Which feature must be enabled in the BIOS to help prevent malware from corrupting system files?

The feature that should be enabled in the BIOS to help prevent malware from corrupting system files is Secure Boot. Secure Boot is a security standard that ensures that a device boots using only software that is trusted by the manufacturer. When Secure Boot is enabled, it checks the digital signatures of the operating system and pre-boot applications before allowing them to run, which prevents unauthorized or malicious code from loading during the boot process.

By ensuring that only legitimate and verified software executes during startup, Secure Boot helps protect the system from bootkit attacks, where malware infects the system at a very low level before the operating system loads. This level of protection is essential in today's environment where sophisticated types of malware are prevalent.

While the No Execute Bit (also known as NX or XD bit) provides protection by marking certain areas of memory as non-executable (thereby preventing certain types of exploits), Secure Boot is specifically designed to address the issue of malware at the boot level.