Thread: Unable to create a bootable rescue disk:
View Single Post
  #61  
Old June 13th 15, 12:06 AM posted to microsoft.public.windowsxp.general
Paul
external usenet poster
  
Posts: 18,275
Default Unable to create a bootable rescue disk:
Ken Blake, MVP wrote:
On Fri, 12 Jun 2015 12:41:53 -0400, Paul wrote:

The boot order must be set in the BIOS.

Some PCs are set in this priority order.

Floppy
Optical drive
Hard drive (1 of N)


Yes, but my advice is never to leave it set for the floppy or optical
drive to come before the hard drive. It's OK to temporarily set it for
either of them, but not to leave it that way.

That's because it's always possible to accidentally leave an infected
floppy or CD in the drive, and therefore get infected when you boot.
I've seen that happen more than once.

Not a really useful solution on the Dimension 8200 (RAMBUS era
computer). On the Dimension 8500, you could define a defensive
permanent boot order in the computer (no removable media in the order),
and use the "popup boot" key to vector off to the optical drive at
boot time. So the 8500 is a good candidate for your advice.
On the 8200, you'd end up constantly going into the BIOS to
modify things. Will a person always remember how to do that,
when they're in trouble and need their Macrium CD to boot ?
To make that viable in this case, I would need to:

1) Visit the OPs home.
2) Paste BIOS modification instructions to the
side of the computer, so the instructions cannot get lost.
Along with the password for the router, the password for
the computer accounts, and so on :-) I have such a collection
of passwords sitting near my computer (probably 20 or 30
different "random string" passwords, for commerce).

Your idea is a useful solution for people who "live in their
BIOS setup screen". I don't particularly enjoy messing
around in there over and over again, which is why I
settle for a "useful" setup, rather than a "secure" setup.
On machines with a working popup boot key at POST, I use
that even when I don't need to (even for what I know to be
a static configuration). but on older machines, I make
do with a "useful" BIOS configuration.

If it was a kiosk computer, an Internet Cafe computer, or a
public library computer, then yes, lock it down. Pour epoxy
in the USB connectors, so people cannot infect the computer
with their infected USB keys. But this situation is a home
user, where the highest thread probability is the connection
to the Internet. These machines have already had their share
of adware, delivered from the Internet. And the machines
are armed to the hilt with tools, because of the
recognized threat vector. (The OP knows he has to run
a good AV program.)

Paul
Ads