But then it's not a NAT router. It's an SPI firewall. Stay on subject.
Sure. So how do you get on my wire to see my packets? It depends on how you are connecting of course. With cable systems it's possible. But then all you end up doing is corrupting my incoming FTP stream. If you (the hacker) are really lucky there's a buffer overflow vulnerability to exploit. Otherwise all you do is f*ck up my download.
More protection is always better. But the only packets hitting your computer through a NAT router are going to ports that correspond to connections that you initiate. The source port designation is a function of the TCP stack so it doesn't really matter whether that filtering is via the Windows firewall or a NAT router.
Right. And that's a function of user intelligence more than anything else. Decent AV and anti-spyware SW will help; no guarantee. But SPI isn't going to do a damn thing against these threats that NAT won't also handle. Ultimately, they all depend on a connection initiated from the inside.
Probably because it's not as easy as you think. Banks have substantial assets to protect and substantial resources to spend on security. If you're going to spend a $1,000,000 on a bank vault does it make any sense to cheap out on network security?
Perhaps, also the
More filtering is always better than less. But you're shifting the goalpost again. I'm not saying that a NAT router is as good as SPI or more advanced solutions. Merely that it's a hell of a lot better than nothing, and sufficient to keep most home users out of trouble.