Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Photogdave

macrumors regular
Original poster
Dec 20, 2011
155
11
So I just purchased a 2015 MacBook Pro from a computer store and I got a weird vib from the guy selling it to me.
Maybe it’s because I just had my Paypal card compromised this morning but none the less, I felt uneasy. He was salesman and I got the feeling when they said they wiped it and did fresh install of Mojave that they could have installed some software to steal my info when I started setting it up.
So my question is:
1)Was I right to wipe it again and fresh install?
2)If there WAS malicious software on it, did I effectively remove it?
 

Honza1

macrumors 6502a
Nov 30, 2013
937
437
US
So did you wipe it and reinstall? Because that is not clear to me from the above rant.
1. Yes, it is yours, you can wipe and reinstall it as much as you want. Was that even a question?
2. Well, depends on what exactly you did. If you logged in internet recovery mode and wiped the drive, formatting it first, then nearly definitely yes, there is nothing left. But that means you really reformatted the disk leaving nothing behind. Better alternative may be to do all of this from USB installer, which is likely bit faster, but at the same time you need to make the installer... Which is bit more work.

Note: Sometimes people simply reinstall the OS in place - without formatting the drive - which leaves user data (and also any potentially malicious software) intact. I think we do not have to worry about extreme (and extremely unlikely) malware which is suppose to hide in firmware etc. I think those are purely theoretical for Macs in wild for now.
 
  • Like
Reactions: LogicalApex

Photogdave

macrumors regular
Original poster
Dec 20, 2011
155
11
So did you wipe it and reinstall? Because that is not clear to me from the above rant.
1. Yes, it is yours, you can wipe and reinstall it as much as you want. Was that even a question?
2. Well, depends on what exactly you did. If you logged in internet recovery mode and wiped the drive, formatting it first, then nearly definitely yes, there is nothing left. But that means you really reformatted the disk leaving nothing behind. Better alternative may be to do all of this from USB installer, which is likely bit faster, but at the same time you need to make the installer... Which is bit more work.

Note: Sometimes people simply reinstall the OS in place - without formatting the drive - which leaves user data (and also any potentially malicious software) intact. I think we do not have to worry about extreme (and extremely unlikely) malware which is suppose to hide in firmware etc. I think those are purely theoretical for Macs in wild for now.

Not sure what you meant by rant. That was no where near a rant. It was simply a question. Not sure how you took that as a rant.

I thought I was very clear when I asked, “was I right to wipe it and reinstall it?”
To clarify I was asking, did I do the correct thing to avoid a security issue?
But yes, I did use recovery and erased disk first, then fresh install of Mojave. I figured it would be unlikely on a Mac to have such software installed to track and log personal info, but you never know these days.
It’s a new device for me so it was no big deal at this point to start fresh.

But I was also asking if reformatting would remove anything if someone DID try to install such software.
I’ve read that reformatting these SSD doesn’t really erase data, but reformats the drive so that previously allocated areas of the drive can now me used again..
 

Honza1

macrumors 6502a
Nov 30, 2013
937
437
US
Well, the "rant" was meant to express the weird grammar which makes it difficult to understand. Just the “was I right to wipe it and reinstall it?” makes little sense to me. What does "Was I right" mean? - either "was it right for me" or "did I have right to" make sense... Sorry if the "rant" offended you, I just could not understand what you actually did...

No disks are (under regular conditions) rewritten when reformatted. You have to ask software to wipe the disk - overwrite the disk with 0 (or 1) and then wait forever until it writes in each block. Even old spinner disks on reformat just get new file allocation table/whatever they use now and old content is overwritten when space is reused. Same for SSD, but even more complicated to wipe them.

To tell you the truth, your worries are bordering on paranoia - it is highly unlikely you will ever have to worry about this. Chances some salesman would go in troubles installing so persistent virus are very, very small. Unless, of course, you are high value target, in which case you should have your own IT and security ;-)
 
  • Like
Reactions: chabig

Photogdave

macrumors regular
Original poster
Dec 20, 2011
155
11
Well, the "rant" was meant to express the weird grammar which makes it difficult to understand. Just the “was I right to wipe it and reinstall it?” makes little sense to me. What does "Was I right" mean? - either "was it right for me" or "did I have right to" make sense... Sorry if the "rant" offended you, I just could not understand what you actually did...

No disks are (under regular conditions) rewritten when reformatted. You have to ask software to wipe the disk - overwrite the disk with 0 (or 1) and then wait forever until it writes in each block. Even old spinner disks on reformat just get new file allocation table/whatever they use now and old content is overwritten when space is reused. Same for SSD, but even more complicated to wipe them.

To tell you the truth, your worries are bordering on paranoia - it is highly unlikely you will ever have to worry about this. Chances some salesman would go in troubles installing so persistent virus are very, very small. Unless, of course, you are high value target, in which case you should have your own IT and security ;-)

I could just be paranoid. This was a pretty shady computer store. Very small, unkept store. The Macbook was nice. But the people there were not typical big box store salesman. These guys just came across to me as people who have other intentions than just selling a computer. But like I said, maybe it was just me because I did just have a credit card compromised this morning. Just wanted to know if it was normal for a person purchasing a new computer to wipe it and do fresh install regardless of what seller has told them.
 

KoolAid-Drink

macrumors 68000
Sep 18, 2013
1,857
945
USA
I'd do the same thing; wipe and install, even if I was told it was already done so. You just never know.

To help assuage your concerns, I'd also do a Filevault encryption on your laptop, just to be on the 100% safe side.
 

macintoshmac

Suspended
May 13, 2010
6,089
6,994
@Photogdave

1. Wiping and reinstalling can never hurt, so if you need to hear it, yes, you did good.
2. It depends what you did to wipe.

When I want to reinstall, I use a USB installer, and perform a gpt destroy command on the disk using Terminal. This effectively nukes the disk, and I have to then repartition it and reformat it, and then install the OS onto it.

If you did this, you are good to go. Use your computer without worries.

If you only just reinstalled without wiping the disk clean, then there *could* be remnants of malware if there were any to begin with.
 

Photogdave

macrumors regular
Original poster
Dec 20, 2011
155
11
I'd do the same thing; wipe and install, even if I was told it was already done so. You just never know.

To help assuage your concerns, I'd also do a Filevault encryption on your laptop, just to be on the 100% safe side.
Never used FileVault, ill look at that
 

TheEnthusiast

macrumors regular
Aug 22, 2013
166
24
Just as a matter of technicality, factory means completely wiping the drive and using Internet Recovery to install the version of mac OS that shipped with the machine. For a 2015 machine, that would not be Mojave. That would be the first thing I would have done if I had purchased a 2015 machine that came with Mojave, even if it came straight from Apple.
 

Photogdave

macrumors regular
Original poster
Dec 20, 2011
155
11
Just as a matter of technicality, factory means completely wiping the drive and using Internet Recovery to install the version of mac OS that shipped with the machine. For a 2015 machine, that would not be Mojave. That would be the first thing I would have done if I had purchased a 2015 machine that came with Mojave, even if it came straight from Apple.
Thats what I did...except it installed Mojave, which Im fine with.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.