14) How do I know I have a clean boot disk?
Description
This article is from the Computer viruses FAQ, by David Harley D.Harley@icrf.icnet.uk, George Wenzel gwenzel@telusplanet.net and Bruce Burrell bpb@umich.edu with numerous contributions by others.
14) How do I know I have a clean boot disk?
You can't usually make up a clean boot disk on a system which has been
booted from an infected floppy or hard disk. So how do you know you're
booting clean? Actually, you can never be 100% sure. If you buy a PC
with the system already installed, you can't be sure the supplier
didn't format it with an infected disk. If you get a set of system
disks, can you assume that Microsoft or the disk duplicator
didn't somehow release a contaminated disk image? (Yes, something rather
like this has indeed happened...) However, you can be better than 99%
sure.
* If you have (and use) a reputable, up-to-date virus scanner, it will
almost invariably detect a known virus in memory (scanners can't be
relied on to detect an unknown virus, in memory or not). If a good
scanner doesn't ring an alarm bell, you've *almost* certainly booted
clean. What constitutes a good scanner is another question, however.
* If you have a set of original system disks which you received
shrinkwrapped *and* which you've never used *or* which have only been
used write-protected, you can probably use Disk 1 as a boot disk and
it *probably* isn't infected - after all, Microsoft doesn't use MSAV
for jobs like this..... It has been reported, though, that DOS
systems disks have been distributed infected, and the fact that
they're often distributed write-enabled doesn't inspire confidence.
* You could always contact the supplier of your most-trusted anti-virus
utility and ask whether you can send them a boot floppy to check. Of
course, even anti-virus gurus sometimes make mistakes, but a boot
disk verified in this way would still be worth paying for,
especially for organizations with mission-critical systems.
Continue to:
My Books
