes, x1 (Gen 3×1) N/A
Compatible Disk Type
  • 3.5″ SATA HDD
  • 2.5″ SATA SSD
  • 2280 M.2 NVMe
  • 3.5″ SATA HDD
  • 2.5″ SATA SSD
Disk hot-plug support* Yes Yes

The big hurdle for a lot of users is clearly going to be that CPU choice. Side by side, the quad-core CPU inside the Synology is going to mean more cores for the system to take advantage of over the dual-core inside the QNAP. Potentially, both CPUs feature integrated graphics, which also means that for processes such as transcoding, handling of graphical data, and simple offline conversions, they are going to use fewer system resources to get the job done. But when we take a closer look, we can see that there is a lot more to it. For a start, the N4505 jewel court CPU inside the QNAP is a much newer generation processor and features a slightly higher clock speed too. Despite half the available core numbers, that is going to result in the CPU being noticeably more efficient thanks to modern innovation by Intel in newer refreshes of their processors. The integrated graphics on the N405 CPU are of a higher birth speed, and although the QNAP CPU will lose out on the sheer breadth of processing capabilities being dual-core rather than quad-core, in a home user environment, and unless you are going to push the system hard, you aren’t really going to feel it.

Then there is the memory inside the two NAS systems and a very distinct difference in how either brand deploys their systems. The Synology system arrives with less default memory at 2GB versus 4GB on the QNAP. However, the Synology features an upgradable Sodimm memory slot that allows you to add a further 4GB of memory. The QNAP, on the other hand, features 4GB by default, but that 4GB is soldered internally for reasons of efficiency and cost (in light of continued memory shortages over the last 2 years and rising NAND flash costs), which results in the TS-262 NAS not allowing memory upgrades further. Therefore, you are getting more RAM on the QNAP on day one, but better long-term scalability by around 50% on the Synology. The fact that both systems feature soldered memory by default is super annoying, particularly when you know both of the CPUs can support more memory officially according to Intel, of 8 GB and 16 GB respectively.

From this point, however, in terms of hardware, QNAP absolutely steals the show moving forward! In terms of ports, connectivity, and upgrade options, Synology has clearly taken a very rigid stance on the DS224+ system, and this results in an incredibly low glass ceiling in comparison to the TS-262 NAS and the sheer wealth of ways to upgrade its hardware throughout the system’s lifetime. The most obvious example is in network connectivity and one that more modern network equipment is going to benefit most! The Synology DS224+ arrives with two Ethernet ports, both gigabit in architecture. Synology has come under fairly regular criticism for sticking quite rigidly with 1Gb network ports on the bulk of their systems, only providing improved gigabit connections or 10G on their XS or enterprise-grade systems by default. Although these two Ethernet ports support bonding options such as link aggregation, port trunking, and the more modern and easy-to-set-up SMB multi-channel via Windows, there are going to be a lot of users that are disappointed with gigabit network port when even domestic-class hard drives these days can comfortably provide 160 to 200 megabytes per second performance, and increasingly affordable SATA SSDs double or triple that number. Therefore, an external connection that immediately throttles performance down to 109 megabytes per second per port is going to be disappointing. This is further exacerbated by the fact that there is no means to upgrade the network connectivity on the Synology NAS beyond 1G, with no PCIe upgrade slot or any compatibility or support officially for 2.5G or 5G adapters which are becoming increasingly affordable.

The QNAP TS-262, on the other hand, is a completely different story! Arriving with a single Ethernet port, you may think things have started poorly, but this Ethernet port is 2.5 GB Ethernet (2.5 times that of the Synology) and whether you are running a one gig architecture and/or thinking of upgrading your network equipment, this is going to allow you to have higher performance via the single port than both of the ports on the Synology combined. However, this is further improved when you discover that the QNAP now also supports network adapters as I alluded to earlier, meaning that you can add a $20 2.5G USB upgrade and even a $50 5G upgrade to the system to further upgrade network connectivity and fully capitalize on the increased performance afforded to you via your media inside the system in RAID 0 or RAID 1. In fact, these USB ports get even better when you find out that, unlike the 5GB. USB 3 Gen 1 ports in the Synology, the QNAP features 10G USB 3 Gen 2 ports. These USB ports support vastly more peripheral and accessory devices on the TS-262 than they do on the DS224+, ranging from network upgrades, wireless upgrades, office peripherals, and assignment towards virtual machines for either more utilization. But more importantly, these USB ports support storage expansions from QNAP that allow you to add a further two, four, eight, and sixteen bay expansions (in conjunction with the PCIe slot), which means that you are not limited in the system’s lifetime to just those two bays of storage. Synology, on the other hand, has no expansion support for the DS224+. They do have a couple of expansion devices for desktop use in their portfolio, but they are connected via eSATA and have not added this connection to their DS224+ NAS.

Continuing down the rabbit hole of expansion and scalability, there is the fact that the QNAP NAS has a PCIe upgrade slot. It cannot be understated just how important and useful a lot of users are going to find this upgrade slot; even entry-level home users are going to feel the benefits here. Unsurprisingly, there is no PCIe upgrade slot on the Synology DS224+, but why is it such a big deal that these NAS devices would feature one? Well, much like the previous point I made about default network connectivity on the DS224+ and TS-262, having a PCIe upgrade slot means that you can add even greater network connectivity such as 10 GbE via a one or two-port card! There is also support for SSD storage upgrade cards that allow you to add two more M.2 NVMe SSDs and turn this 2-bay NAS into a 4-bay NAS! Or you can go ahead and get combo cards that have both built into a single card that occupies one slot and gives you a massive storage upgrade and a massive external bandwidth upgrade! There is even support for Wi-Fi 6 upgrade cards, USB port upgrade cards, and a long-ranging list of third-party PCIe cards that can be installed inside this system to improve performance inside and outside! Because of the CPU choice here and efforts to keep things affordable on systems on the scale of the DS224+ and TS-262, the PCIe architecture of this upgrade slot is gen 3 x 2, which does limit the internal bandwidth to 2000 megabytes per second, but nevertheless, having the option of this upgrade on the TS-262 alongside those network USB upgrade choices, when the DS224+ provides neither, is definitely something worthy of note.

However, the upgrades on the QNAP TS-262 do not stop there with this system. Also arriving by default with two times M.2 NVMe SSD base as well. That’s right; you don’t even need to wait to upgrade with a PCIe card, and you can go ahead and utilize M.2 SSDs for caching or as raw storage pools straight away on day one, thanks to the system featuring these by default. Remember earlier when I mentioned that the Synology DS224+ is using hardware architecture in this home-tier solution that three years ago was in the prosumer tier, about certain hardware limiting choices have been made? One of those was the two M.2 NVMe SSD base that previous generations of this device had featured and are notably absent on the Synology DS224+. It’s a real shame that Synology opted to not feature these in this architecture, despite clearly having enough resources here to support it. This is quite a clear choice by the brand to place the system in a very specific area of their portfolio so it does not overlap the next tier, the Synology DS723+.

Finally, there is the fact that the QNAP TS-262, like a number of other different NAS solutions in their portfolio that feature integrated graphics, also arrives with visual output, in this case, an HDMI 2.0 4K 60 frames per second port. This visual output, combined with two dedicated USB 2.0 ports that can be used for low priority peripherals alongside this if you choose, allows you to run a completely parallel (not mirrored!) Software GUI that is dedicated to the HDMI out, called HD station. Well, it should be highlighted that QNAP does not update this service and its applications anywhere near as frequently as it does the other apps in the brand’s portfolio. There is still a good range of services that can be used here that allow you to run a standalone surveillance system with KVM, a direct multimedia center that has direct control via an infrared remote control/Wi-Fi remote via mobile/USB keyboard and mouse, the ability to run a standalone PC via this HDMI, while the system also continues to run the QNAP NAS OS and apps over the network as usual, and a whole bunch of other things. Synology has always been pretty clear about their integration of HDMI out on their systems, largely ignoring it for any system other than a handful of their surveillance systems. This is by no means a killer feature for most users, and I know that the percentage of QNAP NAS owners that actually utilize the HDMI is surprisingly small. But nevertheless, this is just another example of the sheer scope of hardware that has been packed into the QNAP TS-262.

Overall, it should come as absolutely no surprise that in terms of hardware, the QNAP TS-262 absolutely smashes it! Even if the base-level hardware of the Synology had been a more modern generation CPU choice (and we have to at least give them the benefit of the doubt that the system does provide more scalability in terms of memory and is a quad-core CPU too!), the overall standard and modern architecture of the QNAP TS-262 is just impossible to ignore, and you are getting frankly insane value for money in terms of hardware on the TS-262, then you do on the slightly older feeling DS224+ by comparison. However, we can’t just focus on the hardware, as having the best hardware in the world won’t mean anything if you can’t utilize it properly. So let’s start talking about the software that is included with both of these NAS systems to see if this is where Synology can shine.

