I'm planning to buy a second hand computer (2012 Mac mini, which is no longer available in stores). Because I'm not sure if there is any malware in the computer so I will perform hard format several times. I think this could prevent malwares to exist in the drive. But I'm not sure if this is enough for ensure the safety because there could be other problem like other have written malicious programs in the firmware etc. Is there any way to ensure a second hand computer is safe to use?
Asked
Active
Viewed 3,423 times
2
-
2What sort of attacker are you trying to defend against? Ordinary malware authors, or three-letter agencies? – Mark Oct 24 '14 at 02:23
-
It seems to be no way to ensure the safety of a used computer any way. – Marcus Thornton Oct 24 '14 at 02:34
-
1@MarcusThornton I don't know if that's true. Indeed if you randomly buy a computer in flea market - the chances that the Lizard People installed hardware bugs on it is less than a fresh computer, since they didn't know you were going to buy specifically that computer. With a sufficiently skeptical version of hardened linux on a portable USB stick; the security risk of the refurbished hardware is reduced anyway. – LateralFractal Oct 24 '14 at 04:01
1 Answers
4
Basically you cannot win against malicious firmware. For anything on the disk, you can boot up a Linux from a CD or USB stick, and proceed to carpet the disk with zeros with a subtle dd if=/dev/zero of=/dev/sda. For firmware, you are out, unless you unsolder all the Flash chips, flash them with code of your own, and solder them back -- not a realistic method, for many reasons.
One way to look at it is the price. You can avoid the issue with malicious firmware (planted by the previous owner) by the simple expedient of buying a brand new machine from Apple instead. It will be more expensive: that's the price of the extra safety. So the question becomes: how much do you value your data ?
(If Apple themselves install malicious firmware then you are doomed anyway.)
Tom Leek
- 168,808
- 28
- 337
- 475