Windows has, for many years, come with a special mode you can load at boot called Safe Mode. The idea is that non-essential services and software don't load in safe mode and so it can be useful in diagnosing system problems.
You might assume that it can be useful in fixing malware infections and you'd be right, but not in all cases. As McAfee's Avert Labs points out in a blog entry, it's possible for malware to set itself up to load even in Safe Mode.
The software and services designated to run in Safe Mode are listed in these registry keys:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network
McAfee says that malware can set itself through these keys to load at boot time even in a safe boot. They don't list any specific malware which does this.
What can you do to protect yourself? McAfee refers to their "safe surfing" guidelines. I would also say that this is another good reason to run with least privilege access, meaning that you should run normally as a standard user, and that this is most effectively done on Windows Vista.
When Safe Mode Isn't So Safe
Subscribe to:
Post Comments (Atom)
![](http://www.co.cc/img/affiliates/cocc_117px_1.gif" border=0 alt="CO.CC:Free Domain)
0 comments:
Post a Comment