Synology DS224+ vs QNAP TS-262 NAS – Software and Services

Spoiler alert, Synology is going to win this! If you have been spending even a moderate amount of time looking at either of these brands, you’ll know that where QNAP seemingly hit the accelerator in the hardware department, Synology absolutely dominates in terms of the software! QNAP arrives with QTS 5.1, the latest iteration of their software, and although it does lack some of the smoothness and intuitive nature of the Synology platform (DSM 7.2), it is still a very well-put-together and heavily-featured platform. Here is how they compare:


Synology DSM 7.2

Browser Support Supports all Browsers Supports all Browsers
Browser File Management Browser File Management
Photo/Music/Video Tools Photo/Music/Video Tools
Multimedia Console Synology Drive
AI Photo Recognition AI Photo Recognition
Edge m.2 Coral TPU Support
Storage Services
SED Drive Support SED Drive Support
QTier Synology Hybrid RAID
Hybrid Mount Hybrid Share
vJBOD Volume Encryption
Snapshots Snapshots
SSD Cache (Read/Write/Both) SSD Cache (Read/Write/Both)
Cloud Sync / QSync Cloud Sync
Drive Failure Predcition & Migration Fast RAID Rebuild
RAID Resync control RAID Resync control
Secure Erase Acrtive Backup Suite
Lots of Expansions (TR/TL) Hyper Backup
HBS 3 Synology CMS
Qfiling and Qsirch Write Once Read Many
Business Applications
QVR Pro – 8 Camera Licenses (+USB Camera Support) Surveillance Station – 2 Camera Licenses
Virtualization Station Virtual Machine Manager
Ubuntu Linux Station 18/20 Docker Support
Container Station Active Backup 365 & Workspace
Hypervisor Protector Synology Office, Chat, Calendar
QMailAgent Synology Mail / MailPlus
HD Station Synology C2 and Services
Security Councillor Security Councillor
Malware Remover Synology VPN Plus
McAfee Anti-Virus Scanning Log and Notification Center
QVPN Auto Blocking on SSH, Telnet etc
Log and Notification Center 256 bit Encryption
Auto Blocking on SSH, Telnet etc 2 Step Authentication
256 bit Encryption Firewall App
2 Step Authentication Access Protection and Allow/Deny list
Firewall App Synology Secure SignIn
Access Protection and Allow/Deny list Synology C2 Password

The TS-262 also supports QNAP’s QTier service, a unique alternative to utilizing faster SSDs as storage pools or for caching. With Q Tier, you can combine your available slower hard drive storage media and faster SSD media into a single storage pool. Upon doing so, over time the system will learn what are the most frequently accessed files, ranging from small metadata and OS files all the way up to larger block data, which is then moved (not copied, as found with caching in smaller files) to the faster storage area. Then over time, as you and your other users use the TS-262, those more frequently accessed files will be retrieved from the faster SSD and create a much more responsive and faster user experience. Combine that with the improvements in the base level, network bandwidth on day one, or via upgrade, and the benefits of QTier in a mixed media storage device are very useful indeed.

We also have to acknowledge that one of these two brands suffered something of a PR disaster back in 2021/2022 when QNAP was one of the brands that was targeted by the Deadbolt ransomware group (alongside Asustor and Terramaster), resulting in more than 3,000 successfully hit devices who suffered targeted data encryption in small or whole system storage extents. The impact of this, combined with QNAP’s handling of the attack and their response to semi-force updates on systems remotely, resulted in a lot of lost face by many in this brand, and they will be carrying the stigma of this event for quite a few years yet. In comparison, Synology, though targeted by the group, were not successfully attacked, and at the time of writing, it appears that no Synology NAS user was ever hit by Deadbolt ransomware. In fact, aside from the Synolocker attack on Synology NAS systems over a decade ago, there has not been any widespread reported successful attack on their platform that comes even slightly close to the Deadbolt attack on QNAP.

To put this into a little bit of perspective, all network-attached storage devices received regular security updates for years, long beyond the hardware warranty of any singular NAS hardware. This is because software development can only ever really be one step ahead of the hackers. A brand releases software, hackers begin to try to find vulnerabilities, and when successful, the software brand releases a firmware update, and the cycle begins again. The majority of software these days is actually built on just a handful of different software architectures such as Linux, which in turn go through the same cycle of update>attack>update as any other software. However, when THEY roll out an update, the software that is built on them needs to customize that firmware update on their platforms, which takes time! Both of these brands, alongside every other reputable software brand that has even a hint of internet/remote access, has their security advisory pages that you can find online, which will detail the number of vulnerabilities that have been highlighted and the progress of their resolution. So, no brand will ever be considered 100% bulletproof from security vulnerabilities, as any piece of software might have a vulnerability that has just simply not been found yet, but there is simply no denying that between these two brands when it comes to security and how they have managed this subject, Synology seemingly has the edge.

If you are still on the fence about whether you should buy the Synology DS224+ or QNAP TS-262, and you intend to spend a decent amount of time with their respective software, then I would strongly recommend that you head to one of the two demo pages below. Both of these allow you to test out and experience the respective NAS software from each of these brands and will give you a good understanding of how each one works, how intuitive or user-friendly they are, and whether either software will provide you the level of reliability, stability, or customization that you are going to need before you purchase either the DS224+ or TS-262 NAS.

Synology Diskstation Manager 7.2 Online Demo – HERE

QNAP QTS 5.1 Online Demo – HERE

Ultimately, much like previously when QNAP was holding court and comfortably winning the hardware comparison of these two NAS devices, in the case of software, Synology absolutely smashes it. It’s not a complete flawless victory, as the QNAP QTS platform does provide a wide range of first-party services, much more customizable and adaptable services, and a wide range of third-party support compared with Synology DSM. But in terms of UX design, smoothness of GUI, long-term security management, and first-party ecosystem services, the Synology DSM platform on the DS224+ comfortably places it ahead. This is as you would expect from a brand that, when purchasing one of their solutions, places the emphasis on the software more than anything else. You can really feel the investment there! If you are in need of further comparison, you can check out my reviews on both DSM and QTS below in the software reviews over on YouTube:

QNAP QTS 5.1 Before You Buy (YouTube) Synology DSM 7.2 Before You Buy (YouTube)

Synology DS224+ vs QNAP TS-262 NAS – Verdict and Conclusion

It would be so, so easy to simply label this a case of hardware versus software, and indeed there is a ring of truth to that when you look at just how much is packed in with both the DS224+ and TS-262 in terms of priorities from either brand. However, the reality is a little bit more nuanced, as it really will come down to both what the user needs and their level of experience. Though the software on the DS224+ towers over the hardware when you purchase the device, it also needs to be stated that good software can make the most of weaker hardware, and having a system that requires a lower skill level in order to make the most out of it, for some, is going to be worth its waiting gold! You need to think of the Synology NAS systems as something of a complete ecosystem rather than just a data storage solution, providing more applications to replace those third-party alternatives that may exist in your network and create a truly synchronized storage networking communication environment! However, all of that arrives with limitations, with a lower glass ceiling and often with a feeling that the system is being held back intentionally in efforts to maintain that balance in the case of the DS224+. The TS-262, by comparison, gives you more hardware, more bandwidth, greater opportunities to upgrade and scale out your storage, and does so with a software platform that takes off the training wheels. This can lead to inconsistencies, this can lead to a higher learning curve, and ultimately leads to an experience where you may have to spend more time getting the system to wrap around your existing workflow rather than the other way around. This is where the TS-262 excels, as it tries to give you the control to do things your way, but may also hit the odd hurdle when it’s trying to do and be too many things to too many people. If you are looking for a streamlined experience that will hold your hand the whole way, go for the Synology DS224+! If you are looking to take the reins of your hardware, get a system to work the way YOU want it to, and have more opportunities to scale up your network storage in many directions, go for the QNAP TS-262. Both systems excel in what they’re trying to do at this price point, and as long as you know what you want from this system in advance, they will fulfill those needs appropriately!

Amazon Price: QNAP TS-262 NAS

$305 (09/08/23 – Check Amazon)

Synology DS224+ NAS

$332 (09/08/23 – Check Amazon)


    🔒 Join Inner Circle

    Get an alert every time something gets added to this specific article!

    Want to follow specific category? 📧 Subscribe

    This description contains links to Amazon. These links will take you to some of the products mentioned in today's content. As an Amazon Associate, I earn from qualifying purchases. Visit the NASCompares Deal Finder to find the best place to buy this device in your region, based on Service, Support and Reputation - Just Search for your NAS Drive in the Box Below

    Need Advice on Data Storage from an Expert?

    Finally, for free advice about your setup, just leave a message in the comments below here at and we will get back to you. Need Help? Where possible (and where appropriate) please provide as much information about your requirements, as then I can arrange the best answer and solution to your needs. Do not worry about your e-mail address being required, it will NOT be used in a mailing list and will NOT be used in any way other than to respond to your enquiry.

      By clicking SEND you accept this Privacy Policy
      Question will be added on Q&A forum. You will receive an email from us when someone replies to it.
      🔒Private Fast Track Message (1-24Hours)

      TRY CHAT Terms and Conditions
      If you like this service, please consider supporting us. We use affiliate links on the blog allowing NAScompares information and advice service to be free of charge to you.Anything you purchase on the day you click on our links will generate a small commission which isused to run the website. Here is a link for Amazon and B&H.You can also get me a ☕ Ko-fi or old school Paypal. Thanks!To find out more about how to support this advice service check HEREIf you need to fix or configure a NAS, check Fiver Have you thought about helping others with your knowledge? Find Instructions Here  
      Or support us by using our affiliate links on Amazon UK and Amazon US
      Alternatively, why not ask me on the ASK NASCompares forum, by clicking the button below. This is a community hub that serves as a place that I can answer your question, chew the fat, share new release information and even get corrections posted. I will always get around to answering ALL queries, but as a one-man operation, I cannot promise speed! So by sharing your query in the ASK NASCompares section below, you can get a better range of solutions and suggestions, alongside my own.

      ☕ WE LOVE COFFEE ☕


      locked content ko-fi subscribe

      DISCUSS with others your opinion about this subject.
      ASK questions to NAS community
      SHARE more details what you have found on this subject
      CONTRIBUTE with your own article or review. Click HERE
      IMPROVE this niche ecosystem, let us know what to change/fix on this site
      EARN KO-FI Share your knowledge with others and get paid for it! Click HERE

      244 thoughts on “Synology DS224+ vs QNAP TS-262 NAS – Which is Best For You?

