Compromised network on wireless router [Would you still recommend CFP?]

After reading a post in one of the foruns I go to (in my country), I faced with a situation where a user was asking for help to kick out an intruder that was taking advantage of his wireless network.

He’s using WPA2. At least is what he is. He also says he has a very strong password and all that stuff.

Some folks suggested to change the password, check DHCP tables, etc.

But, the question that truly matters here is: How did he get his password? Keylogger? Backdoor? Trojan? If so, then I recommended to use CFP with Defense+ set, at least, to Safe Mode. If there is something in his system that is sending info to someone, I’m pretty sure that Defense+ would get it.

The reaction was: What extra security would that bring to a wireless network? What possible extra security, could even a software firewall bring to a network behind a wireless router?

Do people really think that this sort of apps (Defense+ and the likes) are useless to networks?

The truth is one: His wireless connectio is being stolen and system got compromised. He either had a weak password and got discovered? And he truly has no prevention/detection systems, and considers (and a few more) that CFP and the likes (with integrated HIPS) are of no use?

What are your thoughts?

A wireless network just uses ethernet over radio-wifi is the current standard. WPA2 is quite effective in preventing unauthorized users from logging onto and using your network if they don’t have the key. But it is really to keep others from reading the traffic betwen your computer and your router. It does nothing for network security, other than preventing malicious LAN nodes, since internet WAN based based malware knows nothing about it. With a good software firewall/antimalware, even the malicious LAN nodes can be prevented from access to your computer with malware. I use public wireless networks all the time without compromise, and they are not even encrypted ethernet links-anyone can join. Your computer needs to be prepared for malware, whether local or remote, and the way to do that is with firewall/HIPS/antimalware software.
If he is currently contaminated, a complete malware scan is in order first. He is not in a position to simplifly CIS setup by saying the system is trusted. Using the malware scanner first should get rid of any known threats, then CIS can concentrate on unusual events for the user to review.

I agree with you. Of course, first a malware scanner, and then yes, CIS (D+).