Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Zvi Netiv
June 13, 2005, 10:58 am
rate this thread
The comparison of the current content of the MBR with its backup image is an
archaic procedure that was introduced in the late eighties in order to fight
boot viruses that were the most prevalent infector at that time. A few years
later, BIOS producers introduced the boot sector write-protect feature to their
products, for the same purpose. Both features soon became the standard in both
AV and BIOS, but turned into a nuisance and real pain in the neck, as early as
the mid nineties.
As is often the case with "standards", they remain the norm even though their
justification is gone since long. Take for example the PAL, NTSC and SECAM
standards for color TV broadcasting. They were all conceived for B&W
compatibility - the requirement then was that broadcast in color should
reproduce properly on BW TV sets. The same happened to some early standards in
PCs, like the limitations of BIOS interrupt 13h, for example. The lack of
vision in these cases still hampers progress in their relative areas and we are
still stuck with these standards and patching them time and again.
Unfortunately, things aren't going to change soon (I don't see the silly virus
protection disappear from the BIOS, nor AV producers give up the archaic "boot
inoculation" or whatever they call them). Maybe the programmers that introduced
the silly thing to the BIOS in the first place are all deceased by now and
nobody knows how to take it out, and no AV producer dares removing the
unnecessary "feature", because the competition has it and they fear the clueless
reporter that may write the next AV comparative.
Epilogue: Boot viruses are not a risk anymore and there exist effective (and
free) means to restore the MBR an boot sector from scratch, even if totally
destroyed. OTOH, the MBR backup and compare feature contained in AV products is
to blame for the ruining of countless drives (the Usenet archives are full of
such examples, and we recover tens of disks per year to which access was lost
because of the archaic MBR inoculation nonsense).
Thus, my advice is to disable / stop using boot protection in either the BIOS or
as part of the AV.
NetZ Computing Ltd. ISRAEL www.invircible.com www.ivi.co.il (Hebrew)
InVircible Virus Defense Solutions, ResQ and Data Recovery Utilities