Malware is software that the owner/user of a computer system does not install himself. Frequently, malware is installed on a system without the user's knowledge. Left unchecked, malware can damage the system, e.g., by deleting or corrupting files. Moreover, malware may attempt to steal personal information about the user.
Typically, malware enters a computer system via the Internet, e.g., through a network interface device. However, it can also enter a system via an infected universal serial bus (USB) drive, via social engineering (i.e., phishing attacks), and various other mechanisms.
Upon entering a computer system, malware attempts to become “resident” by writing a copy of itself to persistent secondary storage, e.g., a hard disk drive. Once resident, the malware will remain on the computer system until it is found and deleted. However, becoming persistent does not guarantee that malware will be activated or loaded if the computer system is rebooted. To ensure boot time activation, malware may attempt to insert itself into the startup or boot sequence of the computer system. If this is successfully accomplished, the malware will reactivate every time the computer is switched on, and can survive reboots and/or power cycles.
One way that malware can “hook” into the boot sequence of a computer system is to modify or attach itself to important operating system (OS) executable files that are always loaded and activated during the OS boot process. Alternatively, malware can modify system configuration files that control boot processes by listing itself as a legitimate system file that is to be loaded at boot time. In either case, malware modifies or touches system files that typically should not be changed. Preventing malware from being able to modify critical system files would in effect prevent malware from being able to modify and insert itself into the system boot process.