Is it possible for someone to hack and/or implant viri, etc. on my computer while it’s turned OFF but my ethernet cable (DSL) is plugged IN? In other words, should I be unplugging my ethernet cable every time I shut down my system, or is that simply alarmist paranoia?
In defense of my silliness, I did once hear from a computer technician that laptops (though I’m using a desktop (WinXP)) can be remotely powered on if the ethernet cords are plugged in. I’d hate to think all my software defenses are for naught when the system’s off.
What do you think? Does this theory hold water or do I win the “Dork of the Day” contest?
This part is kinda true. It’s called Wake On LAN (WOL). However, your computer must be in sleep or hibernation mode, not completely powered off, and must be set to have WOL active (a BIOS setting stored in the CMOS memory).
Most motherboards support wake-on-LAN, but I think it is turned off by default (and probably also by defaul in Windows) - even with it enabled and assuming someone manages to wake your machine, the attacker should have no more success compromising your system this way that when it is switched on during normal daily use.
I turn on desktops at work all the time via their Ethernet connection. Laptops work the same way. It’s a management feature that allows me to turn on all the user workstations at 2 am so I can install an update or run some other upkeep, like defragging the drive, while everyone is asleep.
This is a function controlled by a BIOS setting, which you can turn off. Its typically called “Wake on LAN” or “Wake on Ethernet”
I don’t know why you’re concerned though. It’s not like your computer is any more secure while you are there then when you are not. If it’s sitting at a logon prompt it’s probably more secure then when someone’s logged in.
This is false in the sense of what is normally meant by “hibernation” or “sleep” modes. A computer that is turned off normally - via Windows “Shut Down” for example, will still keep its Ethernet powered and respond to WOL packets if WOL is enabled. The only way to really shut off power is to flip the switch on the power supply in back or unplug it from the wall.
In addition, to use Wake-On-Lan on another machine, you have to send it a packet containing the ‘magic sequence’ specific to it. This sequence includes the MAC address of the NIC in your PC, which wouldn’t be known by anyone on the internet through normal means.
It is possible to hack into your DSL modem/router when your PC is off. It wouldn’t affect your computer initially, but it could prevent you from accessing the internet correctly and could lead to a PC virus infection later if the hacker messed with the routing table to make it point to a malicious web site or something.
The only security risk I’ve ever seen from my modem was with an old dial-up I had back in college. My roommate would use the phone on the same line, and I’d hear everything he was saying though the modem’s speaker.
Wake-On-Lan seems to me to be a bit buggy. I’ve had PCs that have woken up overnight without explicit instruction, and have heard of more. So we turn it off where I work.
If you have a fully patched machine I wouldn’t be terribly concerned. Also If you have something like a linksys router or you’re otherwise NATing, you’re adding yet another level of complexity.
It is however possible for somebody to wake your computer up across the internet, if they’ve previously gathered enough information about it. This could be aquired if you visit somewhat questionable websites.
Once they have woken your computer, compromising it usually requires that they exploit an un-patched security vulnerablity. Either one you haven’t applied yet, or one that there is no fix too yet.
Once that occurs, anything could be possible.
But it’s not likely.
Keep your system up to date with security patches and you’re very likely to be fine. Don’t go to “those” websites and your even more likely to be fine.
Would “those” websites happen to feature the lyrics of popular songs by any chance?
Seriously, I got the worst spyware infection I can remember not from a pr0n or “warez” site, but from a site I clicked on from Google looking for the words to a song.
