Preferred User,
I try and keep up on the security situation so the next time I find something of interest I'll post it here. I haven't always done that in the past.
As far as the hardware firewall is concerned, any security device CAN be defeated if someone is willing to spend the time and effort to get around it. Thats just a basic tenet of any type of security. Now, as far as most of us are concerned, we don't have a lot that a thief is interested in other than the following:
1. Bandwidth. For those of us with broadband, this is spyware/adware/virus/trojan heaven. If a machine connected to broadband can be infected, that machine can then be directed to try and infect any and all other machines that it pings and finds open ports. The same is true of dial-up except that dial-up can't do the same quantity of damage.
2. Personal info. For obvious reasons.
A true SPI? Remember what I said above. Also remember that a lot of what we're seeing today is coming in with regular port 80 traffic so the hardware router probably can't do anything about it as it just sees normal packets. Alot of this stuff is surruptitious or using social engineering to trick the user into allowing the crap onto the machine. I started a post a couple of days ago that demonstrates the surruptitious variety. If you feel up to it, and have followed the instructions and warnings, I would recommend that you try it as its a good demonstration of how easy it is nowadays to infect your machine.
You also mentioned in post 14 about "paranoia". Although anyone can certainly go overboard with any type of security, that doesn't mean that you can totally forget about security. When I work on someones machine, if that machine is going to be connected to the internet, I make sure the client understands the dangers and will set the machine up with appropriate software (software firewall, AV, Spybot, Ad Aware, SpywareBlaster, Firefox, etc.) and explain what they do and why they are necessary. So far, I've only run into a few minor problems with these machines and it is invariably because the client opened an attachment or now, more frequently, got hit by a drive-by (the post I started a couple of days ago is a drive-by).
But how long will this last? I don't know. But I do know that these scumbags aren't stupid and when they're scumware isn't working as effectively as they would like, they change it. And the inclusion of keyloggers in their scumware is one of the recent changes that people have noticed.
I'll get you the URL's of some of the sites that keep track of this stuff. Let me know if you have any further questions.