On 12/13/2009 06:34 PM, Quark Group - Hilton Travis wrote:
> So, what happens when some malware gets installed on a PC

Malware could use UPNP but I don't see why they would.  It would be too 
unreliable because of other external filtering, local client firewall 
software that might not allow the UPNP by default, gateways that have 
UPNP disabled, etc.  They currently just use the outgoing tunnelling 
method.  It is much more reliable to establish an outgoing channel from 
the infected PC to a remote server which is compromised and use that as 
a tunnel to allow them to connect back in to the desktop.

Not to say disabling UPNP is not advisable.  I do the same thing on 
every gateway system I have control over including family members 
gateways.  Mainly to restrict legitimate software that gets installed 
though.