In contrast, you can also build your own bootable toolkit based on a mOS such as Bart, WinPE or Linux. I'm still using Bart PE Builder, having yet to successfully build a WinBuilder project.
There are some decisions you have to make, when planning a mOS or "rescue CD". Aside from which mOS to use, you have to decide whether to update the scanners before the build, or do so from the stricken system after booting the mOS and going online.
I don't like being online with a mOS, because the mOS may be harder to keep updated and patched, may be too "light" for proper firewall, etc. This is particularly true with Bart PE Builder, which uses an XP SP baseline and has no firewall.
In contrast, WinPE 2.0 and 3.0 are based on Vista and Windows 7 code bases respectively, and do include a firwall. However, I find fewer tools will run from these, and the process of integrating such tools is less familiar (and may be harder) than Bart's .inf-based plug-in design.
Registry access is another issue, and one where Bart plus Paraglider's RunScanner plug-in excel. These allow a Win2000 or XP set of inactive hard drive registry hives to be referenced as if they were in effect, redirecting tools such as HiJackThis, Regedit, Nirsoft etc. accordingly. Alas, as yet no joy with Vista/7 registry redirection, and I expect this to be far trickier and riskier from Linux.
Some scanners will automatically "fix" issues that would prevent an OS from booting, such as a bad userinit filespec. The trouble is, if these "work" from a mOS boot, the file paths will usually start from the wrong drive letter and thus the "fix" will smash bootability!
This is a specific consequence of working from a mOS; the "real" OS is asleep and can't defend itself. That's great, because you can whack deeply-integrated malware, but also means you can lose normally-protected files and generally break bootability.
Well... you wanted a chainsaw, and that's what chainsaws do
