Leaving a PC on at Night

[stevem326]

I heard a PC security expert say on a radio show that it's a bad idea to leave a PC on when you're not around it (like leaving it on at night when you sleep). Does that make sense? Are you more vulnerable to getting hacked if you're away from your PC at night for 6-8 hours as compared to if you're typing away on a paper or surfing the web during the day?

I would think leaving it on at night doesn't pose any greater risk than if you're sitting in front of it at 1:00 in the afternoon...under either circumstance you've got your security stuff still running...firewall, anti-virus, anti-spyware, etc.

Enquiring minds want to know...

 

[stash]

Wow, that's a new one. If anything, I would say a machine is less vulnerable at night, or any other time that it is on but nobody is using it. Why? Because most exploits these days are initiated (willingly or otherwise) by the user.

But if your machine is configured and secured correctly, it doesn't matter what time of day it is running.

 

[stevem326]

Maybe they were thinking about physical security? In other words, say I live in a dorm hall or something and I leave my PC on all day while I'm gone. Conceivably more than a few people in the hall may (or may not) have access to my room and PC...so that's why they were saying to turn it off when not using it.

 

[blackangst1]

As long as you have proper security it wont matter. Most firewalls stealth inactive ports so even if you DID get scanned...no biggie. Youre not visible anyway.

 

[stash]

Originally posted by: stevem326
Maybe they were thinking about physical security? In other words, say I live in a dorm hall or something and I leave my PC on all day while I'm gone. Conceivably more than a few people in the hall may (or may not) have access to my room and PC...so that's why they were saying to turn it off when not using it.

I'm not sure what turning a computer off does for physical security. If someone can get their hands on your machine, they can do whatever they want to it.

A possible exception is if the disk is encrypted with something like BitLocker or other full disk encryption products. But still physical security is one of the most critical aspects of security, regardless of the power state of the machine.

 

[indigo196]

Originally posted by: stevem326
I heard a PC security expert say on a radio show that it's a bad idea to leave a PC on when you're not around it (like leaving it on at night when you sleep). Does that make sense? Are you more vulnerable to getting hacked if you're away from your PC at night for 6-8 hours as compared to if you're typing away on a paper or surfing the web during the day?

I would think leaving it on at night doesn't pose any greater risk than if you're sitting in front of it at 1:00 in the afternoon...under either circumstance you've got your security stuff still running...firewall, anti-virus, anti-spyware, etc.

Enquiring minds want to know...

Um...

'PC security expert' + 'on radio show' = extreme credibility issues

I guess if the person thought you would have a bunch of processor and memory monitoring tools up and running while sitting at your PC (not playing a game or doing any real work) so you could catch unwanted processor or memory utilization that it would make a difference...

I just can't imagine that it would matter that it was on or off... unless he is talking about work environments in cases that you are using full disk encryption of some sort, a bios startup password and/or a TPM module... then having it turned off so if a person physically accesses the computer it would make a difference... but for a standard home user it won't make that much difference 'security wise'.

I wish I had more of a context for his comments.

 

[spikespiegal]

'PC security expert' + 'on radio show' = extreme credibility issues

Likely using a Mac as well.

 

[stevem326]

Thanks for the feedback everyone. The "expert" I heard was actually on NPR and it was just a 5 minute interview...it wasn't like he was hosting his own hour-long show. Towards the end of the interview he was giving a "top 5" security checklist...anti-virus, anti-spyware, firewall, MS updates and don't leave your PC unattended...that was the context.

The more I think about it, I believe he was referring to physical security. In other words, you wouldn't turn your PC on and then walk away from it for several hours if people you didn't know and trust were around. I think the interview was designed for people who knew very little about PC security...he was just kind of giving the basics on general security points. So don't turn your PC on and then walk away from it seems like the main point...which make sense, obviously. I hope that clarifies the context a little bit.

 

[lxskllr]

Originally posted by: stevem326

The more I think about it, I believe he was referring to physical security. In other words, you wouldn't turn your PC on and then walk away from it for several hours if people you didn't know and trust were around.

Just to expand on that a little... A laptop is probably one of the biggest physical security risks. They're quite easy to walk away with, and get left by themselves way too often. In the car, library, in a cafe...so on. It only takes a couple of seconds, and you could lose tons of vital information, and the theif would have all the time in the world to break any encryption you use on the machine(not that many people do)

 

[gsellis]

Turning off the computer at night removes a window for attempted exploits specifically aimed at a computer. Home computer? Not too likely. Corporate Certificate Authority Root? You bet you and best practice is that it is off 99.99% of the time.

Is it worth it? Not really. But if you are the paranoid type, go for it just to let you sleep better. But leaving the computer on allows it to schedule updates of AV and hotfixes (mine are set for 1am and 2am). Also, most of the spinning stuff handles running 24hrs better than many power ups.

 

[stash]

Corporate Certificate Authority Root? You bet you and best practice is that it is off 99.99% of the time.

This type of machine shouldn't even have a network card installed. It should be locked in a safe/vault, and only brought out and turned on to update the CRL or issue a new cert to a subordinate CA. It should NEVER be connected to a network of any kind.

 

[Jaskalas]

Originally posted by: stevem326
The more I think about it, I believe he was referring to physical security. In other words, you wouldn't turn your PC on and then walk away from it for several hours if people you didn't know and trust were around.

Anyone physically at the computer, who knows what they?re doing, owns it and its files. For the average person however, simply make the screen saver require a login to get past.

 

[Rottie]

Getting paid by Radio show for dirty talk?