Networking, risks, and mitigation.
There are classes of malware designed to travel from machine to machine across a network. It’s one way that malware travels across the internet, which is just a network itself.
Let’s review why this is important, but perhaps less scary than it sounds.
Become a Patron of Ask Leo! and go ad-free!
Malware on one machine infecting others
Malware can travel from machine to machine on your local network, but it’s not as common as it once was. There are a number of obstacles, ranging from software firewalls to platform dependencies to user behavior. The best defense is to take all the steps to use the internet safely, and keep the software on your equipment as up to date as possible.
Routers and the internet
You can think of your router as having a connection on one side (your single internet connection) — the “outside” — which it then shares with the other side (all the machines on your local network) — the “inside”.
Your router also protects local machines from malware attempting to spread on the internet by disallowing connections originating from outside. Every connection to something on the internet must be started by one of your devices inside.
I think of it as a trusted side (your local machines on the inside) being protected from an untrusted side (the internet on the outside).
This means that while there is malware attempting to jump from machine to machine on the internet, you’re protected because your router is blocking those incoming connections.1
Your router, like most routers,2 assumes the inside is trusted, and thus does not protect your local machines from one another. Your machines can communicate with each other without router-imposed restrictions.
So there is a risk that a local machine somehow infected by malware could allow that malware onto the trusted side of the network. If the malware is one that tries to propagate via the network, it will attempt to do so. Your other machines could be infected.
Perhaps surprisingly, while the risk is not zero, it is low.
Risks on the inside
This might not be as big a deal as you imagine.
Machine-to-machine infection relies on unpatched vulnerabilities. In other words, it’s not supposed to happen in the first place. But no software is perfect, and malicious software can exploit any vulnerabilities which are known yet unpatched. This is why I so frequently recommend you keep software as up to date as possible. This fixes and removes known vulnerabilities.
Each machine usually has a software firewall on by default. This wasn’t always the case in years past. This means many of the techniques used by malware for machine-to-machine transmission on your local network are blocked by the firewalls running on each machine.
You know better. Probably the most important protection is your own behavior. The vast majority of malware these days arrives via attachments, which some users unwittingly download and run, thus infecting their machines. Don’t do that. Even better news here is that most malware designed to spread via attachments does not also try to spread via networking.
If you have a mix of machine types, there are even more reasons to be somewhat less concerned.
- Most malware targets Windows machines.3
- An infected Windows machine is extremely unlikely to infect a non-Windows machine.
- An infected non-Windows machine is extremely unlikely to infect a Windows machine.
But there are no guarantees
I’ve used a lot of qualifiers above, like majority, most, usually, and unlikely.
Unfortunately, there are no absolutes. Every case I’ve mentioned has exceptions.
But security isn’t about absolutes. It’s about stacking the deck in your favor to make sure that malicious software never attacks your equipment or that damage is minimized if it does.
Keep your software as up-to-date as possible. Do all the things you normally do to use the internet safely.
Understand the risks you may face with whatever machines or users you have on your local network. Perhaps, for example, you want to protect yourself from your kids’ less-than-secure behavior.
Be sure to subscribe to Confident Computing, my weekly newsletter giving you more confidence, solutions, answers, and tips in your inbox every week.
Footnotes & References
1: I’m referring to most home- and small-business-sized routers. Larger devices can accomplish much more, but are much more expensive.
2: If your router has logging options to show you everything it’s blocking, it can be a real eye-opener to view that log and see just how much of this type of activity is constantly happening to us all. Some refer to it as “internet background noise” because these attempts make up some significant portion of all internet traffic.
3: To be slightly more accurate: most malware is type-specific. Meaning there’s Windows malware targeting Windows machines, Linux malware targeting Linux machines, Mac malware targeting Macs, and so on. While it’s not 100% — there are types of cross-platform malware — the most notable are platform-specific.