Boot Stick

One way to protect a desktop is to boot from a CD that makes sure critical parts of your system drive has not been compromised before passing control over to it.  The good news is that most desktops these days can do this.  The bad news is that CDs are read-only which means it can't be updated like anti-virus software does.

An alternative is the upcoming bootable USB drives.  When the computer boots up, BIOS passes control to the Boot Stick, a secure bootable USB drive, which checks the hard drive before passing control to the OS loader on it.  With appropriate BIOS support, USB drive can be updated over the Internet to protect against latest threats.

It's a good story so far, but a big problem with Boot Stick is that the BIOS itself is not secure.  While BIOS updates can be password protected, passwords are too frequently not set (do you know what your BIOS password is?) and, even worse, there are ways to bypass BIOS password.  Once compromised, the BIOS can bypass safety measures on USB drives.

So we are back to square one.