On Wednesday, January 12, 2011 12:16:27 pm valdis.kletni...@vt.edu wrote: > 140 million compromised PC's, most of them behind a NAT, can't be wrong. :)
How many more would there be if most PC's were not behind NAT or stateful firewalling? Or, to turn it on its ear, "Windows is the best OS; 250 million Windows PC's can't be wrong." Uh, yes they can. The various implementations of NAT, the various implementations of stateless and stateful firewalling, and any other ingress protections only cover a few attack vectors; surf-by client-driven web bugs aren't in that set of vectors. However, mechanisms like PVLANs and internal firewalling can help mitigate those, as can host-based protections.
