Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

hburke

macrumors newbie
Original poster
Aug 15, 2014
7
0
I am an IT director at a small Ace Hardware store located in a small town in Pennsylvania. We use Boot Camp to run Windows on Macs. We do not use Mac OS X, in fact I only install Windows When we get them. as Mac OS X is Completely open to prying eyes and a huge security risk. Apple's early EFI implementation was only compatible with EFI 1.1X and Apple has no intention of updating this firmware. Windows 8's UEFI implementation requires UEFI 2.X making them already incompatible, as well as apple's EFI not being able to load 64-Bit .efi files. We are planning on upgrading to Windows 8.1 Enterprise 64-Bit as all of our computers are capable of running this as they all have Core 2 Duo or better processors.

We have Many iMacs, a few Mac minis and a MacBook used to solve problems on the go Most of which suffer from the problem of being old ( Apple only officially supports 10.7 Lion on these Devices ) We Have newer Completely Uni-body iMacs that are capable of UEFI 2.x and work just fine with windows 8's UEFI implementation.

How possible would it be to flash a modded Firmware to one of these devices that would support UEFI 2.x? Most bios modding tools are able to dump it and read the modules contained inside it.
 

yjchua95

macrumors 604
Apr 23, 2011
6,725
233
GVA, KUL, MEL (current), ZQN
I am an IT director at a small Ace Hardware store located in a small town in Pennsylvania. We use Boot Camp to run Windows on Macs. We do not use Mac OS X, in fact I only install Windows When we get them. as Mac OS X is Completely open to prying eyes and a huge security risk. Apple's early EFI implementation was only compatible with EFI 1.1X and Apple has no intention of updating this firmware. Windows 8's UEFI implementation requires UEFI 2.X making them already incompatible, as well as apple's EFI not being able to load 64-Bit .efi files. We are planning on upgrading to Windows 8.1 Enterprise 64-Bit as all of our computers are capable of running this as they all have Core 2 Duo or better processors.

We have Many iMacs, a few Mac minis and a MacBook used to solve problems on the go Most of which suffer from the problem of being old ( Apple only officially supports 10.7 Lion on these Devices ) We Have newer Completely Uni-body iMacs that are capable of UEFI 2.x and work just fine with windows 8's UEFI implementation.

How possible would it be to flash a modded Firmware to one of these devices that would support UEFI 2.x? Most bios modding tools are able to dump it and read the modules contained inside it.

I'm interested to know how OS X is completely open to prying eyes and a huge security risk. I'm sure the rest of the forum would like to know this too.
 

hburke

macrumors newbie
Original poster
Aug 15, 2014
7
0
You can easily boot into Single User mode by pressing Command S and create a new user from there with full administrative privileges and that has no restrictions. With Windows you can encrypt it with BitLocker to prevent the use of CDs like NT Password Viewer. you can boot into single user mode whether or not you have FileVault enabled.

----------

Here's a link...
http://www.hackmac.org/tutorials/how-to-create-a-new-administrator-account/
 

chrfr

macrumors G5
Jul 11, 2009
13,492
6,981
Enabling a firmware password makes unauthorized use of single user mode impossible, though if your computers are old enough it's possible to get around the firmware password without much difficulty. Further, with FileVault enabled, even in single user mode, there's no way to access the data on the disk and thus, no way to create a user. Without the password to unlock the disk, the computer will not even boot, into single user mode, or anything else, on the encrypted disk.

----------

How possible would it be to flash a modded Firmware to one of these devices that would support UEFI 2.x? Most bios modding tools are able to dump it and read the modules contained inside it.

There's no newer firmware for these Macs than what Apple offers, and no way to get a custom firmware on them.
 

hburke

macrumors newbie
Original poster
Aug 15, 2014
7
0
On Snow Leopard and below FileVault only encrypts the Users folder, I have no interest in bying 10.7 lion as these macs can't run anything higher for the most part. as well as the added benefit of being able to use the whole disk, as most Macs of this era only have 80-160 GB hard drives
 

chrfr

macrumors G5
Jul 11, 2009
13,492
6,981
On Snow Leopard and below FileVault only encrypts the Users folder, I have no interest in bying 10.7 lion as these macs can't run anything higher for the most part. as well as the added benefit of being able to use the whole disk, as most Macs of this era only have 80-160 GB hard drives

In that case, you're out of luck.
 

hburke

macrumors newbie
Original poster
Aug 15, 2014
7
0
Bios Modding tools recognize the firmware as EFI/Insyde bios and are usually able to read modules from it as well as inject modules into the rom. I have macs to burn and time to waste.
 

chrfr

macrumors G5
Jul 11, 2009
13,492
6,981
Bios Modding tools recognize the firmware as EFI/Insyde bios and are usually able to read modules from it as well as inject modules into the rom. I have macs to burn and time to waste.

