Untrusted computers sharing router

Beginning with the assumption that a software firewall is not necessary when behind an NAT router, does a software firewall become necessary when you do not trust the other computers connecting with that router?

For example, I'm going to be sharing a wireless internet connection with housemates. I trust them not be doing anything malicious, but I don't trust their computers to be clean from infections at all times. What risks, if any, does this create for my computer?

 

A software firewall is used for outbound protection when using a router, and that router allows your network in. So if they get infected there is notthing to protect you. Get a s/w-f/w!!!

 

monty is correct, The router only protects things from getting in at the gateway to the internet. It will not protect you from the other computers behind it. If one computer gets infected, it could very well infect all others on the network.

From what I understand, even windows firewall can protect you against all inbound attempts. If you have Vista firewall, it can protect both inbound and outbound connections on your machine. Outbound protection is useful if you do happen to get infected to stop the malware from calling home or sending out your personal information/passwords/bank accounts etc. There are other nasty things malware can do with an outbound connection.

 

You could look into investing in a MS ISA type proxy as well for additional protection. You'd need a cheap or older machine running MS Web server or Standard, etc. Other options would include numerous forms of Linux, etc.

From there you could look into running Trend Micro IWSS for about $200 (USD) a year and have no worries. That sounds a bit draconian but still for a handful of dollars and some old hardware you could probably do all of this on the cheap with some homework and old pieces and parts.

 

Along those lines of configuring a spare computer as a hardware firewall, would it be possible to connect a second router between my computer and the main router?

 

It does not have to be complicated or expensive. Just disable Windows file sharing and use the built-in firewall whether it be XP or Vista.