There are ways you can get around that. The antiviral firewall I
designed (based on Linux) splits the system into a readonly
filesystem containing the system and important files, and a variable
filesystem that only contains transient files, and which can be wiped
clean if something goes wrong.
Readonly file systems don't, as a general rule, care that much if you
turn off the power while they're in full cry; when I was testing
WebShield, I would regularly do updates by walking up to a machine in
the middle of a full test (load average 70, 100% cpu usage), plugging
in the new CD and boot floppy, then hitting the big red switch.
Occasionally the variable filesystem would get hit below the belt and
would have to be reinitialized, but that's what it was designed for.
(And, in production, if a customer had a EISA Compaq that had fallen
into Swap Heaven, the suggested remedy was to push the big red switch
and clean up after it came back online.)
____
david parsons \bi/ There are ways around almost anything, if you ignore
\/ conventional wisdom.