Is spyware a worry if you have a router and a software firewall?

In this thread, Phlosphr said

I also have an external router and am running a software firewall. I have been thinking about running Spybot. Is this necessary? Does the above post mean that the router and/or software firewall prevents spyware completely, or am I misunderstanding Phlosphr?

Spyware isn’t a concern if your router’s built-in hardware firewall, or your separate software fireewall can keep programs running on your computer from accessing the internet without your permission. If you want to test your router or firewall, download and run Leaktest, which harmlessly simulates the action of a trojan or spyware program trying to “dial home”.

I say Spybot/Ad-Aware are still necessary. Spyware does many more nasty things than phoning home - hijacking your browsers home page (or even search results), causing other programs to crash or misbehave, consuming system resources and generally compromising system stability. None of these activities will be directly detected or prevented by the software and hardware firewalls.

I agree with DarrenS. Even with a hardware/software firewall, Spyware and Adware can still infect your PC and reek havoc.

As has been said, adware can still do bad things to a Windows box because Windows machines don’t enforce much by way of limitations. If a program decides to alter browser settings or squat on the CPU or fill a directory with crap, there’s practically nothing the OS can do about it.

So the best thing you can do is to either install Ad-Aware to keep the adware rooted out or install Linux, which does implement strict protections.

QED, I am confused by what you are saying here. A hardware firewall router like those made by linksys will not stop a program on your computer from sending information to someone. It seems to me you are saying a hardware firewall will not route traffic from your computer to the internet.

No, that’s not what I’m saying. Some firewalls can prevent unauthorized programs from accissing the internet. ZoneAlarm, in particular, is very effective at this. I don’t know for sure if there are hardware firewalls that can do this, but it’s within the realm of possibility–which is why I said “if”.

You are correct, Q.E.D., in that ZoneAlarm can prevent the spyware apps from communicating. However, what I’ve found by sad experience is that a lot of people either don’t have their ZoneAlram settings right, or else are so used to clicking “Yes” on “allow Generic Service Host (svchost.exe) to access the Net?” on Windows XP that they let it through anyhow. But that’s not ZoneAlarm’s fault, that’s human factors at play.

Regarding hardware: A standard Linksys BEFSR-41 will not block outgoing ports that I know of (unless the newest firmware allows it…), but more advanced routers and hardware firewalls (business and coporate-grade) can block all of the individual ports, incoming and outgoing. Ours at work will basically let each individual port be set for incoming/outgoing/TCP/UDP, etc.

An external hardware firewall may be able to block ports, either incoming or outgoing, but it has no knowledge of which program on the ‘protected’ computer generated the packet. A good software firewall, properly configured, on the ‘protected’ computer may have access to that information, but the firewall only has the info in the packet header (which is only as accurate as the program generating the packet chooses to make it, and usually contains no information about the program that generated it anyway)

Spyware is (in the opinion of the computer) a program that the user installed. This makes it different from many external attacks. Usually such spyware uses ports, like HTTP (port 80) that most firewalled users have open, and routinely use for essential activities. The firewall can’t know what you intend to do, of if you intended to do it.

Never ask a firewall -a hunk of plastic and cheap electronics- to be smarter than you - if only because it’s so depressing if it succeeds.

Most spyware

So, did spyware eat the rest of your post??? :smiley:

Most spyware doesn’t sneak on to people’s computer. They have installed it. It’ll usually comes as part of a ‘free’ application and people don’t realise it includes spyware because they haven’t read the fine print to find the catch.

The spyware is therefore happily embedded in the computer with your permission, just like any other application. It’s not up to the firewall to decide what’s a ‘good’ communication to the internet and what’s ‘bad’, only you can decide that. This is what applications like ZoneAlarm does, it can only warn you of what’s happening, you have to make the decision.