There are several features available in modern BIOS that can be configured to help
prevent malicious attacks on a PC. These include Boot Sector Virus Protection,
BIOS Password, and BIOS Boot Sequence.
Note: To enter the BIOS setup screen restart the PC and watch for a message that
tells you which key to press. e.g. Press [key] to enter setup. You'll need to
press the indicated key while the message is still visible.
Boot Sector Virus Protection
When this feature is enabled it prevents anything from being written to the boot sector.
This protects the boot sector from malware and virus infections. However, if you are
installing an operating system, or upgrading the operating system, this feature should
be disabled until the installation is complete. Also, if the boot sector does get damaged,
having this feature enabled will prevent diagnostic and repair utilities from functioning.
A password can be enabled in the BIOS that prevents unauthorized people from changing the
BIOS settings. You can configure the BIOS to ask for that password every time the system
boots. On a desktop PC it is fairly easy to reset the BIOS password, just open the case
and there's a jumper near the BIOS battery on the motherboard that can be moved to remove
the password. However, a laptop PC is more difficult to take apart and put back together,
making the BIOS password a good way of protecting your laptop from unauthorized use.
BIOS Boot Sequence
If an unauthorized person can boot from a removable drive, such as a floppy disk, CD, CVD,
or USB device, they can use repair and recovery utilities to reconfigure and gain access
to the system. So, in addition to configuring the passwords described above, you should
configure the BIOS boot sequence to boot from the hard disk first.
Be aware that if you configure all the BIOS security features mentioned here you will
not only protect the system from malicious attacks, but if you lose a password or need
to use recovery utilities yourself, you may be unable to gain access to the system.