Frustrated F-Prot users can now take heart. Frisk has developed a new switch, /loaddef, to allow for easier creation of rescue disks without compromising the level of protection.

In order to fully defend against boot sector viruses, users must boot from an emergency rescue disk, also known as booting clean. However, recent additions to the signature database have made the definition file sizes so large they will no longer fit on a single disk. Unfortunately, most scanners look for the definition files in the same location as the scanner itself resides. Obviously, this is problematic. Thankfully, in version 3.08 of Frisk Software's F-PROT, enhancements were made to allow the scanner and the definition files to reside on separate disks from one another.

In older versions of the software, users had to work around this size restriction by removing macro virus scanning capabilites. This workaround involved copying over a dummy file, aptly named nomacro.def, and renaming it, once on the floppy, to macro.def. This effectively fooled the scanner and allowed it to function - minus the macro protection, of course. As macro viruses do not require a "clean" boot from to disinfect, this is not particularly worrisome. However, it does prevent the creation of completely " portable" protection.

Frisk promises to overcome this problem in their latest release, with the addition of a /loaddef switch. According to Frisk, this will allow users to create a bootable rescue disk set with F-Prot.exe and English.tx0 on the first disk and the definition files (including the "real" macro.def) on as many others as is necessary.

Of course, both F-Prot and AVP users can continue to download AVDisk to create rescue disk sets for either of these scanning programs. This utility operates a bit differently, but the end effect is the same - users are able to create a portable disk set with full antivirus scanning capabilities intact.

Don't forget, with each vendors' subsequent update of the signature definition files, the definition files on the rescue disks should be updated as well. This is merely a matter of copying the new definition files over the existing ones, and does not necessitate recreating the disks altogether. The advantage of keeping an up-to-date rescue disk set is that if a boot sector virus should infect your PC, you won't have the added aggravation of trying to get bootable protection to take care of it. In fact, do as one enterprising admin does. Simply tape an envelope to the side of the CPU and keep your updated rescue disks safely contained inside.

Obviously, an ounce of prevention is worth a pound of cure. To better protect against infection from boot sector viruses, system CMOS settings should be adjusted to boot from the local hard drive, C:\, rather than the floppy. Computing and Information Technology provides BIOS setup sequences for some of the more common PC's. If your computer is not listed, contact the manufacturer for specific details.

Finally, don't consider FDisk /mbr as a valid defense when confronted with a boot sector infector. Removing an encrypting virus in such a manner will result in the drive contents becoming totally inacessible. In short, change the boot sequence, keep updated rescue disks on hand, and use this protection to easily rid your system should infection occur.

Previous Articles