On Tue, 22 Sep 2009 11:29:20 PDT, Steven Anders said: > I have always thought that having a computer behind the router (since router > has firewall) is generally safe, but I would love to hear insights or > thoughts. In general, that's true. Most of the current popular infection vectors are connected with web browsers or e-mail. It's pretty hard to whack a Windows box that's just sitting there behind a firewall. But all bets are off once you start surfing websites... And remember - although Firefox has a somewhat better security history than IE, *NO SOFTWARE IS BUG FREE*. > 2. If a Windows box is behind a router, could a botnet be installed to it ? > Assuming, the end user does not install/download any applications from the > Internet and always use Firefox. Yes, if the user uses Firefox to hit a site that has malware that will use a Firefox bug (see above), you can get a botnet on it. Most firewalls/routers are configured to automatically pass all outbound traffic, so the botnet software can easily phone home to get further instructions/updates.
Attachment:
pgpjsgKyJWodx.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/