Lots of times we have debates about why a software firewall on a PC is necessary. I believe the latest worm (and previous ones) demonstrate why.
A soho router really is only providing NAT and disallowing any inbound connections (unless you've enabled DMZ or some kind of port forwarding). So any and all outbound connections are allowed, with no notification or logging.
Recent worms and the current one make an outbound connectin to IRC servers. A nat router will not stop this. Once this outbound connection is made the worm simply awaits for instructions - "copy anything *.xls on this PC", "copy any cookies", "send all passwords to server" "launch attack on www.google.com"
So basically the soho router does nothing to prevent this. A hardware or software firewall however will because best practice says a firewall "should block everything and only allow what is specifically needed/configured." If the firewall is configured to allow everything then there might as well not be one.
Some may argue that they cannot be infected due to NAT. That is true to an extent - the active scanning that these worms do will not infect you. But browsing a web page can. Clicking any pop-ups. Opening e-mail can. Company networks are a different beast all together because they are all interconnected with other companies, many times without firewall protection.
For "defense in depth" security it is always recommdend to:
1) use NAT to prevent inbound connections
2) run software firewall on every PC to block unwanted outbound connections
3) Up to date anti-software that checks regularly (many times a day) for new updates
4) Run anti-spyware software.
A soho router really is only providing NAT and disallowing any inbound connections (unless you've enabled DMZ or some kind of port forwarding). So any and all outbound connections are allowed, with no notification or logging.
Recent worms and the current one make an outbound connectin to IRC servers. A nat router will not stop this. Once this outbound connection is made the worm simply awaits for instructions - "copy anything *.xls on this PC", "copy any cookies", "send all passwords to server" "launch attack on www.google.com"
So basically the soho router does nothing to prevent this. A hardware or software firewall however will because best practice says a firewall "should block everything and only allow what is specifically needed/configured." If the firewall is configured to allow everything then there might as well not be one.
Some may argue that they cannot be infected due to NAT. That is true to an extent - the active scanning that these worms do will not infect you. But browsing a web page can. Clicking any pop-ups. Opening e-mail can. Company networks are a different beast all together because they are all interconnected with other companies, many times without firewall protection.
For "defense in depth" security it is always recommdend to:
1) use NAT to prevent inbound connections
2) run software firewall on every PC to block unwanted outbound connections
3) Up to date anti-software that checks regularly (many times a day) for new updates
4) Run anti-spyware software.