Surely a PC is less vulnerable to security holes when it’s switched off? Not necessarily so. As crazy as it sounds, the PC might actually be more vulnerable at the point it is eventually switched on, suggests columnist Larry Seltzer.

He recounts the story of a PC user who returned after a few days, turned on his PC, and was hit with a virus attack. The PC had all the relevant anti-virus software and a firewall.

Presumably, a particular vulnerability on the software of that machine was exploited before the system could get the patch to close the hole. If the PC had been left on it would have, paradoxically, had more chance of automatically downloading the patch the instant it was made public.

Seltzer is the latest commentator to propose that OSes as Windows could launch into a special “whitelist” mode before allowing general network communication to take place. In this state, the PC would only communicate with named websites such as or an anti-virus vendor. In periods of inactivity, it could close down to this reduced state for added protection.

I can see this might work, but even if standard developed for such a feature there are uncertainties. What happens if a PC is protected with software from a range of vendors? In that situation, the whitelist would need to be editable and that, by its very nature, would make it an object of modification attacks.

Similarly, hardwiring to overcome that issue would have Microsoft and others up in front of the U.S. Department of Justice quicker than you can say “Zotob”.

But it would make attackers work that bit harder, which they certainly aren’t having to do right now.