In Chapter 4 of my book, on page 49, I advise people building computers for show applications to "Disable Automatic Virus Checking" in a section called "Ensuring Maximum Computer Reliability."  I wrote:

If your network is off the internet, and your operators are following good practices, there should be no way for a virus to "infect" your machine in the first place.  Virus checkers often operate in an automatic mode, and you really don't want them deciding that it's a good time to check out your hard disk while in the middle of the most demanding cue of the show.  If you have cause for concern, run a virus checker manually between shows.

Well, that was long, long ago--2007, the world has changed, and so has my opinion on this issue. I now think that you have to either be exceptionally careful, or you should have virus checking software available on your show machines.  What has changed? The widespread usage of the USB flash or "thumb" drive.  

I personally never had a virus on any of my many computers from 1986 through about 2009, when I got "trojan" malware via a USB "thumb drive" used by one of my students. Whatever cracked software or free porn sites our students go to are apparently full of these incredibly virulent, annoying and possibly damaging viruses and other types of malware (worms, etc).  Below is a screen capture from a virus scan on lab machine at school, which we we let the students use for a class project for a few days with outdated virus definitions.  The result? 31 infections in a very short period of time:

If you had stuck your own USB drive into this machine, you would have almost certainly gotten this virus, and I can tell you from personal experience that this can lead to losing access to the data on the drive.  I've had to format a number of these drives, which, fortunately, I generally use only for transport and redundant backup. And I don't feel that bad that I didn't see this coming--in 2008 the defense department got hit by USB drive attacks so badly that they banned the use of all removable media.  They partially lifted that ban this year, but that's something that could change again considering that removable media is reported to be the tool that Bradley Manning allegedly used to copy military secrets (see my Next Hope write up for more details on this complex situation).

Of course, if you can guarantee that you are the only person who ever touches your show machine, and you never need to get new media or cue files off another machine, then you can probably run without any virus protection software. But for everyone else, the reasons that I now recommend some sort of virus projection when using consumer operating systems for show purposes (of course, using dedicated "hardware" systems can alleviate this problem) are:

1. A new threat has emerged in recent years.

2. The amazing utility of USB drives (if properly used and managed) outweighs the risks of trojans and other malware.

3. Computers now have a lot more available horsepower and can run with less interference with show software.

Issues that need further thought (feel free to comment below):

How to get the virus definitions updated? 

To keep virus definitions up to date, you need (typically) to connect your machine to the internet, or manually download and install the virus definitions file (a pain in the butt).  Connecting to the internet is something I generally have recommended against for show machines unless absolutely necessary (see page 50 of my book). But the issues involved in connecting to the internet (firewalls, routers, etc) are something we're going to have to address anyway as we move forward with modern protocols like ACN, so we might as well start addressing them now. (My current favorite way to do this is to have two physical Ethernet adapters in the machine, one on your closed, private show network, and one on the internet.)

Will the virus checker interfere with your show software? 

The best thing to do, of course, is consult your software vendor about this issue, and (as always) test, test and retest. My current recommended strategy on this is to run the virus checking software in automatic mode during tech rehearsals and the cuing period. And then, when you shift over to show running mode, disconnect the machine from the internet (best to just literally unplug the machine) and then switch the virus protection to manual mode.  And then I'd probably tape over the USB ports on the machine, or use something like L-Com USB Protective Port Covers.  I wish they would make these in bright orange with a little tether (like you see on the maintenance ports on an airplane).  Or if you're in an environment with students or something and have a really important machine, you could use these Kensington USB physical port locks:

[image link lost]

(If anyone has experience with these locks, please post a comment.)

In any case, it's a brave new world, with lots of exciting aspects, good and bad.  Let's be careful out there!

Update

on 2010-08-01 20:15 by controlgeek

I came across this post on Breaking Murphy's Law that also addresses this issue; the symptoms they describe (drive turning into a folder and becoming inaccessible) is exactly what I've seen.

Update

on 2010-08-02 11:58 by controlgeek

Be sure and read the comments on this post--they contain a couple good suggestions by industry experts.

Update

on 2010-08-02 16:03 by controlgeek

On the Show Control Mailing List, Kevin Gross posted an excellent point regarding this issue:

What is your opinion about software/OS patches? You generally need to

connect to the internet to get those and an internet connection brings in a

whole other set of risks. How do you figure the risks associated with not

patching compare to the risks associated with an internet connection and

running without virus protection?

This is an excellent question and one for which I guess I no longer have a clear answer.  My general approach to updates has been to update the system before the tech process starts, and then don't update again until after the show run is over.  It seems to me that once something's stable, you want to leave it alone.  I guess that's going to continue to be my strategy for the short run, since I would still disconnect any system I can from the internet in general.   But for the future, who knows...  Thoughts?  Please post a comment here!

Update

on 2010-08-08 13:20 by controlgeek

This post inspired a very interesting discussion on the Show Control Mailing list, which included Scott George of Autograph sound in the UK who details a very interesting approach they use on their show machines: running Windows XP embedded.  You can see the whole thread here.