Should You Shut the Computer Down?
If you're the PC guy in the family or some other group, you've probably been asked this question: "At night should I turn my computer off?"
Ever since normal people have had computers, this question has made the rounds with a variety of "expert" answers. The early versions presented a trade-off between power consumption and stress on components. Turning the computer on or off, so the theory goes and accurately I believe, is the most physically stressful thing you do to it all day, so I think most experts have advised that it's better to leave the system on.
But in the age of the Internet, and especially in the age of broadband connections, there's a new angle probably more significant in the average case than all that wear and tear stuff. Some would claim that if you have one of those "newfangled" always-on broadband connections, then you're exposing your PC to more attacks than if you were to shut it off during periods of disuse. (Am I disparaging this attitude with my tone enough? Can you tell where I'm going with this?).
To sum up in advance, this idea places all the emphasis in the wrong places. If your PC is vulnerable to attack, the answer isn't to stay offline more; you should plug the hole. If it's insecure, it will be insecure for the time you use it, and that will be plenty enough time for someone to compromise it.
I should mention where I stand on the power vs. stress angle. It's better for the health of your system to just leave it on. The power consumed is, at worst, comparable to leaving a light bulb on, especially with modern Energy Star components, disks that spin down, monitors that shut themselves off, and operating systems that know how to manage power, even on desktop systems. (Incidentally, light bulbs will also live longer if you leave them on, not that I advocate gratuitous waste of energy.)
There are, however, a number of other issues that should, in some circumstances, be considered. Some PCs are loud and you might not want the ambient noise. Also, PCs can generate heat, although a modern desktop PC, if not actually doing anything, should manage its own power well enough not to heat the room. (This is certainly true of Windows; I don't know how efficient power management is in other operating systems.
Because I no longer consider myself plugged into the hardware market, I asked my longtime colleague Nick Stam, Executive Senior Technical Guy at both PC Magazine and ExtremeTech. I specifically asked him about a newer theory I'd heard that components are reliable enough in stress conditions that leaving them on all the time raises the likelihood that you will encounter problems having to do with long lifetimes, i.e., that you'll run into the mean time between failures. Nick has no more quantitative data than I, but he too suspects that the stress of startup and shutdown is more of a real-world risk than long life.
In recent years, the part I've seen fail most often in PCs is the power supply, definitely the part that gets stressed the most at power-up and power-down, but also the one with the most mechanical stress on it.
But back to security: The answer to this was well-expressed recently with a minor industry "event," "Personal Firewall Day." It's a site and PR campaign from an industry consortium called "Everybody But Symantec." Of course, it's not actually called that—it has no name—but I don't understand why Symantec isn't involved. The group consists of McAfee, Microsoft, Sygate, TruSecure and Zone Labs—recently acquired by Check Point Software Technologies.
Even though the name of the campaign referred to one recent day the consortium pitched as "Personal Firewall Day," in fact every minute of every day should be personal firewall day. The vendors named above and others all offer firewall programs that can protect users from the sorts of attacks that go bump in the night, whether you're at your computer or not. Whether you choose to turn your computer off or not, you still need to run a firewall, and the personal firewall is the best option for most people. PC Magazine recently reviewed several of these products, if you're looking to choose one.
Microsoft has recognized the importance of personal firewalls too. Window XP and Windows Server 2003 come with a rudimentary firewall called Internet Connection Firewall. ICF isn't a very useful firewall, although users running it are better off than users without it. The upcoming Windows XP Service Pack 2 will upgrade ICF and rename it "Windows Firewall." PC Magazine recently took a good hard look at it. Windows Firewall won't have all the features of third-party personal firewalls—for instance, it won't have tight control over programs on your system making outbound communications—but it will be turned on by default and will offer much more control over the security of your system than exists today in Windows out of the box.
Running away from a problem usually is not a good solution to the problem, and turning off your computer to avoid Internet attacks is the worst kind of running away. It's not even effective. Unless you're going to avoid the Internet altogether you will be attacked, and if you're attacked you need to have protection, and that's why there's personal firewall software. Not only will you have a fighting chance against the problem, but by making it harder for attackers you'll be part of the solution.
Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983. Be sure to check out eWEEK.com's Security Center at http://security.eweek.com for the latest security news, views and analysis.