It doesn't matter, there's no BIOS in a Mac. You won't be able to create UEFI 2.x on your own.
 

hburke

macrumors newbie
Original poster
Aug 15, 2014
7
0
If this isn't a bios than i don't know what it is. wouldn't it be possible to remove the EFI module and put in a new one from a compliant PC.
 

Attachments

  • Untitled.png
    Untitled.png
    42.9 KB · Views: 270
  • Untitled2.png
    Untitled2.png
    111.9 KB · Views: 236
  • AppleInc.-MB21.88Z.00A5.B07.0706270922.zip
    1.1 MB · Views: 87

chrfr

macrumors G5
Jul 11, 2009
13,492
6,981
If this isn't a bios than i don't know what it is. wouldn't it be possible to remove the EFI module and put in a new one from a compliant PC.

EFI/firmware is specific to a given device; if the hardware differs, the firmware isn't interchangeable.
 

yjchua95

macrumors 604
Apr 23, 2011
6,725
233
GVA, KUL, MEL (current), ZQN
You can easily boot into Single User mode by pressing Command S and create a new user from there with full administrative privileges and that has no restrictions. With Windows you can encrypt it with BitLocker to prevent the use of CDs like NT Password Viewer. you can boot into single user mode whether or not you have FileVault enabled.

----------

Here's a link...
http://www.hackmac.org/tutorials/how-to-create-a-new-administrator-account/

Some so-called IT 'expert' you are...

Booting into Cmd+S can be easily disabled by setting an EFI firmware password. This means that you cannot change the startup disk at boot time, or boot into recovery or single user, unless the EFI password is supplied while holding down Cmd+S, Cmd+R or Alt/Option.

----------

If this isn't a bios than i don't know what it is. wouldn't it be possible to remove the EFI module and put in a new one from a compliant PC.

The EFI is hard-wired into the hardware, and not removable or modifiable. You can mod the boot manager, but not the EFI itself.

Besides, Apple uses its own proprietary version of EFI (which is different from the UEFI that Windows PCs user).
 

hburke

macrumors newbie
Original poster
Aug 15, 2014
7
0
I would set a firmware password if i could even boot into the Mac OS X DVD, due to apple's extremely high failure rate of optical drives and general inability to boot from USB flash drives. And OS X is completely irrelevant as we use all Windows based computers.
 

yjchua95

macrumors 604
Apr 23, 2011
6,725
233
GVA, KUL, MEL (current), ZQN
I would set a firmware password if i could even boot into the Mac OS X DVD, due to apple's extremely high failure rate of optical drives and general inability to boot from USB flash drives. And OS X is completely irrelevant as we use all Windows based computers.

Then the Macs you're using must be really ancient.

I've booted from USB drives all the time and they work flawlessly.
 

hburke

macrumors newbie
Original poster
Aug 15, 2014
7
0
Maybe ancient in your terms but still useful in my terms. Macs of the early Intel variety (2006-07) which makes up a majority of what I have to deal with tend to have problems booting from USB Devices where it flat-out refuses to boot altogether from MBR flash drives and UEFI for Windows and gives me the crossed out circle when I try to boot Mac OS X. Until I realized I don't need OS X on the drive at all and that I can Install Windows from the network through PLOP boot manager, completely bypassing the optical drive.

I have laptops from 2003 that can boot from USB properly...
 

scaredpoet

macrumors 604
Apr 6, 2007
6,627
342
Maybe ancient in your terms but still useful in my terms.

1. You've asserted (incorrectly, but there's no point in arguing) that OS X and Macs are insecure,

2. You've also made the assertion that the equipment failure rate is high.

It's probably a waste of time and space debating these points with you, but given the above, common sense would indicate that you're getting into more "trouble" with these Macs than they're worth. Sell them to someone who knows what to do with them, and use the proceeds to buy equivalent Dell/HP/Custom Windows PC hardware. I'm sure you'll find some willing "schmuck" who will pay a premium to get those Macs off your hands, and equivalent PC hardware will be cheap and plentiful by comparison.

You'll be able to do what you want with such hardware without having to jump through a bunch of hoops to get Windows installed they you want on them, only to find out you can't do what you really want to do anyway.

P.S. Windows has an undocumented method for gaining access to the admin account, and creating new accounts when a password is unknown or forgotten, too. They just don't call it "single user mode."
 
Last edited:
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.