      1. One thing not covered that is important to me is BACKUP. My old QNAP TS-221 uses a backup system that will overwrite the old on a NAS USB Drive, no incremental to fall back for a week ago or a month ago etc. If a file was infected for some reason on the NAS the backup is overwritten with it making the backup useless. Has this been resolved in the new TS262-8G thats now out. Does Synology also have this problem? I also use Netback Replicator to back up my PC to the NAS rear USB Drive, on my old NAS it runs its CPU close to 100% which I hope with new PC would have some resources left over. What is the Synology App like for backing up a PC to the NAS?

      2. Im a totally beginner in NAS and am planning to store all personal and family photos. I was planning to get the Synology DS223J but was looking at the DS224+, as well as a QNAP option. I will only use it for personal purposes and work exclusively on Mac (and mostly on iPad).
        So my request for an advice is which model would you recommend, considering I don’t want to break a bank. Thanks

      3. Been watching your videos a lot lately. Been debating the diy vs turnkey options for awhile to replace my aging Netgear readynas. Is there anything diy that can touch a 12 bay option with expansion like the DS3622xs+ ? I like the form factor and efficiency, but not the cost, Yikes. For a DIY to entice me it would need to be at least $1000 to $1500 less for similar spec.

      4. I was thinking your comparison on software bundles more than just “storage”. I think it would be better to split out storage (you know, the S in NAS) and just compare the software on storage. That would be a better NAS comparison. Then add in all the other stuff for people who want the NAS to do all that other stuff. I was looking for storage only and I think you over emphasised Synology for other reasons, justified if you want those other things, but not a fair comparison as a NAS

      5. Both have problems with upgrading RAM. Synology has 1 memory slot up to 4 GB (if you’re lucky, maybe 8 GB). And for QNAP the memory is completely soldered without an additional slot.
        The only thing QNAP has is HDMI and 2x m2 slot
        very very sad NAS series for upgrade (((((((((((((((((((

      6. Thank you in advance for your helpful guides. I just bought a QNAP. I follow your guide and I think I configured everything correctly but my nas is soooo laggy and slow. How can I check if everything is okay?

      7. I miss the discussion of the Android Apps.
        I struggled in my decision and I was short before to buy a qnap. Now I will get a Synology.
        I am a programmer, and I know enough about all those stuff. But finally I want to work with it. Want to use the Apps and mobile devices. So the final decision is no pro Synology

      8. Great video. I am looking to replace my 5 year old Netgear ReadyNAS 204 with a new Synology 923+ or 1522+. I am primarily using it as a file server but in the future I would probably also use at for automatic backup of our 3 desktop PC’s and 2 laptops.

        hould I consider anything other than these 2?

        It will be connected to a 10 BGit network.

      9. Thank you for the very informative videos. Im interested in a beginner NAS setup. Im always running out of storage and I would prefer to manage my own cloud instead of paying monthly service fees. The data I will be storing are mainly pictures and videos taken from our mobile devices from many years ago. I can’t decide between Synology or Qnap or WD. I know they have their own faults and I recently watched your video about WD cloud ultra being hacked. In your honest opinion, what would be the safest bet for less vulnerability of data from hackers? Should i just stick with a desktop attached storage? I would like to have the ability to access my files on the go which is why im opting for a NAS setup. But terrified of my data being hacked. Also, Is there a way to setup an auto backup from a personal NAS to an external storage HDD? Thanks in advance.

      10. QTS app is ugly as hell, coming from an Apple Ecosystem, it’s really a drawback , Typography, icons and UX is a real nightmare. I wish they did a sober flawless user interface. I’ll never understand these Nerds designing visual interfaces

      11. Thanks for the great video. One question that keeps me puzzled (and possibly many other viewers), however, is which of those two devices provides a faster experience. Particularly, you describe on the one hand that Ts262 is much better hardware and therefore faster operation, but on the other hand you state that due to the software the ds224+ would run faster and provides a smoother experience. Could you explain a bit which device provides the faster or snappier operations ? For my case, the NAS will be used for backing up and watching/streaming my photos and videos in the mobile phone app. My current ts233 fails to provide a stable and fast experience for these basic user things. Thanks!

      12. Awesome review! Lots of info to process when you are talking from a really technical knowledge base ????
        After running 5 years with two TS-253Be NASses, I decided to change drives to SSD’s.

        Updated the QTS and started from bottom up as a new system, having all my files rsynced to the second NAS.
        During install, I had to check the box – paragraph 6 of the Qnap TOS – that Qnap is allowed to audit my NAS if I am behaving well ANY TIME…
        This concerns me a lot because I don’t want NOBODY to snoop in my private files.

        Can you tell me, if I only use the Qnaps as file storage and rsync backup, how I can be shure that Qnap can’t access my files??

        If not, I’ll move over to OpenMediaVault being quit nice but needing a steep learning curve when talking about correct implementation of encrypted filesystem and backing up the boot drive which can’t be in raid on this NAS.

      13. I keep looking at the Synology option, but the drive compatibility aspect just make me go meh. So still on QNAP using WD Red Pro and Red NVME. DS1621+ of interest.

      14. Way too much technical comments for those of us who are trying to get away from multiple external drives. I would like to find a NAS Video for dummies.

      15. Interesting tip for some is that if you’re looking to spend the money on the 262 have a look at the 462 as well, the 4 bay model. As the price of these two might be pretty close. The 20 bucks extra(430 vs 410 in my case) could be worth the 2 extra bays. I’m not sure which one to go for yet, but I happen to notice it while browsing,

      16. I understand why they would limit the HDD’s/SSD’s compatibility to avoid misuse but they could at least allow CMR NAS and Enterprise WD and Seagate drives. Btw starting and shutting down a nas everyday what does it do to the disks? Does it prolong the life of the components? Even though they are designed to run 24/7

      17. Dude, I knew nothing about NAS a week ago. Your content basically guided me toward my first purchase with so much more confidence. I hope every first NAS buyer watch your content. Keep up the incredibly good work ????

      18. Be clear on the SSD storage pools, its not that other units do not support it, they do… Rather, this is just fleecing customers – Synology don’t want to enable on other models, as they want you to believe its “unique” to certain models an encourage you to buy the newer model, and throw the old one out (Yeah, great environmentally-friendly move there!

      19. My first NAS was a qnap and it randomly decided to drop one of my drives, then decided to totally reset itself without any of my input. Replaced it with Synology and it’s been so much more stable. Qnap OS (QTS) is utter crap.

      20. For the container station part, it looks like it will be simple, but in fact you have to read all FAQ/docs, forums, discords (where no one answer) to hope to do something that might work. And it’s not that I don’t want to use their version of an app, but they’re outdated, plex for example has a version that’s 7 months old!

      21. @NasCompares – I’m considering purchasing the QNAP TS-464 however given its been out a year, do you know off any upcoming new models releasing shortly? How often do QNAP refresh their line up?

      22. Please can you do a video on setting up of DLNA server on latest QNAP software. Bought a few weeks ago a QNAP SILENTNAS HS-264 to backup my music ripped on my Naim HDX Music server (2000 CDs). But there is no DLNA server on the QNAP software. The multimedia console app does not work. It cannot see any of my music DLNA devices on my network, except for my bluray player. Why is there no DLNA server on SILENTNAS HS-264?

      23. Synology Hyper Backup doesn’t even support OneDrive natively. DSM and Synology apps seem consistent, but there also seems to be a walled garden that limits what you can do with a Synology NAS.

      24. Interesting. Had Qnap 20 years ago, and at the time, it seemed a hot mess of inconsistency with processor slowing to a stall if you did too much. That clearly hasn’t changed.

        Pity, as some of their software shown looked good, and almost had me in “buy” mode. Waiting to see similar on ADM and TOS (Synology is unfortunately dead to me, without a gpu).

        THANK YOU FOR THIS – Best review you’ve done!!

      25. Hi,

        Just wanted to let you know that qnap are shipping TS 264 with upgradable sodim ram slots, so 16gb is the maximum for this little beast.

        Would you please look it up or try to get your hands on one to do some comparisons with your current 8gb soldered unit?

      26. Thank you for the thorough review. I’m thinking of buying a new NAS and am torn between waiting to see Synology’s 2024 offerings and getting a QNAP. I currently have two older Synology NASes (1512+,1813+) that have served me well, but I would like something capable of being a self-sustained Plex server with good transcoding capability. QTS gets a bad rap in many reviews and on some forums, so it was good for me to see the newest version in action. QNAP’s security history still remains a concern, but it looks like they’re headed in the right direction. Thanks again.

      27. Thank you, we need more software reviews!! If I wanted a DIY NAS I’d build that, so the software and ease of install and ises of key components for NAS users (and I don’t care if it is all through Docker – may even be better). I dont want a bunch of non-maintained first party apps, and want to know the software is improving.

        Now please do ADM 4.2 and TOS 5.1 (Synology has no GPUs so not interested for media transcoding so less interesting, but sure others might be).

      28. I used your video on Virtualization Station (VS) from April 2020 to create a VM from my Windows 11. It was just enough hand holding to get it done. But now that VS 4.0 Beta is on my QNAP, it’s different enough that your old video has lost a lot of its usefulness. So, I look forward to your new VS video. When you do that video, I would really appreciate it if you would compare the various methods of deploying a VM such as Create, Import, Convert and when each would be used. I find that part or the process somewhat confusing. Also, some tools create VHD files whereas Virtualization Station requires VMD or ISO files. Maybe touch on how to create or convert those files. (I used VMware Ver 6.3 to create my Windows 11 VM but for some reason Ver 6.4 wants to create the incompatible VHD files.)

        I would add that SpaceRex did a video in May 2020 about connecting to your VM using the Windows Remote Desktop Connector which really speeds things up. Also Scotti-Byte did a video in August 2022 on speeding up VM’s by properly installing the VirtIO drivers. That made a huge difference as that affects screen resolution, network adapter, and HDD.

