I'm in the process of getting my Home Assistant environment up and running, and decided to run a test: it turns out that my gaming PC (custom 5800X3D/7900XTX build) uses more power just sitting idle, than both of my storage freezers combined.
Background: In addition to some other things, I bought two "Eightree" brand Zigbee-compatible plugs to see how they fare. One is monitoring the power usage of both freezers on a power strip (don't worry, it's a heavy duty strip meant for this), and the other is measuring the usage of my entire desktop setup (including monitors and the HA server itself, a Lenovo M710q).
After monitoring these for a couple days, I decided that I will shut off my PC unless I'm actively using it. It's not a server, but it does have WOL capability, so if I absolutely need to get into it remotely, it won't be an issue.
Pretty fascinating stuff, and now my wife is completely on board as well; she wants to put a plug on her iMac to see what it draws, as she uses it to hold her cross-stitch files and other things.
Any program on your PC that maintains or frequently initiates outbound connections, other machines on your LAN spreading an infection, literally any Trojan, etc. Double that if you haven’t disabled UPnP on your ISP router which is probably on by default.
If you are afraid of your PC infecting itself by background outbound connections, you should not turn it on at all. Running 24h vs 6h a day barely makes a difference in this regard - yes, there are fewer "random internet noise attacks" in less hours, but if your LAN is that dangerous, the computer should not be on for 5 minutes. Either you trust your LAN enough to have a computer running, or not.
Talking about the sane defaults I mentioned earlier - my router has it off as a default. But if it wasn't, my approach wouldn't be to turn devices off¹ but change the router setting.
¹ I actually do turn off/plane mode all my non-server devices when I'm not using them but not for that reason.
You’re totally right, not turning it on at all would be safer. But we do need to use them so it makes sense to turn it on while in use. Security is only good up to the point of it making your machine unusable. Most of the attacks you see on running computers by happens overnight anyway, or otherwise when your machine is sitting idle not in use. Plus it gives you the opportunity to witness odd behavior if it were to happen while you’re using it.
And no, you should never trust your LAN in the year of our lord 2025. We are well beyond that in the cybersecurity landscape and have been for 10+ years. Zero Trust is the name of the game. If a device is on, and connected to the internet, it’s a target, as are any other devices on that network. Pretend that is not the case at