Thanks for taking the time to help.
I am hoping to get some recommendations for free AV software that has very early start-up behavior. I am looking for AV software that inserts itself deep within the OS and is very early to start.
Thanks
ESET AV has a startup scan. Avast has boot time scan (32bit only). I think most AV has the feature of enabling themselves after boot.
Hi there
NO AV software can do BOOT protection since the Boot loader is just that and the initial processes usually come from ROM in the BIOS (READ ONLY MEMORY).
You basically execute 2 instructions to start loading the OS.
Instruction 1 is a fixed instruction at a fixed point in the BIOS. It consists of something like EXECUTE instruction at memory address XXXX and is automatically executed when you power on your machine.
The Instruction at XXXX then consists of a piece of machine code to load a chunk of code in and start executing it - usually from the Bios which is the start of the actual OS loading process. This code will incorporate stuff to read the code from the default boot device etc etc.
This chunk of code contains enough instructions to continue loading device drivers and build the OS.
Thats why its called a BOOTSTRAP.
It's only AFTER the initial fixed part of the kernel has been loaded that the OS can start loading tasks and applications.
The main danger is not the BIOS code but the first block of code that is read in from the boot device. This can only be tampered with AFTER a running OS has got itself infected. However some viruses can infect this area of disk so you should regularly scan your system and be ESPECIALLY careful over what programs and processes you allow to start at Boot up time.
Cheers
jimbo
A few AVs have the ability to start early scanning. Im only familiar with Nortons however.
Norton calls theirs early load. It starts scanning just after filesystem drivers load (while the windows boot screen is still up).
Quote from Symantec:
"If you enable early load, Auto-Protect will start immediately after the filesystem drivers load, this allows Auto-Protect to scan other drivers as they load. The downside to early load is that it makes the boot slower because more files are scanned. Auto-Protect early load will automatically turn on after any threat is found that requires a reboot to remediate. Once the machine again scans clean, the previous setting is restored."
By default, Nortons is off. It is recommended to keep Early Load on always.
Others may be called something different, but will work somewhat similar.
it's possible for a virus to flash your bios, and therefore infect it. However, there is a simple defense against it: create a bios password.
Hi there
By the time the filesystem drivers have loaded the OS kernel is essentially loaded so this is a much TOO late time in the OS start up process to worry about boot protection.
The only safe way is to have the boot process entirely loaded from ROM where you would have to replace the chip to get a software upgrade.
This isn't realistically possible -- but a virus that actually flashes the BIOS is probably VERY RARE indeed. People do write these for testing purposes etc but transmitting to other peoples computers is not really a serious issue.
99% of computer FRAUD etc comes from people BEING CARELESS WITH THEIR DATA such as giving away Bank details to sites that "look like" the Bank site or become victims of "Phishing trips".
These days serious Hackers want to make money -- You'll actually find that poor use of computers is much more to blame than any amount of Virus attacks.
Cheers
jimbo
Quote