      29. MARS also doesn’t seem to work at all – when trying to connect to Google Photos, I just get ‘sorry, something went wrong, try again later’ – not very helpful message… Some of the apps available in this ecosystem appear not worth bothering with. The basics are rather decent, I have had no major problems.

      30. Umm I hate to say it but your wrong on both accounts of BTRFS and encryption. I just got their lowest end current model the ds223j and i have both of these options. I however didnt enable encryption as it will make transfering data slower and im not worried about my NAS getting stolen.

      31. Thanks for the video. I am using Exos 14TB hdd in my new DS1522+ system hope that’s okay. I got that incompatibility warning as well but ignored it.

      32. I have a Synology DS918+, but the way I’ve always tried to use it is to basically make my setup idempotent as it were. What I mean is everything I host on there, I just host it with Docker using Docker Compose, so if I ever got another NAS, or built my own server – whether it was Unraid, TrueNAS Scale, or just plain Debian, I ought to be able to just install Docker on it, then copy my docker folder over to it (which contains the docker-compose.yml and all the persistent storage for my containers), then run: docker-compose up -d, and all my stuff should basically just work, without being dependent on a particular operating system or vendor.

        The only “first party” Synology things I use tend to be monitoring and backup. I do use Hyper Backup to backup my important stuff to Backblaze B2, but I’m wondering if Hyper Backup makes a backup that only a Synology NAS could read. If my NAS died would be be able to recover my data without buying another Synology NAS?

      33. Great overview mate. My only gripe, as always, is no DTS support on video station. I have to transcode my videos before putting them up on the Nas. Why don’t they simply charge the user a fee for a license to which I am willing to pay? Being I don’t use Plex, does Plex play DTS videos on a Synology NAS? Thanx Robbie & G’day! ????????????????????

      34. I’m somewhat of a novice and this may be a dumb question, but HDDs seem like plug and play hardware, why would some drives not be compatible with Synology NASes?

      35. I like the pc v console analogy. it explains quite a bit. And i was a pc builder and gamed a lot on a pc but as i got older i ended up a console player and i can see the huge benefit of things just working without me having to understand how to flash my bios chip or even know what a bios chip does. that being said i want things how i want them and when so i like customization as an option. For example i use my iphone to store all my music locally just like i did with mp3s and an ipod. Ipods order files in long texts lists which is great if you have several hundred artists and songs etc. But apple changed their app so it had cover art, often only 4 to a screen. Meaning it took ages to find things scrolling 4 at a time when it used to scroll 10 or 15 artists per page. And also it’s organized by album and in a world of singles i don’t know allthe albums on site and i also don’t ever search by album. I might know an artists and a song. But not the album it was on. But either way i’d like to be able to reorganize the how it navigates. and i ended up buyiing a third party music player “CS music” that had that feature. So yeah customization is an important consideraation. And until they went away from celeron i was all in on Synology.

      36. you’ve got a global reaching channel and you’re still talking “nickers and quids”.. time to grow up don’t you think? US dollars will give people a better understanding of the value globally, despite I’m not American unfortunately they’re the global currency currency

      37. As always great video. I would go with Synology as I am old Synology user,
        Wondering what 2.5gbe USB ethernet dongles are compatible with Synology DS216+II?

      38. Wait a min, why not just buy a mini pc with a ryzen 5600u for 250 bucks and a HDD enclosure and make your own file /plex server with 2 – 3 x graphically and computational performance?

      39. Your videos are very nice, thanks. A suggestion would be to compare the applications capabilities in both NAS.
        I want to buy a NAS with a better hardware because Synology is really bothering me leaving 2.5Gbps out of the table.. I would like to know about usb-copy, rsync, snapshot replication, if Asustor or QNAP are able to fulfill my requirements at the app and functionality levels. Thanks.

      40. HI Mate A little Off topic I know BUT 🙂 i’m kinda new to all this. Mate when i’m wondering Can I run a PLEX Nas Server and a Home Cloud for backing up phones “Wife’s 1000000000 pics” lol and kids phones on the same NAS ? If so what would be a Great NAS for me to BUY. I’m willing to spend around the $1000.00 to $500 AUD Mark.

      41. Although it’s not officially supported according to Synology, I understood that you can expand the memory of the DS224+ with 16GB to 18GB in total. That’s a huge advantage compared to the QNAP I would say. But as you mentioned in the video, only the expansion of 4GB is officially supported.

      42. Hello, thank you so much for the review. One question regarding the Asustor AS5402T, is the nvme restricted in them or can we use any brand we like? Thank you

      43. Qnap make amazing kit. I’ve been running them for over ten years without any major issues – the minor ones being due to the hardware slowly getting older and associated problems with that such as firmware updates requiring manual steps to install (although big kudos for them still releasing security updates for my ancient systems), and lack of support for larger drives. Yes, I’ve recently bought another one.

        I am impressed with what you can do with their NAS systems *but* as much as it is tempting to use these extras I never would. Years before this deadbolt etc thing happening I was recommending people not to use the remote features. That is not because I specifically don’t trust QNAP to get things right. I would not trust any third party to be able to ensure that there are no holes or backdoors. That includes, by the way, systems such as Teamviewer. Responsibility for the security of my data on my network is up to me – if I hand any of that over to anyone else then that is an act of faith that I am not willing to take. The risk vs reward does not add up.

        My recommendation is yes to ensure that your devices are patched and kept up to date, but I would also recommend to not directly expose anything like that to the internet. Rather, I use a VPN to get to my network and from then on it is like I am at home. For a ‘hacker’ to get to my data, they would need to be able to get in through that one hole that is as secure as I can possibly make it.

        The other recommendation is to not focus on backups to prevent loss of data due to a hack. That is a concern of course, but there is also a big risk of loss of data due to hardware failure. I have seen total data loss due to two disks failing in a RAID, data loss due to corruption, even a direct lightning strike (although in that case I was able to recover the data through some miracle). Backup because bad stuff happens – like insurance, you may not need it but it is really good to have just in case. Also make sure there is an air gap between at least one of your backups – I have seen data loss due to the corrupted data being backed up over good. Minimum I would suggest would be to have two backups – one where all the data is regularly backed up to a second device on site (maybe an old NAS with drives in a RAID0 array) that is usually physically disconnected when the backups are not running, and the other to a remote site such as a cloud service. Note that you may have a huge amount of data that could be backed up – and to do that to a cloud service might take an inordinate amount of time as well as cost a fortune – but you can also structure your backups so you only backup what you really need eg family photos and important documents that cannot be replaced. Local copies of most movies, for example, can always be ripped again from the originals or simply watched from streaming services.

        Finally, I would note that I do like being able to install updates based on my own schedule. If they are forced by default (and I agree that is a good setting for most people) at least provide me with the option to turn off forced updates and perhaps just pester me. This enables me to ensure I have backed up my data before an update is applied. Yes the updates should be applied, but I have seen issues – not with Qnap, but that doesn’t mean it couldn’t happen – where a device is basically bricked after a failed update. I know that I should have a fairly recent backup, but I would rather do it when I know I have a valid and current backup just in case. 🙂

      44. I have been hit. Is there a way to fix this without ruining or losing all my data? Admittedly, I am a noob who thought of QNAP as a plug and play with all the appropriate security built in. Any help, would be very much appreciated.

      45. With all due respect you have blown past the single biggest issue that is 105% QNAPs fault. And still persists to this day. EVERYTHING. And I do mean EVERYTHING on their OS runs as root. As a perfect example:

        [/] # ps -elf | grep admin | wc -l

        I have 3 apps installed on my system that don’t ship by default, and I’ve removed and disabled as much as possible and still…..587 processes are running as “root” or admin as it were. This is beyond unacceptable. No process outside basic core processes required to make the OS work should be running as admin and sure as hell not something like Plex. This screams that QNAP is incompetent as everything is running wide open. This is exactly how these malware apps were able to encrypt the content. They used the tools on the system to encrypt it because they were running as admin. They could do whatever the heck they wanted.

        [/] # ps -elf | grep -i Plex
        4906 admin 103212 S /share/CACHEDEV1_DATA/.qpkg/Tautulli/bin/python3 –daemon –port=XXXX –datadir=/share/CACHEDEV1_DATA/XXXXXXX
        21774 admin 84 S Plex EAE Service
        25832 admin 298956 S ./Plex Media Server
        25879 admin 13616 S N Plex Plug-in [com.plexapp.system] /share/CACHEDEV1_DATA/.qpkg/PlexMediaServer/Resources/Plug-ins-ca0c45ff8/Framework.bundle/Contents/Resources/Versions/2/Python/
        28587 admin 756 S /share/CACHEDEV1_DATA/.qpkg/PlexMediaServer/Plex Tuner Service /share/CACHEDEV1_DATA/.qpkg/XXXXXXXXXXXXXXXXX

        Going back to your house analogy. If I lived in a shitty part of town I damn well would have video surveillance in my house and have a safe for valuable when I’m away. QNAP has locked the front door. Sure. But the windows are open and all the valuables are out and can easily be seen inside the house.

        PS- And before saying I should be running Plex as a different user. I created a plex user, selected application priv and Plex never populated under that. If there is a way of running apps under alaternate user creds it is far and away hidden from the common user interface. Even a simple google search results in people asking why would you even want to do that.

      46. Yeah right. AS soon as I have a good solution to backup 92TB of data…..I’ll do it. upload speed is 40mbit a second. (Thanks shitcast….like I care about the gig download speed.) and 100TB external storage is expensive AF. I looked at tape……5K for a tape drive.

      47. In the age of VPN technologies such as used by Tailscale, I think all NAS vendors from now on should integrate Tailscale or similar and offer an easy solution for remote access. Like what was said in this video, allow users to set up remote access with open ports, but warn them several times before allowing. Tailscale does not require any open ports on your router to the outside world, and even works through carrier grade NAT.

