"Bob" <bobbREMOVE-CAPSus99@newsgroup-CAPShoo.com> wrote in message
> My questions: Do I need a router for protection? Will it
> significantly improve my protection? When does "The Law of
> Diminishing Returns" apply if it would help just a little?
The little help an actual firewall device gives you is in the fact that
if your machine gets compromised by something that you invited in, it
becomes very difficult for that malware to compromise the device. The
firewall application (personal firewall / software firewall) runs on the
now compromised machine and can be circumvented in most cases if the
malware was written to do so.
> I have been reading about security. One site said a router makes my
> computer "invisible" on the internet. And another said "In very basic
> terms, a router will automatically reject unsolicited inbound
> communications to your PC. It will not reject solicited, but
> malicious, communications.".
A device sitting between networks (even between the internet and a LAN
with only one member) is in a unique position to "filter" communication
packets. The most basic is SPI (Stateful Packet Inspection) where the
"state" of a packet is checked to determine whether it is an
initialization packet (sent to initialize a communication) or a
subsequent packet (sent as a response as in an ongoing communication).
Basically, if you run a server of some kind, you need to be able to
respond to incoming init packets - otherwise it is best to drop them
into the bit bucket (null device).
Personal firewalls attempt to implement this on the computer that they
hope to protect, although they no longer have that aforementioned
"unique position". If you download and execute malware with sufficient
privilege, you usurp the so-called firewall.