Mac Recovery Partition and Viruses

Discussion in 'MacBook Pro' started by stark4, Jun 20, 2014.

  1. stark4 macrumors 6502

    Joined:
    Oct 14, 2008
    Location:
    Florida
    #1
    Since all MacBooks moved to SSD with recovery partition to reinstall OS X.. How does Apple prevent Viruses get into the recovery partition and destroying or reinfecting the OS X after clean install? I know Mac Viruses are hard to find and it might not even be possible but i'm just wondering.

    Thanks
     
  2. maflynn Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #2
    There are no Mac viruses in the wild. There are and have been malware which require the user to install or use cracked/pirated software. Apple has not taken any actions on something that not by and large been an issue.

    If you practice safe computer habits by knowing what you're installing, not installing from suspicious sites and having a solid backup plan. Then you'll be fine.
     
  3. simonsi macrumors 601

    simonsi

    Joined:
    Jan 3, 2014
    Location:
    Auckland
    #3
    I'm not sure SSD vs HDD is relevant to the question, both technologies are affected equally (or not).
     
  4. stark4 thread starter macrumors 6502

    Joined:
    Oct 14, 2008
    Location:
    Florida
    #4
    Is OSX Mavericks Recovery cloud base? i tried to recover my macbook pro using command +R ... the computer then ask for my internet connection first before it load the Recovery. If it is web base then we don't have to worry about viruses since it downloaded the fresh copy of Recovery from apply server only when you need it.
     
  5. maflynn Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #5
    Yes, it downloads OS X from the internet. I'm not entirely sure why because I did the same thing a while ago.
     
  6. stark4 thread starter macrumors 6502

    Joined:
    Oct 14, 2008
    Location:
    Florida
    #6
    i'm not talking about OS X ... i know OS X download from the internet but i'm talking about Recovery (including disk utility) before we download OS X.
     
  7. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #7
    To add to what maflynn said, Macs are not immune to malware, but no true viruses exist in the wild that can run on Mac OS X, and there never have been any since it was released over 12 years ago. The only malware in the wild that can affect Mac OS X is a handful of trojans, which can be easily avoided by practicing safe computing (see below). 3rd party antivirus apps are not necessary to keep a Mac malware-free, as long as a user practices safe computing, as described in the following link.
    Read the What security steps should I take? section of the Mac Virus/Malware FAQ for tips on practicing safe computing.
     
  8. saturnotaku macrumors 68000

    Joined:
    Mar 4, 2013
    #8
    When you select Internet Recovery, it downloads the installer routine for the version of OS X that shipped with your machine. That includes Disk Utility, Terminal, and the GUI for the setup process. Once you partition your drive and start the installation, everything else gets downloaded.
     
  9. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #9
    This works one of two ways. If you have a working hard drive, you will have a hidden 650MB partition on the drive that contains the recovery partition. So when you command-r boot it boots from the 650MB partition, then the tools there allow you to erase the drive if you want and DL the actual OS from Apple's servers.

    The second scenario would come into play if you have a new drive with no recovery partition. If you command-r boot in that case the OS firmware will take over the recovery process and ask for your wifi password. After that the firmware will download the same 650MB recovery utility from Apple's servers and start it upon your Mac. From there you can use Disk Util to format the drive and then DL the OS itself and install it.

    So two methods... one with recovery on the local disk and the second with no recovery on the disk and it gets downloaded using the system firmware.

    I get what you are concerned about though. I suppose in theory it would be possible for someone to intercept your connection to Apple's servers and download a virus to you along with the OS during recovery, but I have not read about anybody being able to crack this process and accomplish that.
     
  10. 556fmjoe macrumors 65816

    556fmjoe

    Joined:
    Apr 19, 2014
    #10
    Unix systems almost always require root privileges to mount unmounted partitions. I'm sure Apple has modified this process to be able to mount USB devices without it, but I would be very surprised if they allowed mounting the recovery partition without having to sudo. This means that malware would need root access to mount it, or would need to guess your admin password.

    BSD systems and their deriviatives also include a securelevel feature, which includes a number of security levels. Usually, they go from -1 to 2, with 2 being the most secure and restrictive, often including cutting off all network access and marking all the storage mediums read only, though the details of what each level does vary from OS to OS. Only root can raise the securelevel and even root cannot lower it. This would be used if you suspected an exploit had been successful. You could raise the securelevel to 2 which would prevent writing to any disk, mounted or not. This requires user intervention though and would not happen automatically.
     
  11. p3ntyne macrumors 6502

    p3ntyne

    Joined:
    Jan 10, 2014
    Location:
    Sydney, Australia
    #11
    Even if, for some reason, you couldn't access the recovery partition properly, you can download and install the recovery software onto a flash drive as I have done.

    Then, boot of the flash drive and it will work exactly the same as the version on the SSD partition.
     

Share This Page