      48. That sucks. I was leaning this way over Synology due to the proprietary crap they seem to be missing ing to. I’m also looking to use this as an alternative to Google Photos and Amazon but it sounds like it isn’t even close to secure.

      49. I found the txt files in my /home folders for each user. Luckily my Nasbook wasn’t encrypted. I setup firmware updates to check at 6am every morning and auto update all apps. I also deleted every app I don’t use and have it set so that the NAS reboots every morning at 5:30am. I deleted the HelpDesk app. For some reason the latest firmware doesn’t start the app automatically anymore, sounds suspect to me. My Nasbook seems to be ok. The only thing that bothers me is that the OS will randomly shut down but the router ports still active, maybe once a month. I’ll have to unplug the Nasbook twice to get it running again.

      50. I only use my QNAP NAS to store videos so I can watch them via Plex on my internal network. The router must have some open ports since it is needed for my security cameras (port 80 and 6036). It has taken me weeks to rip my DVDs to the QNAP and because of deadbolt, they are all useless now. So I can start again. I have a large house with IoP devices throughout. Any useful suggestions?

        The minority but visible issue of RANSOMWARE points to the same conclusion of managed time only on the internet and a different access and use infrastructure, harking back to CompuServe and even military peer to peer access only to break the back of the Time Jack and Slave issue.

      52. QNAP products are a colossal Waste of time and money. QNAP has become a constant worry and threat to my valuable Data. It has been only a few years that I have been configuring and securing my data on these and I have lost all confidence in this company and its software and hardware. The Ransomware attacks go on and on and on and on… I call BS.

        QNAP software and security is awful. Two years ago I got hit with Ransomware from the QNAP Cloud itself because lets face it… even if you secure your end you can bet QNAP is NOT secure on their end. Never. No way.

        QNAP is not for amateurs and it is especially not for professionals. Professionals don’t waste their time on crap. The QNAP products are so laughably insecure that you might as well kiss everything you put on these boxes goodbye. ????

      53. Thank you for this I was hit in Sept and my photos mostly traditional formats but most of my RAW files were not.
        EVERYTHING said here is accurate and correct . I travel on the months sept -Jan and enable MyQnap for remote access. When I went in to access files for Xmas photo book for family I found out I had been hit

        Also because I was running daily virus checks with Malware … it saw scanned the problem at 3am Sept 8 2022 and quarantined the virus… so make sure you have this running. I also had auto updates on firmware

        I have ripped out photo station for time being until I can get back to physical hardware. I hope this help
        But this Video is exactly correct

      54. I agree the owner should have total power over their equipment. Forced updates and forced restrictions do not sit well with me. I am responsible for my data and my device security. That said Qnap is totally at fault for producing insecure apps, and not notifying users in a reasonable time.

      55. This video is like payed by QNAP:
        “It’s customers fault that they allow QNAP apps to run”.

        It’s better to say it simply:
        – QNAP apps are unusable gimmicks
        – The entire QNAP platform is not usable for internet access.
        (previous hack was trough their cloud accounts, so nothing related to local user setup could help)

        It’s ridiculous to blame user, routers, protocols (like UPnP) etc. as NONE of the hacks were because of them.
        ALL of the hacks were due POOR security (like hardcoded passwords in the source) in QNAP own software and platform.

      56. Perhaps QNAP is not for those of us who are not computer experts. Some of my files have been corrupted by DEADBOLT and I now have to recover them from lots of backup discs which will be a day’s work. Suggestion about uPnP Auto config tools, disable SSH and Telnet services appear daunting to those of us not well versed in computer jargon. I would certainly “radomize port numbers” if only I knew how. I have tried to follow the advice given by QNAP and on this video but must confess, that for me, it is not easy to find the controls that will disable these things.

      57. When he says “any NAS should not be ”directly” connected to the internet” does that mean it is not behind a router? Also, I don’t need SSL if I only connect to my NAS while I’m at home, connected to the NAS with my own wifi, right? I have telnet, ssh, etc., all disabled.

      58. i have both qnap and synology 2 units each. They crash and i mainly purchased to store data. Many headaches, moving forward it is cheaper to just buy a wd 20tb drive for $400ish. The unit with good drives is 1k+ . having a difficult time seeing the value. An old server is also cheaper.

      59. My understanding is that even if you follow all the security guidelines and update everything daily you would have fell into the attack prior to Sept 3rd. Assuming you are using Photostation through the internet.

      60. I think this video, fails to address the elephant in the room – Everything on the QNAP runs under a single SU account… meaning, all apps, have access to all data. A fundamental security feature on Linux (and modern OSs) is the running of processes under separate account, which allows us to restrict what data they can access – meaning, if an app does have a vulnerability, the impact of an attack is minimised… but because QNAP do not use this, the fallout is basically nuclear!

        Synology know this, and have implemented this application segregation.. and the ridiculous thing is, QNAP also know this, they spoke about implementing it 4 years ago, they also spoke about moving to containers to provide application isolation… neither of these have seen the light of day.

      61. Starting to think qnap is skimping out and not paying top dollar in their security department. Maybe increase ur expenses in the security department and this type of crap will happen less frequently or non at all

      62. My Asustor was hit the first time around here in Australia. Before this time I HAD locked down my 6510T by IP address, was assisted by an Asustor tech to do so, ezconnect & unused services were not activated. After some investigation an Asustor tech admitted one of the attack vectors discovered was through their own automatic update system! You CANT protect against that!

      63. Snapshots should give us the ability to rollback in time and retrieve our data before it was encrypted by ransomware. Is taking snapshots regularly a reliable safety-net against ransomware. If a hacker has root access to the nas couldn’t he just delete all snapshots before and after encrypting all data?

      64. I’m not convinced this latest wave was using photostation. I don’t have this installed and managed to get caught by 0xxx virus but based on this exact situation.i used it for media storage and I did have 443 exposed to web so I can access remotely via qfile app. Upnp disable on both qnap / router.
        I only had 1 account and actually had my usb still plugged in with all my backup data. I left it transferring and forgot to unplug it and still the attackers didn’t or couldn’t encrypt it. Based on this I feel thqis may have been dnla/media server related as multimedia is the only folder the media servers are restricted to.

      65. I feel so desperate for QNAP for their products which are frequently subject to ransomware attacks with no solution. I think it’s the right time to shift to other brand NAS for better protection of NAS data..

      66. It would be perfect if they had an option of ‘file storage only’ . I could sell 25 a year if that was an actual option. Locking everything down is nearly impossible

      67. 27:00 most of that is default and requires user to enable insecure setup (like you said have a backup like another nas that isn’t a qnap or bunch of USB external hdds ideally 2 separate )

      68. Question:
        Is there a way to completely remove QTS from the QNAP server and install something else such as TrueNAS on the metal even if that means having to install a new DOM or is the BIOS so propitiatory it can’t be done without a board swap? Yes it would no longer be QNAP but I feel it would be much more secure and I could at least keep the servers updated without having to buy all new hardware.

        The QNAP systems should be forbidden from access to and from the cloud, remote access of any kind or via the internet in any way such as api’s, by out of the box default. The administrator should have to manually configure any setups after acknowledging warnings and security should be enforced period.

        I try to keep all my equipment up to date on firmware (including routers, switches, etc.) but QNAP makes even this hard by deciding to not support older enterprise (their term for rack mount) systems and I really don’t believe their reasoning on this either. I have a rack mount sever 4.36.2050 (5-26-2022) which they rarely update firmware on; only doing so as an after thought. The other is newer and still gets the newest updates. I have removed most of the remote access apps from both servers and have done QNAPS suggested disabling of stuff, changing settings etc.. I do have a few cloud apps still in use, but am thinking of moving away from those too to an external program I use.

      69. I remember the same attack done at Synology, ransomware attack demanding 1.2 bitcoin, unfortunately I paid them and they gave the key and I unlocked all of my 10 years worth of files .
        since then I unplugged my NAS from internet and don’t use its feature.
        what synology did? they sent me $30 headphone… imagine that, I paid 1.2 bitcoin for cheap headphone.
        I was considering Qnap until I find this video

      70. QNAP are damned if they do and damned if they don’t on warning, big scary warnings upset alot of people, some from the “Mah Freedom” view where they just want to do what they like and dont want to be told otherwise by some sort of nanny, and others from the “Thats scary im going to return it/call support and complain” QNAP are behind on the security aspect but they are moving alot faster now than they were, alot of systems are now asking users to configure updates automatically now, Unifi as an example do it on setup, it should be on by default and if you want to manage it then you can turn it off

      71. I’m about to outmode my three redundant Drobo NASs (none have ever given me an issue, but it’s time to move on). I have QNAPs in my shopping cart because I’m moving to a fast network.  

        All I want is a simple NAS. How secure am I if I disable everything but basic functions?

      72. My PhotoStation was not exposed to the internet but I still got hit by this wave. AND I had just updated my firmware a couple days before the attack. I do not think PhotoStation was at an older version at the time of the attack either (I cannot remember and be 100% sure, but I do not recall updating PhotoStation recently, and there is no pending update in AppCenter).
        Could it be Transmission from QNAP Club app source? The only ports open are Transmission and OpenVPN server.
        I did briefly open management web over 443 and forgot to turn it off. But that is not PhotoStation and at the time the firmware had already been updated to the latest version.
        Also the malware remover tool cannot find any malware. The anti-virus scan could not find anything related to DeadBolt.

      73. QNAP user here who has not been attacked by Deadbolt or any other ransomware as of yet. My devices are not accessible from the internet, and I have no QNAP cloud features turned on. And UPnP is always disabled everywhere.

        Just in case, however, I do have all my data backed up.

      74. I just got hit by this ransomware few days ago. Without knowing what happened, I updated the firmware and ran Malware remover and they removed my ransom note. I have thousands of photos and videos got encrypted and i’m doomed now.

