If a malware messes the MBR, CTM could lost all the snapshots and the computer should be unbootable.
Recently was discussed some rootkits that could bypass the snapshots technology.
Is there anything in your minds to make CTM stronger against non-authorized changes to MBR?
I’m not telling it’s not an antivirus work. It is.
But detecting zero day rootkits and tons of their variants is not as simple… If it fails and if CTM is protected, you could restore a clean snapshot. That what we want.
Almost any decent antivirus protect against MBR virus. But they would never be 100%.
The first thing that comes to mind is to give CTM the ability to backup and restore MBRs, preferably backing up the original as part of the installation. The backups should be forcibly saved only onto a removable media, like a flash drive.