Helping people with computers... one answer at a time.
A router is an important tool in staying safe when connected to the internet. A router will stop certain types of viruses and malware ... but not all.
I have FIOS which includes an Action Tec router/switch combo device. The router's security is at factory defaults. Is it possible for a virus/spyware to jump across the switch? I just found exceptions that other programs put there without my knowledge. Skype, Google earth. I do not remember these programs asking me the make exceptions. I just turned all exceptions off. An IT guy thinks so, I always thought the answer was no.
The short answer is: Yes.
The longer answer is more involved, and involves the differences between a router and a switch, how a router protects you, software that's makes changes to your router without asking, and ultimately different kinds of viruses and malware and which a router can and cannot protect you against.
First, I think we should clear up some terminology.
A router is an intelligent device - meaning it's running some fairly sophisticated software. It looks at the data packets that are traversing across it and modifies the routing information within the packets to control how they are routed from point A to point B.
A switch is a not-so-intelligent device that also looks at the packets that traverse it, but doesn't modify anything. Instead it learns which IP addresses are on which of its physical connections. Its job is simply to make sure that packets that come in destined for a particular IP address are sent to the correct physical connection on which that IP address lives.
I suspect that you're using the term "switch" as synonymous with "router", since it's one box in your case. Technically that's incorrect, and when they're combined like that it's probably best just to refer to it as a router.
The real point, however, is that a switch provides no protection; it's the router that does that.
Or, more specifically, how a NAT router protects you.
NAT, or network address translation, is how a router lets you connect several different computers on your local network to a single internet connection that uses a single internet IP address.
Computers on your local LAN are assigned local IP addresses by the router - usually of the form 192.168.1.1 or similar. When your computer connects to an internet resource the router sees that outgoing packet and changes the local IP to the internet IP address assigned to your internet connection. When the response comes back the router does the reverse, routing the response back to the correct computer on your network.
Now, this only works for outbound connections - meaning a connection to an internet resource that one of the local computers initiates. If an unrequested attempt is made to connect to your internet IP address - the router has no idea what computer to send it to, so it's ignored.
That's the protection that a router provides: any attempts to connect from computers on the internet to your computer are blocked.
And there's a huge class of malware that tries to spread exactly that way - by trying to connect directly to your computer.
If you've got a router, you're protected.
As you can imagine there are sometimes scenarios where you actually want to be able to initiate a connection to your computer from the internet. Most routers support this, but you must manually configure the exception to the "everything's blocked" rule.
What's called "port forwarding" allows you to tell the router "if a connection comes in on this port (the way types of connections are defined), send it to this computer".
Something called "Universal Plug and Play" (UPNP) also allows software to make router configurations "for you", without asking.
I'm guessing that's exactly what Skype and Google Earth did.
UPNP is a security risk, because malware on your machine could also just as easily use it to make changes to your router's configuration and remove much of the security that you so carefully put in place.
Turning off those exceptions was the right thing to do. I also recommend turning off UPNP on the router completely.
Wait ... "malware on your machine"? But didn't the router stop all malware?
No. The router stops a certain type of malware; an important type of malware. But it doesn't stop all malware.
A properly configured router will prevent unsolicited connections from computers on the internet from reaching your machine.
A router cannot protect you against:
Malware you download
Malware in email attachments that you open
Websites that you visit that install malware on your system
Malware that arrives on other media, like USB drives
... and probably more.
The bottom line: a router configured properly will protect you from a very important threat. Without a firewall or router protecting you against this threat you are at serious risk.
But a router (or a firewall) cannot protect you from all of the many other ways that malware can reach your machine.
Comments on this entry are closed.
If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.
If you don't find your answer, head out to http://askleo.com/ask to ask your question.