      75. It’s all good sitting in the ivory tower surround by free NASs however if someone spends 2k plus on a NAS e.g. 8 12 16 Bay you not going to have USB hdd to backup to as your invested in a beast system which one would hope has security features to block or apps to under scans etc. Qnap need to work better with the Linux distributior or change the flavour or OS they use.

      76. Make sure PnP is turned off on your router. You don’t want something being made public without your knowledge. If you make it public at least you know you did it. If PnP did it, you might be unaware.

        I agree about forced updates. At the very least set a reboot window time. 3am in the morning. I know that won’t work for everyone, but it should work for the majority.

      77. What about the snapshot functionality that Synology has? Other than a HW failure would you consider it as an extra point of defence in case of data alteration?

      78. Does the upgrade to the photo application in question actually require a reboot? If it does, that sounds like it’s completely unnecessary.

        I’d add that the recommendation to create a low-privilege account to host individual apps sounds sounds like it ought to be a QNAP recommendation—if it’s their app, shouldn’t their installers do that by default?

      79. I got hit today as I only found out when my plex server didn’t show my library 🙁
        now all my files are encrypted by .deadbolt I contacted qnap support and got nothing.
        any way to decrypt my files or some one or firm that can help?

      80. My QNAP is in the trash. They suck. I get constant email advertising new products, but not one email about ransomware that infected QNAP. Had they warned me, maybe I could have updated my QNAP before it was infected. Be careful how you back up your data. My QNAP was set up to automatically backup to a second QNAP NAS. The infected files overwrote the good files on the backup NAS. My third backup was Dropbox. Those files were over written too. Thankfully Dropbox has the ability to go back in time and all of my data on Dropbox was recovered. The bulk of my data on the NAS are movies in the MKV format, thankfully those were not infected.

        Any NAS or computer can be infected, but QNAP in particular suck as a company because of ow poorly they handled it. It as if they tried to hide it. DO NOT BUY QNAP.

      81. I was hit… thank goodness that I found it early and I have offsite backup. Nothing permanently lost, but it took a WEEK of personal effort to recover it back to normal (re-downloading lost data + removing the ransom note/malware, which QNAP’s updates do not yet handle, outside of halting the file locking itself). Others will surely have a worse time.

        Good moment to update my backup strategy (offsite backup was great, but slow… I need local backup… now I get that whole 3-2-1 backup thing ????). And yeah, lock it the F down from outside access! I’m surprised this isn’t the default state of the Nas out of the box, given what I know now… Live and learn.

      82. The defaults need to be biased towards security instead of ease of access. If qnap wants these security issues to be the users fault they should force the users to explicitly misconfigure their systems. Rather than misconfiguring the system on the users behalf and then blaming the user for the fallout.

      83. Qnap is AIDS. I’ve never known an operating system on any other platform to be as weak, or vulnerable as QNAPs operating system. If you’re interested in protecting your files buy a Synology or use some open source software. I’m sick of getting vulnerability notifications online about QNAPs, it makes me sick to my stomach.

      84. I would also advise upping TLS to the highest version on your NAS or homebuilt, I don’t agree with buying VPN, setup your own all vendors have OpenVPN (QVPN for QNAP) that way you don’t rely on a third-party company

      85. As a long QNAP user, I remember when I was on a holiday and saw first Russian IP trying to breach the NAS, as a former IT guy I was watching all logs almost on a daily basis… In 10min I turned off NAS from the Internet and moved everything to local VPN gate closing all ports which were exposed to the internet… Not even 1 problem anymore. If somebody needs an access from the Internet I turn on ports for the time of the access, and immediately turn them off once this person got what he wanted. I still can’t believe in current environment people risk exposing NAS to full internet access… Regular QNAP patching to recommended software versions and regular router (Mikrotik) patching.

      86. The breaking wheel or crucifixion should be re- introduced specifically for these people. They lay the blame on Qnap but they are the ones exploiting the loop hole, crushing users, many of whom have not recovered from the immense financial losses of Covid shutdowns and job losses.

      87. I think most folks need to educate themselves a bit more, bit it’s not all on the user.

        Also, using a VPN as the only way into your network is really the way to go IMO

      88. Unfortunately I must admit that I have not deactivated the default admin and don‘t have 2-step verification active. I once tried 2-step and it somehow stopped working after a few days and I was locked out. That‘s the reason why I fear disabling the default admin. Based on QNAPs software quality I fear losing access to my data due to messed up access rights. What is your advise. Start over again from scratch?

      89. After getting hit with qlocker I haven’t had my nas connected online since. Recently connected it again just this week and I hear about this deadbolt stuff. Thankfully i sind be fine because I connected after all these new updates.

        I have backups of my data om external drives. Heck my nas is no longer a backup means really I just want it to be able to access my data remotely as my own personal cloud storage with terabytes of data.

        But now I’m worried I can’t do this without possible future hacks.

      90. I can confirm that this deadbolt attack occurred at 9pm on Saturday night Australia EST, I was at work. I agree with you but there are issues with their firmware updates….my NAS was telling me there were no firmware updates when there actually was in August. You are correct there are several simple solutions but the ultimate protection is the 321 backup. I also found that it’s probably a good idea to reinitialise your NAS after a deadbolt attack and restore from a backup…..this is because there are issues with to Qnap operating software.

      91. How about a good video class (Long and lots of detail) on Secure https connections ssl Certs and the like?

        I know Qnap installed a default secure certificate but that’s all I know. I did not do anything to set it up. 100% Lost on that stuff.

      92. Dang Bro. Gotta check that authoritarian coming out. When someone says “you shouldn’t be allowed to” regarding a product you own it’s over the line. Do you really want to live in a world of “we’ll assume you’re to stupid to know what’s best for you so we’ll give you no choice”? Did you learn nothing from the lockdown scamdemic? People have to take responsibility.

      93. What I don’t get is how someone can be knowledgeable enough to research and buy a NAS but dumb enough to leave it exposed. Even a turnkey solution like most Synology’s and QNAP NAS’s can be, require some knowledge on how computers work. Before I am attacked, almost all novice computer users think backing up is using a simple external HD solution, so if you are using a NAS you have more knowledge than the majority.

      94. I got hit with DEADBOLT on Saturday night. I was patched up to the most recent patch and thought that my QNAP was not able to be seen from the outside world. I had my data on another USB hard drive as backup and a number of snapshots on the QNAP.
        I reverted to the most recent snapshot on a volume level, as thought that this was the best way to recover and was able to get back in and files were back. Changed my password and reinstated 2 factor authentication.
        The 2 factor came in clutch as on Monday afternoon my phone pinged and it was the 2 factor pinging with an authentication code, which they weren’t getting.
        Do you have a video of how to setup a QNAP NAS so it is total on your home network…????

      95. It’s a pity. There are some really robust older QNAP NAS models (Rack mountable too) that have better specs then many of the newer retail models going for a song on eBay,……but aren’t upgradable to the latest QTS version. Practically criminal it is, real shame that. What with QNAP venerabilities as they are, you might as well pay the ransomware attackers in advance,….

      96. I’ve been git by the last attack so I’ve followed your advice and isolated my Qnap from the internet as best as I could, I’m backing up my data as up for now, haven’t checked but I’m pretty sure I’m good to go. Your the best man

      97. The solution could be to split up updates in different areas (“Security”, “Perfomance” and “Apps”, for example) or based on their importance (“Critial”, “Moderate” and “Optional”). And force the user to download the most important ones (following the examples, “Security” and “Critical”). And allow the user to choose the time he/she wants the NAS to reboot to apply the updates (“As soon as downloaded”, “At 1AM”, etc). I have a NAS for personal use and I would apply all of them and reboot as soon as possible. Besides, I think it would be a great idea if QNAP opens a Beta Program so people like me with a personal NAS can join it and get beta versions. Regards!

      98. Society, citizens, and their governments and resources need to start taking these crimes more seriously. The message should be sent that if you develop these life ruining, economy ruining, malicious bits of code, then the people of the world will find you, hunt you down, and publicly execute your sorry ass. I don’t care if it’s a two year old coder, when a person is evil, they are truly evil, and need to be snuffed out. I’d personally contribute to a vigilante group do get rid of these sick people. The worst part is I was just reading how a hospital got infected and someone died. Think about it, everything is going to be computerized and require firmware updates and coding.

      99. I have been hit on the 3d of September .. F***g QNAP not checking these holes! now I have some stuff that was not backed up.

        BTW I followed almost all the recommendations and have automatic updates.. this is how the deadbolt was stopped before all the NAS was ecripted, but not fast enough.

      100. I generally like QNAP’s products — but as a NAS user, I would not expose my equipment to external access for any reason and for any purpose. It may be an occasional hassle but, IMO, it’s a big hassle to discover that your NAS has been taken over by a hacker. The other thing is that I am a former IT guy who has experienced a few situations where entire workplaces were shut down due to virus attacks. And I learned early on the hard way that the “that can’t happen to me because I’m not a big corporation” factor is a big fallacy. Because it can and it did happen to me. Which brings me to this — QNAP as well as all NAS manufacturers should do everything they can to ensure that end users understand the importance of securing their equipment. As well, there should be proper measures to ensure proper security measures are set up on a NAS — like preventing use of a default admin account by forcing users to create a admin account which will have a less likelihood of being attacked.

      101. This has been said before on similar videos, but it is not good security practice to connect any device to an open internet connection. If the device or applications running on the device have vulnerabilities, or poor coding, then an external threat actor could exploit and compromise the device. My suggestion would be to enable the device firewall. Do regular patching, inc routers/modems/NAS, Disable UPNP, which can cause issues with online games services, but can help.

      102. Fingers crossed that I did my backup properly…I just got hit. What a pain in the a$$!!!! And yes…firmware updated…just forgot my new router had upnp enabled.

