2

Edit: Thanks for all the help, found a BIOS version and updated them all and gutman'd them all. everything is working well and nothing has died so all my paranoia paid off... or there was nothing there in the first place and it was a waste of time :D haha but thank you guys for all your help, was a good learning experience at least :)

I have looked around and read a lot of people saying it's difficult to be sage when dealing with a second hand pc. But thought I might give the situation to you guys and see what you guys think is necessary to do.

I have just purchased 3 old school computers ( this is what I am told they are used for and one booted with department of education warnings) so it seems safe so far. I am currently running KillDisk (gutman) on them and then following to install Linux.

One of them is going to be scraps for testing a few old pcs I have that aren't working to see if I can fix them.

One will be for me to learn and practice using a Linux set up.

And the last will be for my sister to use to practice her typing.

Ideally they will join the network for updates and my practicing and also in future for my sister once I know what im doing on Linux.

My only concern is will the network be safe after gutman and Linux install. Honestly I think I'm looking for peace of mind but if there are tips and tricks I use please suggest. Ideally want to get one of them up and running for my sister as soon as possible (this won't need the Internet... yet)

Mostly a bit sceptic due to the price($10 each) but they seemed to just want to get rid of them as they are quite outdated( C2D desktop)

Thanks in advance I look forward to your thoughts and opinions and the occasional tin hat joke :)

Jordan Ryan
  • 23
  • 4
  • 2
    It's very difficult to answer "is this secure?" types of questions without knowing something about what you are trying to protect against. This is known as a *threat model*. From what you do say in the question, it sounds highly unlikely that you would be individually targetted by a determined adversary; even more so one that would go to the trouble of implanting malware on a system and then try to get you to buy that particular system. Thus reformatting and reinstalling *likely* will be sufficient; while more advanced attack vectors exist, they tend to be used more for "interesting" targets. – user Apr 19 '17 at 10:01
  • 1
    secure enough to stop things like key logging and other things that may want to spread over a network. I kinda figured that the wiping and clean install would be enough but as mentioned I feel a bit tin hat paranoid at the moment after reading all the Internets comments on secondhand computers. though if there is anything else you can think of or suggest that may improve this paranoid set-up of a secondhand computer. I read somewhere about taking the mother bored battery out for 48 hours but thought maybe that was probably not required(still tempted though haha) – Jordan Ryan Apr 19 '17 at 10:21
  • Taking the motherboard battery out isn't that bad an idea. If nothing else, it will reset the BIOS to standard settings. Won't help if the BIOS is really compromised but as per my answer, this is really unlikely. – Julian Knight Apr 19 '17 at 11:30

1 Answers1

2

As long as you delete the existing partitions and start from scratch, the risks are very low indeed.

There would only be two realistic risks.

Firstly that some kind of rogue hardware had been attached that could insert code to a rebuilt machine - wildly unlikely!

Secondly that the BIOS had been compromised. This is slightly more realistic a risk but still tiny.

Julian Knight
  • 7,092
  • 17
  • 23
  • If I was to approach the BIOS situation what would be the best way of going about it? – Jordan Ryan Apr 19 '17 at 11:31
  • flashing it to a known vendor-provided version – niilzon Apr 19 '17 at 11:36
  • 1
    Yes, @niilzon is correct. Take the battery out for the required time, take the HDD out and boot from CD/DVD with a known, good image and update the BIOS - that's the safest way. But honestly, the risks are really low anyway, I'd only do it for the learning. – Julian Knight Apr 19 '17 at 11:40
  • I may do it for the learning, that was one of the many goals of these computers, how would I find out the vendor?I had a look in the summary page of BIOS but nothing stood out completely to me I can look again once this is done wiping, but for now if you know exactly what I am looking for that would be awesome. is the battery bit just like resenting a modem for 10-15 seconds but much longer, why so much longer? (no stress on this one. I will google search it around but if you guys know this as well awesome :D :D) also thanks again guys for being so helpful. I love stack exchange people. – Jordan Ryan Apr 19 '17 at 12:20
  • I'm pretty sure you can find the vendor / version in the BIOS menu (can't test here at work!), and usually also before the BIOS pops (so right after ur computer got powered), as in here : http://images.hardwarezone.com/upload/files/2010/02/91ae651810.jpg where the answer is P7P55D from ASUS – niilzon Apr 19 '17 at 12:46
  • You usually need to know the vendors model number and then have to track down their website - given my knowledge of school devices in the UK, I wouldn't hold out that much hope if it isn't obvious. Start with the vendors website anyway (that is the maker name on the PC). – Julian Knight Apr 19 '17 at 12:51
  • Re the length of time without the battery. 30sec is the accepted time to ensure that volatile memory looses its charge completely. When you reset a modem, the modem knows it has been reset and initialises the memory from store, here the volatile memory has nothing to reinitialise it so the only way to fully reset is to leave the power off for a bit. – Julian Knight Apr 19 '17 at 12:54