Your assumption is mostly correct but not completely.
As you suspect, cases (b) and (c) are the same because it is of no relevance whether the switch is built in to some other hardware or standalone. So I will call both cases (b).
An ethernet switch will normally optimize the traffic flows so that packets are not sent to ports where they don't need to go. It's done with MAC address leaning and is the reason why the second copmputer will not normally see the traffic between the first computer and the Internet. But it's not a guarantee so you should never count on it. You should view it as an opportunistic performance optimization instead. There are situations where it will not be effective:
- Soon after the switch has reset and before it has had a chance to learn MAC addresses.
- If the number of MAC addresses that the switch sees exceeds the maximum number of MAC addresses it can learn.
- If the layer 2 topology of the network has recently changed, packets might get sent to the port through which a MAC address used to be reached.
- etc...
The first two of those situations will result in the switch sending packets to every port, just like with a dumb hub.
Furthermore, broadcast and (sometimes) multicast packets will still be flooded to all ports even when MAC address learning is in use. That won't affect the traffic between the first computer and the Internet directly, but the first computer can still easily leak important information this way through DHCP requests, mDNS advertisements, and so on.
Is there any possibility (ARP poisoning/ spoofing etc.) where the second computer can see the traffic of the first one, considering case c) (and b))?
Sure. Using a switch instead of a dumb hub generally doesn't prevent such things as ARP poisoning or for example spoofing a DHCP server, unless the switch has specific security features to prevent it (and those features must be turned on, configured correctly, and managed).