      103. Some really good points were made here. However, while the default Admin account should obviously be disabled the neophytes among us won’t necessarily know this. So it’s a fair point to suggest that it’s on QNAP for not forcing the user to change it at initial setup. They may do this now with the latest version of QTS / QuTS Hero but they didn’t always and as such they share some of the responsibility.

      104. There is some merit in saying “NAS should remain storage appliance, not as webserver / media server”, but since virtually all NAS vendors market their products as such, I think it should be reasonable to expect they are hardened as such. System vendors should really restore the old way of calling software bug a bug and FIX it, not some ‘vulnerability’ that sounds like job for security experts to discover.

        I got hit myself in this wave, still I must respectfully disagree that “using well known port is dangerous”. This is blaming victim at best and misleading at worst. Everyone connect to youtube on port 443, and no one should underestimate the scale of challenge this site is facing every second. To continue the analogy, it won’t offer extra you security by moving the front door to face the back street, or give it a camouflage paint. What matters is a quality door and lock, as well as to close & lock it properly in daily routine.

        Well I get the argument that thieves pick easy target to begin with, yet lowering the chance of being attacked does not replace the need to get prepare for up coming attacks.

        Technically the question is how is QNAP handle traffic to port 443, or 80 or 8080 etc. Is it using the battle tested httpd to listen, to authenticate, and to reverse proxy request to actual apps? Why does it need a separate firewall app that is not turn on by default? I was surprised to see different QTS apps happens to be separate FCGI threads spawning off cgi-bin/ directly, and handle authentication individually. These imply each app running, and each app update, introduce new risk.

        Bottom line: I pay a premium for NAS appliance in exchange of peace of mind. This is a major let down.

      105. Can you do a video of your thoughts on TrueNAS and it’s place in this torrent of ransomware attacks? (see what I did with the word ‘torrent’ there 😉
        Also, could you share your thoughts of replacing OS in a QNAP box to TrueNAS?

      106. I´ve got a TS-653D not running any QNap apps whatsoever. External access possible but no standard usernames or passwords, no standard ports, 2FA, SSL cert etc pp.

      107. I have secured my QNAP and it has been safe until Saturday when I got hit by Deadbolt, but my most recent snapshot come to the rescue……the thing is that my QNAP was secured as far as I was aware…..????????????????????????????

      108. I am IT consultant for 20 years and i loved to had the opportunity to watch this video. To me the thing that QnAP does not have any guilt in their product its at least a bit biased. I know people want to sell NAS and make a good chunk of commissions, its how things works i got that.

        But lets face it with a great example, if you have a Tesla, are driving and the car crushes because the system does not allow you to stop, then even if there is a bug there, the brand is responsible, not the end-user for sure.

        When we translate the NAS issues, well sure , the end-user needs to have a specific skill set to be able to know how to work with the technologies, but the brand does not say its it can be challenging for some people, who does not understands, a,b,c… etc…. Instead they tell you that you can have everything setup by clicking a simple button, and the more features it has the more people will activate.

        I never saw a disclaimer from QNAP or any other NAS brands about what can happen if the users does not have that skillset, and even worst, they market it as a product that is top notch in technology, like having access to the nas content from everywhere. That´s where they have responsibility, i am quite sure some lawsuits will occur sooner then later.

        Because they have the responsibility to explain clearly what a basic user should do and should not do…
        They also should explain that someone before buying a NAS should have at least a 3-2-1 backup solution , because the NAS is not the backup solution.

        I know that for many people, the NAS itself its quite expensive to buy and so many users cant afford to buy external drives for Local backups and also a cloud backup system, that is the bare minimum for whom thinks about having a NAS as home or in a SOHO

        And here again i never seen QNAP explaining in a very clear way in their sale pages about their NAS products, when i am talking about QNAP, its not only QNAP , other brands do the same, but are they responsible brands by doing so? in my honest opinion nope.

        Probably many small business went out business, some because ethically they don’t want to pay to criminals and others because they cant afford to pay due to the crisis that have impacted so many people worldwide.

        Here i believe that QNAP should paid the ransom to solve this issue for their customers, are they obliged to? of course not, but in the other hand they would not have their image burned out and their online reputation is not good to say the least.

        I have a QNAP nas devices and i am quite sure that i will never ever buy another from this brand again.

      109. I think every brand should add a choice at setup that asks, what is your data classification: very private, private, public. And what is your update tier: beta, innovative, stable and secure. From that the system can make the appropriate choices.

      110. Worker with a reliable hacker is what I think is all over the world and I recommend a hacker parfait who works with good heart and sincerity Dee_hack11 is in Seoul☝️☝️☝️.

      111. *I was hit, so unplugged, shutdown, external USB backs fine. Plex user, was watching at the time no issues, went to update saver denied, then found the splash screen, no on reboot, water gapped on an independent switch no WiFi etc, it instantly goes to initialization. So save to assume the service themselves have been affected. Did safe shutdown. After some time I turn on everything then I found out I’ve been truly hit by deadbolt. I did as many research as I could and I found out that scott can actually decrypt the encrypted files So I paid some money not upto what deadbolt team are asking, then he decrypted my files*

      112. I wouldn’t touch QNap with a barge pole until they drastically change their approaches to the user base, contempt for the user base isn’t a great strategy.

      113. I think forced updates should be a requirement for utilizing certain features. So, if I enable remote access through a firewall of any sort, forced updates should be enabled. IT enabled organizations wouldn’t be making use if these features anyway and in can absorb the risk of automatic/manual updating.

      114. I think they get attacked because they move into Face/Facial/Eye/Mask screening. People don’t like that. This is a threat to privacy. I think that is the root cause of it. I don’t know if Synology is in the same as such.

      115. I’m sorry I purchased a NAS as a means to have a BACKUP of what is/was on my laptop or pc. And it’s even sold as a backup. It started with ‘consumers’ being told to connect an external hard drive to backup their data. They would even supply at times backup software. So you backed up to this external drive. Then they started to sell NAS which was a way to still Backup and be able to access those backed up files from any connected computer.
        So I disagree that you cannot thing of the NAS as a Backup.
        Evidence: Why do they supply NetBak. Which can backup or copy your PC to the NAS.
        So if you say the NAS is not a Backup tell these companies to stop supplying backup software that works to copy to these systems.

        When I was told I needed a Backup I bit the bullet and purchased a second NAS which is used only to receive a Backup Data from the Main NAS! Its stupid but I understand it.

        Especially since this last issue I had to erase my partitions to fix my issue. Great!

      116. Wow I liked how you pointed out tech support being abrupt.
        I reported a problem months and months ago and it was just impossible to arrange for remote support.
        Then there was an update which fixed the problem we were trying to work on. So I basically wasted tons of time trying to recreate the problem and pin pointing the actual issue.
        So why was I spinning my wheels for months when they knew about the issue.
        Just tell me and ask me to be patient while they fix the bug. Why make me waste my important time for this sh*t.

        I also had a problem of the NAS running so slow I could not even log in via the web. Thankfully I have a unit that has a hdmi port and was able access it via direct. But still could not use the system.
        That was months and months. I was planning on dumping the whole thing. But it meant dumping two QNAP units. The cheaper of the two worked perfectly. I was angry.
        Then I read something in a forum and decided to try it. I had to stop running Q’Center. Once I turned it off and removed it my system ran normally.
        The same thing happens when you run McAfee. Of all things to slow down your unit so its unusable what is the purpose of having anti-virus. And whomever says its not needed needs their hand examined. You do!
        The built-in anti-virus finds things that McAfee does not? And yes they could be false flags but it works.

      117. Not an IT expert but I bought an entry level Qnap NAS, which is now not connected to the internet and I’ve manually updated. What I’d really like to see is a guide to setting the NAS up safely so that the NAS is available to the home users, but protected from the internet outside. Backing up to two USB drives BTW!

      118. Great discussion, can an OpenVPN / windows vpn on QNAP do it? and not juse myQNAPcloud? can it not be a good option? between one’s server and user outside of one’s network.

      119. QNAP has significant blame in this latest attack. First, it was their operating system that was hacked (no one had to download a corrupt file). Second, they have all their users emails and all they needed to do is send out notifications to us users alerting us to all the attacks this past year not to mention warning us all to “unplug” immediately when this last attack started. Instead, they remain silent by email even to this day. The only reason I figured out I was hacked is after a month of not logging onto my NAS I found all my files encrypted when I went to grab some photos for my wife. I had to figure out for myself (with the help of bleepingcomputer forum) what was going on, how to get the ransom message back because they had quarantined it. No I didnt have a backup and I guess that is my fault for not understanding the hardware and risks better but I bought the NAS because it was supposed to “simple, safe and secure”. I only use my NAS on my LAN and I’ve never downloaded outside files to it but am not savvy enough to not have it connected to the internet thru my router. If Im lucky enough to get my data back after taking out a loan on my credit card and figuring out this whole Bitcoin thing this weekend, Im done with QNAP and their crappy equipment, buggy software and business approach. QNAP’s silence, irresponsibility and incompetence in dealing with these attacks this past year is the real story here that you all should be talking about as well.

      120. What is the most concerning for me as a customer, not that hackers exists, they always did. But that Qnap has backdoor account to my own NAS…… they can remotely access to HBS, force update or whatever….. the clear answer to me to your question is : QNAP is not safe at all, period !

      121. I don’t understand why so many “intelligent” people finger-point the victims. Do those guys blame their kids who’s got bullied in school? What a pathetic! NOBODY, NOBODY opened the port to the internet! QNAP got the port opened OUT OF THE BOX! I’m not using mycloud, I didn’t open any port. I didn’t enable auto-update because last year I ever lost files after migrating to the latest build!

