It’s what you do that matters.
In general, no, but there are exceptions.
Whether your computer is on or off is rarely the issue. There are other things that matter more.
Become a Patron of Ask Leo! and go ad-free!
Is always-on more dangerous?
As long as you’re behind a router to prevent random outside attacks from reaching your computer, and as long as you’re running software you trust from sources you trust, then running your computer 24 hours a day does not significantly increase your vulnerability to hackers. Using your computer securely protects you whether you’re actively using it or not.
Get thee behind a router
You probably have a router, as that’s the device that allows you to share your single internet connection among all of your internet-connected devices.
A router acts as a fantastic firewall, preventing outside threats from reaching your computer uninvited. Even if you have only one internet-connected device,1 I still recommend using a router for this reason alone.
If your computer is not connected to a router — meaning it’s connected directly to the internet — then yes, you are at higher risk of compromise for every moment your computer is running. Theoretically, the security software on your computer will protect you, but this is also where unpatched vulnerabilities really come into play. If an outside attacker can reach your machine and exploit such a vulnerability, your machine can be hacked.
Use a router. The good news is that you probably already are.
It’s what you do that matters most
Note that I said a router prevents outside threats from reaching in to your computer uninvited. That last word is critical.
Most malicious software gets to your machine because you invite it in. For example, a router can’t protect you from downloading and opening a malicious email attachment. Your security software might; in fact, it probably should, but there’s no guarantee.
You probably understand that. The real question is whether your machine is more vulnerable while you’re not using it.
It depends on what the machine is configured to do while you’re away.
It’s what your machine does that might surprise you
You may think that when you leave your computer, it just sits there quietly waiting for you to come back, but it’s not that simple. Your machine may do things like download software updates and sync data with other devices using tools like Dropbox or OneDrive. Those actions could download malware.
Having your machine off doesn’t really prevent it, as it would happen the next time you turned your machine on.
Ultimately, it really comes down to making sure you use only software you trust from sources you trust, because anything you install has the potential to download more without your knowledge.
Do this
I leave my machine on 24 hours a day. Yes, leaving it on all day means that it’s more ‘available’ for malicious activity than if I turned it off when not in use. But, honestly, if malicious activity is going to happen, it’ll just as likely to happen while the machine’s in use as it is when not.
I secure myself by:
- Having a router between my computer and the internet.
- Only running software I trust.
- Only getting software from sources I trust.
- Backing up regularly so that if something happens I can easily recover.
I recommend you do the same.
I also recommend you subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
Podcast audio
Footnotes & References
1: Rare, these days.
“You probably have a router, as that’s the device that allows you to share your single internet connection among all of your internet-connected devices.”
My router is a wireless router/modem combi, but I’ve seen many standalone modems which require a separate router for WiFi and additional ethernet connections. If you only have one ethernet port and no WiFi it’s best to assume you are not behind a router.
Hi, Leo,
I do everything in your “Do this” list (above), as well as employing a strong dose of skepticism regarding anything coming from the Internet (especially webpage/email links). Additionally, I enable a couple Windows security features that are not enabled by default. I enable Ransomware protection (under Virus and threat protection), and Memory integrity (under Device security). If a user is not ‘computer literate’/’tech savvy’ (s)he may not want/be able to deal with the notifications that Ransomware protection will produce. It blocks hard drive write access for applications that have not been specifically granted the appropriate permissions to make the changes that are being attempted. In many cases, these hard drive writes will have been permitted prior to enabling Ransomware protection, but with Ransomware protection enabled, the user must determine whether to specifically grant these permissions as installed apps attempt to write to the hard drive. If the user who is responsible for making such decisions does not fully understand how Windows works, (s)he may be ill-equipped to make them.
For the first few weeks after enabling Ransomware protection, I received notifications about actions being blocked by many of the applications I use. When I install a new app, I usually get a notification about its installer, the app being installed, or both. When I get such notification(s), I click the notice – it takes me to the Protection history page in my Windows security dashboard. Activity block events are listed with the most recent at the top, so I expand the top one to see what action was blocked, and which app attempted the blocked activity. If I recognize and trust the app, I click the ‘Actions’ button (lower-right) and select ‘Allow’. If I don’t recognize it (or I’m unsure about it), I copy its name to my clipboard and search for it on the Internet (“Windows 11: What is [app/process-Name]” where app/process-Name is a placeholder). I recently received a notification after running the PowerShell-7.2.5.msi installer for “msiexec.exe”. I suspected that it was associated with my execution of the installer, but I still copied it to my browser’s search field as “Windows 11: what is msiexec.exe”. I was right, it is a Windows helper to execute .msi files, so I clicked the ‘Allow’ button. The only times I click the ‘Allow’ button are when the notification I receive is the result of some action I knowingly took (such as installing the latest version of PowerShell), and the blocked activity is something I have decided is necessary/appropriate.
If a user enables Ransomware protection on his/her computer, the user must remember that it is only as effective as his/her choices regarding these notifications, and that poor choices may adversely affect the operation of Windows itself. The user must take great care to not simply ‘click through’ some blocked action. Always check which application/process activity was blocked, and where it was blocked and make certain to understand why/if the activity is necessary to the proper completion of the action that was being attempted before allowing it (When an action is Allowed, it’s ‘Allowed’ for that app, at that location on the hard drive, for all future events). Additionally, keeping hard drive access blocked for some Windows processes may prevent Windows from working correctly, so it is vital that the user understands when an action is necessary, and when it is not (when to Allow an action, or not).
Always be especially suspicious of block events that are not (do not appear to be) the result of something being done locally by the user. One example could be getting a blocked event notification while reading email, but when you check the blocked event listing, the event is not related to your email app or your web browser (webmail). As a side note, since enabling Ransomware protection, I have even received blocked activity event notifications regarding Windows Update, so that should give you some idea about the scope of what Ransomware protection covers. If it writes to the hard drive, Ransomware protection may get involved.
I hope this information is useful/helpful to others,
Ernie
Leo, you are so right that we need to have a secure connection to the internet.
We are trying to be most secure and own and use an older combined modem router gateway that Asus inform us cannot be updated.
We have an ISP provided modem at no fee, but have not been using it.
We have decided we would like to purchase a Lynksys router that can be updated.
Should we start to use the ISP provided modem or continue to use our gateway just as a modem? Would using the gateway negate the better security of the new router and would it require complicated setting up as a bridge?
I hope you have the time to answer, thank you in advance.
Unfortunately this is highly dependent on your ISP and the connection they provide. The important thing is that regardless of how many devices are between it and the internet, all your computers are connected the router. So INTERNET–MODEM–GATEWAY–ROUTER would be fine (in theory). In my case I have INTERNET–ISP-MODEM–Router … where the ISP-Modem could function as a router, but it’s configured to simply act as pass-through so I can use my own better router. But as I said, it really all depends on the specifics of your ISP, and how they need or want you to connect. Sorry I can’t be more definite.
the writer doesn`t mention how many people can actually sit down at his computer and use it.
if its more than a few, he will be in danger of malware and hacking if he leaves it on all the time.
If you leave your computer unattended, press Windows Key + L to lock it.
Mark –
How would I unlock it?
If you leave your computer unattended, press Windows Key + L to lock it.
It’ll prompt you for your PIN or password, just like logging in to your computer after a reboot.
Press any key to bring up the login screen and log in.