Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Mac Recovery Partition and Viruses

S

stark4

macrumors 6502
Original poster
Oct 14, 2008
391
1
Florida
Since all MacBooks moved to SSD with recovery partition to reinstall OS X.. How does Apple prevent Viruses get into the recovery partition and destroying or reinfecting the OS X after clean install? I know Mac Viruses are hard to find and it might not even be possible but i'm just wondering.

Thanks
 
There are no Mac viruses in the wild. There are and have been malware which require the user to install or use cracked/pirated software. Apple has not taken any actions on something that not by and large been an issue.

If you practice safe computer habits by knowing what you're installing, not installing from suspicious sites and having a solid backup plan. Then you'll be fine.
 
Is OSX Mavericks Recovery cloud base? i tried to recover my macbook pro using command +R ... the computer then ask for my internet connection first before it load the Recovery. If it is web base then we don't have to worry about viruses since it downloaded the fresh copy of Recovery from apply server only when you need it.
 
Yes, it downloads OS X from the internet. I'm not entirely sure why because I did the same thing a while ago.
 
maflynn said:
Yes, it downloads OS X from the internet. I'm not entirely sure why because I did the same thing a while ago.
Click to expand...

i'm not talking about OS X ... i know OS X download from the internet but i'm talking about Recovery (including disk utility) before we download OS X.
 
stark4 said:
Since all MacBooks moved to SSD with recovery partition to reinstall OS X.. How does Apple prevent Viruses get into the recovery partition and destroying or reinfecting the OS X after clean install? I know Mac Viruses are hard to find and it might not even be possible but i'm just wondering.

Thanks
Click to expand...
To add to what maflynn said, Macs are not immune to malware, but no true viruses exist in the wild that can run on Mac OS X, and there never have been any since it was released over 12 years ago. The only malware in the wild that can affect Mac OS X is a handful of trojans, which can be easily avoided by practicing safe computing (see below). 3rd party antivirus apps are not necessary to keep a Mac malware-free, as long as a user practices safe computing, as described in the following link.
Read the What security steps should I take? section of the Mac Virus/Malware FAQ for tips on practicing safe computing.
 
stark4 said:
i'm not talking about OS X ... i know OS X download from the internet but i'm talking about Recovery (including disk utility) before we download OS X.
Click to expand...

When you select Internet Recovery, it downloads the installer routine for the version of OS X that shipped with your machine. That includes Disk Utility, Terminal, and the GUI for the setup process. Once you partition your drive and start the installation, everything else gets downloaded.
 
stark4 said:
i'm not talking about OS X ... i know OS X download from the internet but i'm talking about Recovery (including disk utility) before we download OS X.
Click to expand...

This works one of two ways. If you have a working hard drive, you will have a hidden 650MB partition on the drive that contains the recovery partition. So when you command-r boot it boots from the 650MB partition, then the tools there allow you to erase the drive if you want and DL the actual OS from Apple's servers.

The second scenario would come into play if you have a new drive with no recovery partition. If you command-r boot in that case the OS firmware will take over the recovery process and ask for your wifi password. After that the firmware will download the same 650MB recovery utility from Apple's servers and start it upon your Mac. From there you can use Disk Util to format the drive and then DL the OS itself and install it.

So two methods... one with recovery on the local disk and the second with no recovery on the disk and it gets downloaded using the system firmware.

I get what you are concerned about though. I suppose in theory it would be possible for someone to intercept your connection to Apple's servers and download a virus to you along with the OS during recovery, but I have not read about anybody being able to crack this process and accomplish that.
 
Unix systems almost always require root privileges to mount unmounted partitions. I'm sure Apple has modified this process to be able to mount USB devices without it, but I would be very surprised if they allowed mounting the recovery partition without having to sudo. This means that malware would need root access to mount it, or would need to guess your admin password.

BSD systems and their deriviatives also include a securelevel feature, which includes a number of security levels. Usually, they go from -1 to 2, with 2 being the most secure and restrictive, often including cutting off all network access and marking all the storage mediums read only, though the details of what each level does vary from OS to OS. Only root can raise the securelevel and even root cannot lower it. This would be used if you suspected an exploit had been successful. You could raise the securelevel to 2 which would prevent writing to any disk, mounted or not. This requires user intervention though and would not happen automatically.
 
Even if, for some reason, you couldn't access the recovery partition properly, you can download and install the recovery software onto a flash drive as I have done.

Then, boot of the flash drive and it will work exactly the same as the version on the SSD partition.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back