        This is not the first time they messed up everything. As always, QNAP is trying to escape from their own responsibilities. They pretends nothing happened. Custom service is non-existent. Users forum is full of everything but anything helps fix the issue.

        Stay away from QNAP like a plague!

      122. I use my QNAP for Plex, and I share my Plex with two other friends. This is my second ransomware attack (thank goodness I had backups), so should I stop sharing? Can I make my QNAP secure and still share?

      123. Thank you for making this enlightening video! I have now checked and switched off UPnP at my router. I was also watching your Plex setup video where you talk about setting remote access for Plex on a Synology NAS (with DSM 7) . How risky is setting up remote access for Plex to access my media remotely and are there ways to mitigate the risk?

      124. I have found QNAP TVS-951X about 350£ (450$) used with 30 days free return + 6TB WD RED drives + 32GB RAM, should I buy it ?? it does look in a fair condition I want to use it for 4k streaming + 1080 and some backup + two or three members of my family watching 1080 content with me also to back up my stuff on it, should I buy it ??
        thank you

      125. Robbie and Eddie, Thank you for this in depth discussion, and guidance. I’m new to this, bought my nas at the end of November, and have been following a steep learning curve since then. I especially liked the advise to NOT TOUCH your network or nas settings if you do not understand the actions and results. I have to remind myself of that each time I mess with the settings, and have to reconstitute my nas.

      126. I bought a single, large (16TB) HDD in recent weeks, plugged that into a free bay in my NAS, created a new storage pool & volume, and copied all my existing NAS Data onto it, and when complete, I pulled that Harddrive out. This is my ‘emergency’ back up, should the worst happen.

      127. I don’t have remote access to either my QNAP or my Synology directly or through their respective relay systems. Instead, I use OneDrive (OD) as a relay point. My NAS is setup to sync with my OD account. When I’m on the road, my laptop syncs files with OD. So, when I edit a file on my laptop, it then syncs to OD which in turn syncs to my NAS. This won’t work for everyone but it can be a very effective way to effectively gain access to your NAS while working remotely. I don’t do this with the entire NAS, just the folders / files that I may need remotely.

      128. We are preparing a new video about how to secure your NAS and your local network.
        You can send your external IP address to us via contact form and we will run free vulnerability tests for you.
        This will allow you to identify your network vulnerabilities and open ports etc.

      129. Thanks again, last year after qlocker Eddie was adamant that myQnapCloud was safe and I believe the issue was upnp allowing access a hard coded back door.
        Do you both still feel myQnapCloud is safe ?

      130. Really enjoyed this especially since they got me too. Thank you. Small piece of feedback – it’d be great if you gave Edward a bit more of a chance to speak at times. There are sections where it seems he’s just on the receiving end of a long lecture, as opposed to part of the conversation.

      131. im using a tricky way to remotely access my NAS files, by hiding them behind a nextcloud single user on a Pi thats not visible. not infallible, but takes breaking that, just to see files, not alter them or upgrade. if i have to upload, i have to remote into a computer and use other methods. rarely do i need to access files , but it can be done if i have to.

      132. TL:DW; version – its a security/ease of use trade-off. If you lock things down users find it too hard to use the features the vendor offers and berates them for it. If you open things up you give users the chance to shoot themselves in the foot, and some will.

        Case in point being IoT “plug and play” devices. I was struggling to identify a device on my network today and discovered it had a password-protected web server – I guessed the password on the third attempt. You’d have thought vendors would have learned by now but clearly not.

        Another interesting point given the mention of TrueNAS – Unraid ships with all security turned off by default. I think they’ve now realised they erred in doing that, but don’t seem to be in any hurry to fix it. I’ll be keeping any NAS behind a VPN. Wish I could do the same thing with Plex but it seems to need an opening to work properly, so I’ll have to isolate it on a VLAN.

      133. One of the mistakes that QNAP made on this was that they actually identified and problem and issued a fix before the attack. But they didn’t make the update mandatory (they can override the user desire on when to take an upgrade). Users that had manually done the upgrade like myself or ones that didn’t have their NAS exposed to the Internet were fine. But other users were hijacked.

      134. I did enjoy the video. I got a month ago a TVS-H1288X. We wouldn’t be talking about this if everyone had updated their NAS. QNAP needs to have a shout mode that you can’t miss if the patch fixes a vulnerability. The lack of organized information as not only to what to do but why? Example Port 443. It is recommended to change it but what range and why change it. I assume port scanners don’t deviate from assigned ports and look for low honing fruit. So by changing to 478 it is put out of the scanner range? If we do a router port forwarding to use QBelt on the NAS is that a direct open door to get into the NAS? I am guessing no otherwise why do assigned ports exist. At moment because of questions I have port forwarding off therefore I can’t use QBelt VPN which we are told it safe. My point is there needs to be a source that explains all of this that we can read. I am an engineer and programmer. First thing I did was set up QBelt to my android phone. UPnP was off from beginning. I have turned off myQnapCloud as I am unsure of where it stands safety wise. Has it been broken before? I even bought a certificate from Qnap and installed it. I think you should step in detail on each part of these security setting. What to change? Why you do it. And where to get more if on it. Love your videos

      135. Data (physical or electronic) is arguably the most important thing you own the protection of it it more important than money.

        If I loose a $50 note it can be replaced with any other $50 note the thing that makes it unique, the little string of numbers in the corner or any stains or creases are not what gives this value to you.

        Conversely if you loose 50mb of data it can’t be replaced with any old 50mb of data as it’s uniqueness IS where the value was held. It is by definition irreplaceable/ priceless.

        When average joe numpty buys an external HDD, NAS OR starts doing some form of online cloud storage or backup they have stumbled into the realisation that data holds value.
        Often it’s a result of learning the hard way and loosing something.

        NAS brands really should be held to account for some things but like you say not all.
        From a consumer protection point of view, is it fit for purpose? Does it do everything it was advertised to do? Was it free of defects?

        I buy a NAS, follow their instructions for setup while using the drives they recommend.
        My expectations are:
        – My data will be stored there without risk
        – My data will be available using ALL advertised methods without putting it at risk
        – I will be prevented from accidentally impacting the above two things.

        During the setup process there should be a “most users” option that walks you through a VERY simple wizard (most users are not as smart as they think they are… see Dunning-Kruger effect).
        Lock out or at least require a certain level of knowledge to unlock the most advanced features. Maybe a big warning when you select advanced option a big simple warning saying “by clicking this we no longer warrant the safety and security of your data” The stuff a car owner should touch is yellow under the bonnet of most cars now. Oil, wiper fluid, etc…

        Also as joe numpty does not understand the difference between redundancy, backup etc etc. prompting them to locally encrypt and purchase a offsite data storage plan, backup to another offsite NAS or set up automatic email reminders for periodic backups.

        Updates should always come with a have 3 options:
        1. Update instantly on release. Early adopters on the bleeding edge (called that for a reason) “the is an update available and will be installed in x hours unless you hit cancel”
        2. Delayed update (default most users). There is a new update available it’s currently being installed on some systems. This update will be automatically installed on this hardware after 30 consecutive days of bug free operation globally”. In this mode critical exploit patches are able to be forced if it impacts the last auto update.
        3. Auto update off. Notifications on.

        I think it’s absolutely NUTS that people give any nas company any form of slack for not treating your data at least as valuable as a bank treats your money. DONT share your pin, unusual behaviour lockdowns of accounts, etc.

        Hard to type all this crap on a mobile phone.

      136. Absolutely, I bought it for the hardware. Not always as inexpensive as I’d like — TS-873A vs 873-AU come to mind.
        Is QNAP safe? Well, when it’s a NAS not an iNAS … mostly. I mean, there’s an IOT vector, but this is an IOT issue — does QNAP need to make its NAS safe against a determined in-network hacker? The IOT threat is just a whole nother topic….
        The problem is that they market their internet-connectivity, and they need to stop doing that until they get their house in order, because they don’t have their house in order. Their responsiveness to CVEs has been lackluster at best, bordering on dangerously irresponsible. Security concerns are not as front-and-center as they should be. And magic, hard-coded backdoors in software is so gigantically awful — that stuff never should have been checked in to anything that ships to a customer. Astonishingly terrible.

      137. Great discussion. I like how you alluded to the “everyday man.” The reason I gravitated from Synology to QNAP was #1) Hardware comparison but most importantly #2) Capability to do more thanks to the software’s ability to have a lot less guardrails allowing me to do more.

        I am by no means an IT expert, but I want the most hardware for my money and the software capabilities to do it. I also learned early on YOU HAVE to absolutely!!! know what you are getting yourself into before opening up your network with any NAS.

      138. There is only one important rule. Never expose your NAS to the internet…until you know exactly what you are doing! Anyway, and always remember, a NAS is NO backup (RAID is not enough backup, either)!

      139. Probably time for everyone to realize that these boxes are not good enough for external access. I have 3 qnap boxes and would never expose them to the outside. You want to go outside, go with the big boys like Azure. Qnap is not up for the job. It is fine for your LAN and leave it there.

      140. As regarding the backup, one of the reason’s I am looking at buying a NAS is to allow me to put one in my home and one in my parents home, and allow us to both sync our data to have an off site backup.
        But this means both need to be exposed on the internet to allow the sync. In this case it I think it makes sense to have both of these to be using the same platform as this includes software to sync.
        However if I chose QNAP it is the process of wanting to get the backup capabilities that is exposing me to the data risk.

        I am a software developer, (i.e. the worst person in this case since I know enough to be dangerous), but am no ‘Locksmith’, so would really welcome better hand holding and explanation of what the various features are actually doing behing the scenes and what the risks are.

      141. QNAP need to open and honest about what vulnerabilities in what software exist on all of their models. If you fix the vulnerabilities sooner via auto-update (and not all vulnerabilities need reboots) then they wouldn’t be in this situation.