Changing Thoughts on Virus Protection For Show Machines

In Chapter 4 of my book, on page 49, I advise people building computers for show applications to "Disable Automatic Virus Checking" in a section called "Ensuring Maximum Computer Reliability."  I wrote:

If your network is off the internet, and your operators are following good practices, there should be no way for a virus to "infect" your machine in the first place.  Virus checkers often operate in an automatic mode, and you really don't want them deciding that it's a good time to check out your hard disk while in the middle of the most demanding cue of the show.  If you have cause for concern, run a virus checker manually between shows.

Well, that was long, long ago--2007, the world has changed, and so has my opinion on this issue. I now think that you have to either be exceptionally careful, or you should have virus checking software available on your show machines.  What has changed? The widespread usage of the USB flash or "thumb" drive.  

I personally never had a virus on any of my many computers from 1986 through about 2009, when I got "trojan" malware via a USB "thumb drive" used by one of my students. Whatever cracked software or free porn sites our students go to are apparently full of these incredibly virulent, annoying and possibly damaging viruses and other types of malware (worms, etc).  Below is a screen capture from a virus scan on lab machine at school, which we we let the students use for a class project for a few days with outdated virus definitions.  The result? 31 infections in a very short period of time:

If you had stuck your own USB drive into this machine, you would have almost certainly gotten this virus, and I can tell you from personal experience that this can lead to losing access to the data on the drive.  I've had to format a number of these drives, which, fortunately, I generally use only for transport and redundant backup. And I don't feel that bad that I didn't see this coming--in 2008 the defense department got hit by USB drive attacks so badly that they banned the use of all removable mediaThey partially lifted that ban this year, but that's something that could change again considering that removable media is reported to be the tool that Bradley Manning allegedly used to copy military secrets (see my Next Hope write up for more details on this complex situation).

Of course, if you can guarantee that you are the only person who ever touches your show machine, and you never need to get new media or cue files off another machine, then you can probably run without any virus protection software. But for everyone else, the reasons that I now recommend some sort of virus projection when using consumer operating systems for show purposes (of course, using dedicated "hardware" systems can alleviate this problem) are:

  1. A new threat has emerged in recent years.
  2. The amazing utility of USB drives (if properly used and managed) outweighs the risks of trojans and other malware.
  3. Computers now have a lot more available horsepower and can run with less interference with show software.

Issues that need further thought (feel free to comment below):

How to get the virus definitions updated? 

To keep virus definitions up to date, you need (typically) to connect your machine to the internet, or manually download and install the virus definitions file (a pain in the butt).  Connecting to the internet is something I generally have recommended against for show machines unless absolutely necessary (see page 50 of my book). But the issues involved in connecting to the internet (firewalls, routers, etc) are something we're going to have to address anyway as we move forward with modern protocols like ACN, so we might as well start addressing them now. (My current favorite way to do this is to have two physical Ethernet adapters in the machine, one on your closed, private show network, and one on the internet.)

Will the virus checker interfere with your show software? 

The best thing to do, of course, is consult your software vendor about this issue, and (as always) test, test and retest. My current recommended strategy on this is to run the virus checking software in automatic mode during tech rehearsals and the cuing period. And then, when you shift over to show running mode, disconnect the machine from the internet (best to just literally unplug the machine) and then switch the virus protection to manual mode.  And then I'd probably tape over the USB ports on the machine, or use something like L-Com USB Protective Port Covers.  I wish they would make these in bright orange with a little tether (like you see on the maintenance ports on an airplane).  Or if you're in an environment with students or something and have a really important machine, you could use these Kensington USB physical port locks:

(If anyone has experience with these locks, please post a comment.)

In any case, it's a brave new world, with lots of exciting aspects, good and bad.  Let's be careful out there!