Routers and threat prevention

[Bill Ridgeway]

It is said that a router is safer than an ordinary modem against spyware,
viruses and the like. Is there any truth in this and, if so why please?

Regards.

Bill Ridgeway

 

[Jim Macklin]

A modem is just an open door, so to speak. A hacker or
malware program has direct access to your computer. A
router will present a different MAC address [not a Mac, but
a hardware ID number] to the hacker than the computers real
MAC address.
To be safe on-line, having a router or hardware firewall and
running a software firewall on the computer(s) on your LAN
is a good idea. Also running malware and virus software is
a good idea. There are also "hardware" solutions that are
really firmware in a box.


| It is said that a router is safer than an ordinary modem
against spyware,
| viruses and the like. Is there any truth in this and, if
so why please?
|
| Regards.
|
| Bill Ridgeway
|
|

 

[Jonny]

A router is not a modem. Don't understand the question.

http://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci212924,00.html

http://www.webopedia.com/TERM/M/modem.html

 

[DanS]

It is said that a router is safer than an ordinary modem against
spyware, viruses and the like. Is there any truth in this and, if so
why please?

Regards.

Bill Ridgeway

There is some truth to that, and it has to do with NAT (Network Address
Translation) provided by the rtr. NAT is what allows you to share an
internet connection.

A rtr really doesn't have any effect on spyware, or viruses, but does
prevent outside connection attempts to PC's behind the router. In order
to reach a PC behind the rtr, a port has to be mapped to a specific PC.

A typical virus/trojan would come thru e-mail, which will make it thru
the rtr when you check mail. Spyware and adware will make it thru as
well, since you are using a browser, and the traffic is passed.

To date, the only virus/trojan/worm that a rtr would have stopped was the
Sasser worm, as that is the only one (AFAIK) that was not triggered by
executing something and infection was possible just by being connected to
the internet. This is because that worm used a port that is blocked by
default in a rtr.

 

[Leythos]

To date, the only virus/trojan/worm that a rtr would have stopped was the
Sasser worm, as that is the only one (AFAIK) that was not triggered by
executing something and infection was possible just by being connected to
the internet. This is because that worm used a port that is blocked by
default in a rtr.

Actually, worms and such spread by more than a single port, I've seen
the spread by SMTP exploit, by file/printer sharing ports, by MS SQL
Command ports, etc....

A router blocks connections from anything that you've not connected too,
so that means of your neighbor has a compromised machine it can't reach
yours unless you connect to theirs first.

Many firewalls in the lower end of the market $300-$900 can remove
content from HTTP and SMTP sessions that could provide a path for
malware to enter your system.

 

[DanS]

Actually, worms and such spread by more than a single port, I've seen
the spread by SMTP exploit, by file/printer sharing ports, by MS SQL
Command ports, etc....

Well, yes. My assumption was we are talking about a simple home NAT
device, which by default has no ports mapped to any specific internal IP
addresses. You would obviously need to open ports to be able to reach
internal devices, which would then be vulnerable to whatever exploits are
available for that specific device.

A router blocks connections from anything that you've not connected
too, so that means of your neighbor has a compromised machine it can't
reach yours unless you connect to theirs first.

Many firewalls in the lower end of the market $300-$900 can remove
content from HTTP and SMTP sessions that could provide a path for
malware to enter your system.

See above.

Regards,

DanS