Given that this appears to be loaded via internal optical drive, I'm not completely understanding why this is such a threat. Discounting the fact mentioned by many others that if you're physically compromised you're already hosed (they can pull the hard drive, etc.), all BIOS renditions I've ever seen allow you to select which device the machine first uses to boot. So, set it to your hard drive. Machine boots from hard drive, doesn't boot from bad CD/DVD. Password protecting your BIOS access (which many, if not most, offer) prevents malicious user from setting the machine back to CD/DVD boot. Some BIOS flavors allow you to turn off CD/DVD boot all together, even.
End of "problem".
I mean really-- This is so simple I fear I must be missing something about this story... ?
Suggest you just sit there and wait till life gets easier.