"
ah, but can you be sure there is no backdoor that scans for some code that resets all your bios settings?
Nope, you also can't be sure your firmware doesn't have backdoors and doesn't patch any kernel loaded to include it...
for clarity, basically I asked if the computer must be turned off for a remote "reprogramming" to happen, and leaving the lan unplugged before the OS is booted and unplugging the lan before the OS is turned off is a reasonable countermeasure.
Doing something remotely would be easier when an OS is running, and EVERY OS that supports networking is vulnerable to this sort of attack.
I also wondered if there could be a "turn off" packet that can be sent which turns your computer off if you left it on running a operating system while you are away from the computer
init 6" on a lot of *nix's
That really is dependent on the OS...
how do you think something like that propagates?
the NIC writes a little barebones alphabet boy OS onto some free hard drive space ?
I wouldn't try to take advantage of netboot to implement any sort of takeover of a desktop computer, it's too visible. The easiest way to propagate any sort of attack is to convince people to run it themselves. This is how the vast majority of malware gets on PCs, and no OS or security setup can protect you from that without making the computer useless.
I CANT BELIEVE THERE IS NO PHYSICAL INTERLOCK!
Why would you need one? Just follow standard practice. Don't run servers you don't need, don't open ports on your networks firewall you aren't using. Keep your BIOS/EFI/all firmwares, OS's and apps updated regularly, at least every time there's a security patch. And never, ever, install anything you don't trust.
The only thing that will keep you setup more secure than following those steps is putting it in a room with no doors, power supply, and network access.