Yota
Very Senior Member
The bad guys can remotely control your computer through the browser's zero-day vulnerability, and can then use this browser to hack into any device on the LAN. so, the safest thing is to disable it every time you run out of SSH, then frequently update all networked devices and programs.I don't run with ssh completely disabled - I'm logging in many times a day. I leave it set to LAN only. So any attacker would need to be physically present at/near my home. Someone attacking via wifi would need two passwords and guess my root user id. I think I can live with that.
Also, don't think that zero-day is far from you. something you may have not updated to the latest version, so the vulnerabilities could be exploited by bad guys.
Don't forget that many botnet devices are not because their vendors haven't released fix updates, but because people don't check for updates frequently.