Is my Mac mini off eBay compromised?

Discussion in 'Buying Tips and Advice' started by jesselu10, Dec 19, 2010.

  1. jesselu10 macrumors newbie

    Jun 21, 2007
    Hi there,

    I purchased a Mac mini off eBay a few months ago and just had the time to set it up. It was a good deal - not low enough you can't trust it - but a good deal.

    I'm very concerned about security in general. I was 1Password, I make sure my data is secure, I have multiple backups of my data. All that being said - I may be over-thinking this. But just wanted to get another confirmation of my hypothesis.

    Anyway - when I got the Mac mini there was a fresh install of SL & a username "new owner" was already set up. Good enough - I used Migration Assistant to transfer over my files & account from my MacBook (did the full transfer option). Then, once I confirmed all was good to go, I deleted the "new user" user on my OS X installation.

    I'm curious - since the OS X installation was already set up, is there ANY chance that the original owner of the Mac mini perhaps put a malicious app somewhere that launches at start, under root or something?

    I guess I'm most concerned about either a keylogger or screen sharing that I don't know about. However - my hypothesis is that because the ONLY user on this OS X installation now is mine (with a unique password), there's no way for apps or anything to be run without my knowledge, correct? There's no way for the seller to have implanted something malicious deep within the OS X installation that I'm not aware of?

    Am I being paranoid or have a valid concern? Should I just go about my business or is there something else I could do to protect myself - like change the firmware password or something?

    Thanks so much for all your expertise!!

    - Jesse
  2. GoCubsGo macrumors Nehalem


    Feb 19, 2005
    There is always that chance but chances are the guy restored it but walked through the setup that you'd normally see when you turn it on.

    If I buy 2nd hand I always do a full erase and install myself. It reduces any of these paranoid concerns that I too would wonder about.
  3. FireArse macrumors 6502a

    Oct 29, 2004
    So true. It only take ~45 minutes to give you peace of mind - why wouldn't you do it?


    p.s. There is a way of making a 'used' Mac look new by resetting a flag that plays the intro video on the next boot:
  4. jesselu10 thread starter macrumors newbie

    Jun 21, 2007
    Ok - thanks for the hard truth.

    I'm thinking my plan of action will be to do a SuperDuper exact copy backup, wipe the Mac mini & re-install SL, then use Migration Assistant to get my files back as they were from the SuperDuper backup.

    Worst case scenario - there's malicious app running deep within the system (somehow), there's no way that app could copy itself to my user folder because the user folder is protected by my username/password, correct?

    So if I do that procedure, since Migration Assistant would keep the fresh re-install of OS X, I'm 99.9% secure now, correct?

    Also - my Time Machine, Backblaze setups should just pick back up where they were left off, correct - because they won't notice anything changed once I start back up my Mac mini after the Migration Assistant?

    Thank you,
  5. jesselu10 thread starter macrumors newbie

    Jun 21, 2007
    Just realized all I had to do was pop in the SL DVD & it would just replace the system, keeping my user folder intact.

    Well worth the "trouble"

    - Jesse
  6. tom vilsack macrumors 68000

    tom vilsack

    Nov 20, 2010
    ladner cdn
    how do you know if your user folder was not compromised by the original other owners system folder?

    i would do a complete clean install (erase writing zeros/option) and install
  7. Consultant macrumors G5


    Jun 27, 2007
    I always do a clean install after buying from someone.
  8. NorCalLights macrumors 6502a

    Apr 24, 2006
    The new user folder was created after he got his computer. I don't see any particular need to write zeros... that seems like a bit of overkill to me, but it's certainly not a bad idea.
  9. tom vilsack macrumors 68000

    tom vilsack

    Nov 20, 2010
    ladner cdn
    put me in overkill group then...but i would never trust not doing a complete wipe
  10. Kenndac macrumors 6502


    Jun 28, 2003
    Anything running "deep" in a system will have the ability to access the entire filesystem and do as it pleases.
  11. bizzle macrumors 6502a

    Jun 29, 2008
    Both methods, reinstall and migration from a clone and just reinstalling the OS without erasing would not get rid of potential malicious software.

Share This Page