Helping people with computers... one answer at a time.

Computer viruses spread in different ways. A firewall is very important but some computer viruses can spread on your local network if they make it across.

My house has multiple computers (usually a few are connected to the internet and running at a time) all connected to the internet through a Linksys ethernet router. Hypothetically, if two computers were connected to the internet, and one of them contracted a virus or two, would the virus be able to get to the other computers connected to the router more easily? Meaning, would the fact that the virus's entered one computer also mean they had gotten into the household network?

The short answer is "Possibly".

Your setup sounds very much like my own. Several computers, most are always on, and all sharing a connection to the internet.

There's good news and bad news here, and it all depends on the virus.

Should a virus make it across your router or firewall to any computer on your local network, then yes, in theory, it's now able to propagate to the other computers behind the router. Behind your router, all your computers were exposed to each other without a firewall. If one is infected, there's no firewall to prevent it from spreading within your LAN.

The good news is that most viruses that can move easily from machine to machine without human intervention are exactly those that routers are great at stopping in the first place. So the risk of exposure is actually pretty low. It has happened, and I've heard of corporations being brought to a stand-still because a virus managed to get across the corporate firewall. It's not common, but it does happen.

The real risk is from other viruses that more typically cross the router via other means - like email.

Obviously routers and firewalls allows email to cross. Thus if a user opens an infected attachment, for example, *poof* you're infected - firewall or no. The good news here is that email borne viruses typically also use email to propagate, so they probably won't infect other machines on your local network without help. By "help" I mean someone explicitly running the infected attachment on other machines on your network. More likely is that the infected machine will simply start to send email with infected attachments at a rapid rate.

"A firewall is only one part of your internet safety strategy."

Less clear are things like malicious activex controls and other web based virus attack vectors, instant messaging viruses and more. Depending on how they propagate, infection of a single machine on your local network could be limited to just that machine, or could spread to others.

And that really leads to an important point. While I've spoken in generalities, there are really no rules. For example while they commonly don't, an email borne virus could propagate directly to other machines via your network.

Thus, you still need take care.

A firewall is only one part of your internet safety strategy. All of your machines should still be running anti-spyware and anti-virus checks even though they're behind a firewall, and should be running Windows Automatic Update to make sure that the latest critical fixes are always in place. All of your users should take care to not open unknown attachments and only download from safe sources. This is exactly what I do. Even though I'm behind a firewall, and even though my wife and I are very good at not opening the wrong attachments, all of my machines run nightly virus and anti-spyware scans, and have Windows Update enabled.

There's a school of thought also that says software firewalls on each machine are still a good idea, even if you're behind a router, especially if you can't necessarily trust all of your computer users.

Article C2705 - June 27, 2006 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

2 Comments
Marc
February 27, 2007 1:55 AM

Is there a way to block a connection from a seperate PC (router connection), in case that particular PC should ever get infected by a virus, so my PC won't ever be infected?

utin
September 17, 2008 5:09 AM

yes. turn your pc off.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.