Originally Posted by gweminence
My point exactly.
As for infection behind the router, that's why I made sure to be clear that I was speaking of firewalls, not antivirus. Antivirus is never redundant, and should always be used. Window firewall, however (or any other software-based firewall), can safely be turned off, if one is using a NAT-enabled router.
Most are, these days.
I don't agree.
I always have a firewall on each machine of my home network. I cannot guarantee that one of my users (family) won't do something silly and bring malware behind the NAT firewall. Why make it easier for the scumware to hit up the other computers?
This is the reason that IT people in business run multi-level firewalls. At the university I was at, the IT folks wanted per-machine firewalls, per-segment firewalls, and per-university firewalls. I did the same thing whenever I was managing a company's network (something I did for fun, usually). The reasoning is the same as above: all it takes is one slip by one user, and the NAT firewall is useless.
As for resources, the vast majority of AV scans are useless, wasting resources. In a year, I have had one hit, and that was for a file so suspicious that I wouldn't have used it anyway. By that logic, the AV is also a waste of resources.