Asking For Trouble My teenage grandson has set up a broadband router for the family's computers. He tells me the router protects against all malicious attacks and has now disabled his anti-virus and firewall programs, plus the Anti-spyware programs - is there any truth in what he says. I fear that if he does get a virus I shall have the job of getting rid of it. You're right to worry, he's misinformed on both counts. We've discussed this before, but the question comes up so often I guess we need an "item #1" headline now and again to make sure people don't get misled by well- intentioned but incorrect advice such as from the grandson. Anything that blocks or guards any network ports can be called a firewall. But that doesn't mean that all firewalls are equal; or that any product that mentions firewalling on the box is really doing what you need. Example: Some routers do provide a pretty good level of inbound firewalling, but they usually do absolutely nothing--- nothing--- about spoofed *outbound* attacks ( "phone home" activity) caused by malware. Of necessity, routers usually assume that any connection requests originating from a local PC are legit. But they may not be; in fact, almost ALL the nastiest worms and viruses propagate via unauthorized and often covert outbound connections. In contrast, a good local, desktop firewall will stop and ask when a new program or a newly-changed program is trying to make a connection. That way, you can stop unauthorized outbound activity before it starts. Another example: Some routers include a kind of antivirus scanning, looking at the inbound packets for stuff that resembles known viruses. That's fine. But local AV tools can also monitor not just the patterns of ones and zeros, but also virus-like activity that's triggered when the malware code is activated. An AV tool on a router can't know what's happening on the hard drives and in the RAM of any of the PCs it protects; it's useless against this kind of attack. And ask yourself: Is *any* software or hardware 100% reliable? (If you find some, let me know, OK? ) ALL software and hardware contains flaws; nothing is perfect. Relying on any one tool to provide all your online security is placing all your digital eggs on one basket--- a basket that must and does contain flaws. Routers, with or without in-built AV tools, can be a valuable part of an overall security strategy, but they are NOT NOT NOT enough by themselves. I can't stress that enough. Relying on a single layer of defense is asking for trouble. Please see The Single-Layer Defense Fallacy http://www.informationweek.com/showArticle.jhtml;?articleID=54800003 How Much Protection Is Enough? http://www.informationweek.com/showArticle.jhtml?articleID=180203313 Joe's Collage