My house has multiple computers (usually a few are connected to the internet
and running at a time) all connected to the internet through a Linksys ethernet
router. Hypothetically, if two computers were connected to the internet, and
one of them contracted a virus or two, would the virus be able to get to the
other computers connected to the router more easily? Meaning, would the fact
that the virus’s entered one computer also mean they had gotten into the
The short answer is “Possibly”.
Your setup sounds very much like my own. Several computers, most are always
on, and all sharing a connection to the internet.
There’s good news and bad news here, and it all depends on the virus.
Become a Patron of Ask Leo! and go ad-free!
Should a virus make it across your router or firewall to any computer on
your local network, then yes, in theory, it’s now able to propagate to the
other computers behind the router. Behind your router, all your computers were
exposed to each other without a firewall. If one is infected, there’s no
firewall to prevent it from spreading within your LAN.
The good news is that most viruses that can move easily from machine to
machine without human intervention are exactly those that routers are great at
stopping in the first place. So the risk of exposure is actually pretty low. It
has happened, and I’ve heard of corporations being brought to a stand-still
because a virus managed to get across the corporate firewall. It’s not common,
but it does happen.
The real risk is from other viruses that more typically cross the router via
other means – like email.
Obviously routers and firewalls allows email to cross. Thus if a user opens
an infected attachment, for example, *poof* you’re infected – firewall
or no. The good news here is that email borne viruses typically also use email
to propagate, so they probably won’t infect other machines on your local
network without help. By “help” I mean someone explicitly running the infected
attachment on other machines on your network. More likely is that the infected
machine will simply start to send email with infected attachments at a rapid
Less clear are things like malicious activex controls and other web based
virus attack vectors, instant messaging viruses and more. Depending on how they
propagate, infection of a single machine on your local network could be limited
to just that machine, or could spread to others.
And that really leads to an important point. While I’ve spoken in
generalities, there are really no rules. For example while they commonly don’t,
an email borne virus could propagate directly to other machines via
Thus, you still need take care.
A firewall is only one part of your internet
safety strategy. All of your machines should still be running anti-spyware
and anti-virus checks even though they’re behind a firewall, and should be
running Windows Automatic Update to make sure that the latest critical fixes
are always in place. All of your users should take care to not open unknown
attachments and only download from safe sources. This is exactly what I do.
Even though I’m behind a firewall, and even though my wife and I are very good
at not opening the wrong attachments, all of my machines run nightly virus and
anti-spyware scans, and have Windows Update enabled.
There’s a school of thought also that says software firewalls on each
machine are still a good idea, even if you’re behind a router, especially if
you can’t necessarily trust all of your computer users.
2 comments on “Can a computer virus spread behind my firewall?”
Is there a way to block a connection from a seperate PC (router connection), in case that particular PC should ever get infected by a virus, so my PC won’t ever be infected?
yes. turn your pc off.