BEGPAN2.CVP 931015 1.1 Power Let us assume the worst possible case. You have reason (maybe good, maybe bad, we'll cover that later) to believe you have a virus. What do you do first? Most people would tell you to immediately shut the power off. That *might* be a good idea - but it might not. Shutting the power off will definitely keep a virus from operating. If the power already *is* off, don't turn it back on - at least not until you're a bit more comfortable with what might be going on. However, if the power is on and the virus is active, what is it going to do? Infect your computer? It's already done that. Erase files? Format your disk? Well, yes. There are viral programs that will do that. You probably don't have to worry about that happening, though. With some few, possibly debatable, exceptions, no virus is beneficial. You don't need anything randomly adding itself to programs, you don't need to lose the extra disk space and you don't need to lose the memory and interrupts. Most common viral programs, though, are termed "benign". This means that they carry no overtly damaging code, and that any damage they do is unintentional. "Malicious" code tends to draw attention to itself, and thus be destroyed, or to destroy itself when it formats the drive to erase everything else. Therefore, the odds are in your favour that if you do have a virus, it won't be doing any damage. If you *do* happen to have an infection by one of the malicious viral breeds, you still might not be in trouble. Most malicious payloads require some sort of trigger event. Sometimes this can be a specific time of day, but not very often. The Michelangelo virus, for example, triggers on March 6th - but only when the computer is booted up on March 6th. If you leave the computer on all day March 6th, nothing will happen. (This is not to say that leaving the computer on all day on March 6th will avoid Michelangelo. There is too much risk of an accidental reset, and far better ways of dealing with the infection.) Therefore, your chance of any damage happening while the computer is on is reduced further. If, of course, you have just seen, "Ha, ha! I, the Disk Head Crash Virus have just erased your disk," then you're in trouble. You probably won't, however, get into any more trouble by leaving the computer on. In fact, if you don't panic, and calmly leave the machine on, there can be a better chance of recovering something. Some of the system information is still in memory, and if that can be written back to the disk the chances of recovery may be improved. To conclude, then: if it's off, leave it off. If it's on, leave it on. If, of course, the printer is going nuts, there is one too bright dot in the middle of the monitor and the disk drive is in a constant spin cycle while making rattling noises - turn it off. copyright Robert M. Slade, 1993 BEGPAN2.CVP 931015 ============== Vancouver ROBERTS@decus.ca | "Don't buy a Institute for Robert_Slade@sfu.ca | computer." Research into rslade@cue.bc.ca | Jeff Richards' User p1@CyberStore.ca | First Law of Security Canada V7K 2G6 | Data Security