How to ensure the security of a Mac set up by someone else?

Discussion in 'macOS' started by Moof1904, Sep 23, 2005.

  1. Moof1904 macrumors 65816

    Joined:
    May 20, 2004
    #1
    Here's the deal:

    I have a friend who recently got a new mac and asked a friend of a friend to set it up for her because this guy was reputed to be a very computer saavy person. This guy has now turned into a creepy, stalking, freaky guy.

    In light of the creepy, stalking, harassing behavior from the guy that originally installed her Mac, my friend is concerned for the security of her data and privacy.

    I've enabled the firewall, disabled root access, and changed the administrator password. How concerned do I need to be that while installing the computer for the first time he installed some keystroke monitoring utility or some such spyware/malware? (She's on DSL.)

    Before the flames about how secure a Mac is, let me say that I know how secure the Mac is from external attack, but the story changes for any computer platform in which the administrator suddenly becomes suspect.

    Short of using the restore disks and returning the system to factory default and reinstalling all of her apps and reconfiguring her system, how can I be absolutely sure that the original installer has done nothing malicious?

    I've thought about comparing the Activity Monitor on her computer to my two at home that are also running 10.4 and see if any suspicious entires appear there, but the meaning of various entires in the Activity Monitor are not always obvious.

    Any such malware would also appear on the startup items listing, too, right? But could such things be rendered invisible by a savvy user? This person was relatively unmonitored while installing and configuring the computer.

    I want to provide my friend with as much assurance as possible that she never has to worry about this guy's remote attacks. If I have to, I'll restore the drive using the system restore disks, but that's a non-trivial task and if it's overkill, I'd rather not spend all that time sitting at her house feeding disks into her mac.

    Thoughts?
     
  2. belvdr macrumors 601

    Joined:
    Aug 15, 2005
    #2
    With people like that (stalkers), I wouldn't take the chance. I'd reload it from scratch, just to be sure. If you did nothing, and the worst happened, you wouldn't be able to live with that on your mind.
     
  3. mrichmon macrumors 6502a

    Joined:
    Jun 17, 2003
    #3
    The only way to be certain is to do a fresh install. The question is how paranoid are you? Or how much assurance do you want? If the answer is 100% assurance then a fresh install (not an update or system restore) is the only way to be certain.

    Checking the Activity Monitor for processes would help you identify unusual processes, but unless the machines have exactly the same set of software installed (potentially with the same software preferences) then you may identify "suspicious" processes which are just part of some legitimate installed software. Also, checking the Activity Monitor only allows you to see processes that are always running.

    Anything that runs at startup or has been added as a periodic task will not necessarily show up in the Activity Monitor. For example, it would be simple to install a script/program that only runs at startup and simply sends the encrypted passwords and the current ip address somewhere.

    The questions you need to ask yourself are: how much assurance do you want?, realistically how crazy is the guy?, realistically how skilled is he? (As opposed to being a blowhard script-kiddie who sounds knowledgable to a non-expert.)

    If it were me I'd do a fresh install.
     
  4. ShiggyMiyamoto macrumors 6502a

    ShiggyMiyamoto

    Joined:
    Mar 29, 2004
    Location:
    Just outside Boston, MA.
    #4
    Malware? Spyware? Bah. Those don't even exist for the Mac, unless this dude wrote the keylogger so that it actually sends what's logged to him, over her DSL, but I don't think he'd go through that much trouble. If you're that concerned for your friend, yeah. I agree with the ppl here that reccommend you back up her stuff and reinstall, and you set her up the correct way.

    Question: where did she get the computer? If it was from CompUSA or a similar place then I highly suggest you reinstall. They suck how they set stuff up. I'm sure your friend cut contact with this guy after this....
     
  5. Moof1904 thread starter macrumors 65816

    Joined:
    May 20, 2004
    #5
    Yeah, I'm leaning towards reinstalling. Even though the likelihood is quite remote that her machine is compromised, it seems worth a few hours to be certain. This is not only her personal Mac, she and her husband use it for their home-based business, making their communications even more sensitive.

    And yes, she's cut all communication with this person. It's nearing the police/restraining order stage...
     
  6. belvdr macrumors 601

    Joined:
    Aug 15, 2005
    #6
    There are plenty of BSD-based keyloggers that he could have installed while he set it up. And they can run on a Mac. Mac's aren't that rock solid when you have access to the console.
     
  7. ShiggyMiyamoto macrumors 6502a

    ShiggyMiyamoto

    Joined:
    Mar 29, 2004
    Location:
    Just outside Boston, MA.
    #7
    Yeah, but can they collect her data and them send it back to the collector? Also, who says that the dude knows anything about Unix?
     
  8. yg17 macrumors G5

    yg17

    Joined:
    Aug 1, 2004
    Location:
    St. Louis, MO
    #8

    Its possible. Or, he could have written his own software to do whatever he wanted. And you're right, we don't know what his knowledge of Unix is. He could not know a single command, or he could be able to write his own *nix distribution from scratch. It's best to play it safe and reformat and start clean.
     

Share This Page