Virus on host notebook from external ssd?

nndei

macrumors newbie
Original poster
Jul 10, 2017
17
2
Hello,

I was wondering about getting an external SSD to boot macOS 10.12 from. I mean basically using my MBP as a host that shares all the hardware but the storage with the external SSD.

My question is, if I get a virus on the SSD, will it affect the MPB even when booted on the soldered apple drive?
So if I get a virus on the ssd, while booted on it, will the Mac still be safe if I use it normally, booting on the original internal drive?
Thank you, neri
 

killawat

macrumors 65816
Sep 11, 2014
1,443
2,185
I'll try to answer and skip over a lot of the security bs but just to get to the gist

If the OS running on your external SSD can mount your internal SSD then the files could be modified by anything, virus, accidental deletion etc.

The safest way to protect yourself in this scenario is to FileVault encrypt the internal drive and don't mount it when enumerated by the external SSD install. On 10.12, this is enabled by default, unless the user disables this during initial setup.

The external SSD install could still erase the device but not modify it.
 

nndei

macrumors newbie
Original poster
Jul 10, 2017
17
2
I'll try to answer and skip over a lot of the security bs but just to get to the gist

If the OS running on your external SSD can mount your internal SSD then the files could be modified by anything, virus, accidental deletion etc.

The safest way to protect yourself in this scenario is to FileVault encrypt the internal drive and don't mount it when enumerated by the external SSD install. On 10.12, this is enabled by default, unless the user disables this during initial setup.

The external SSD install could still erase the device but not modify it.
I disabled filevault as I got the MacBook Pro because I felt like it would have limited its performances with programs like CAD or DAWs for music production, does it?
I don't speak English mother-tongue and I didn't really get the part about "don't mount it when enumerated by the external ssd install", does it mean that during the installation process of the OS I get told to do something to link the two SSDs?

And, for the last part, you're saying that the external ssd could still delete everything I have on the internal one, but not modify it's files and therefore cause a mess with a virus?
If so then this is not a big problem as I keep backing files up right?

Thank you!
 

leman

macrumors G3
Oct 14, 2008
9,963
4,550
I disabled filevault as I got the MacBook Pro because I felt like it would have limited its performances with programs like CAD or DAWs for music production, does it?
You'll have to choose whether you want security or performance, can't really have both :) But the performance impact of FileVault is so small, that you most likely won't even notice it.

I don't speak English mother-tongue and I didn't really get the part about "don't mount it when enumerated by the external ssd install", does it mean that during the installation process of the OS I get told to do something to link the two SSDs?
What this means basically is "not enter the password for your internal SSD and don't let it appear as a volume, so that the external OS can't access it at all"
 

nndei

macrumors newbie
Original poster
Jul 10, 2017
17
2
What this means basically is "not enter the password for your internal SSD and don't let it appear as a volume, so that the external OS can't access it at all"
Oh, ok. So when does this thing show up eventually? Because I have never done anything but stuff like clean installs when I have to press alt when booting up and the terminal thing and so on... is there any certain scenario I'm which this thing happens as I get to
1) make the ssd bootable
2) start up on the ssd
3) create an account on the ssd
4) download stuff

Or you mean I just need to create different passwords for the account on the internal and external?
I swear I'm good at my stuff but with this stuff talking to me is like talking to a wall
 

leman

macrumors G3
Oct 14, 2008
9,963
4,550
Well, if you internal SSD were encrypted (FileVault), then when you boot from an external drive, the system would ask you for a decryption password. Thats it. You are right that normally it doesn't show, because no password is needed.
 

nndei

macrumors newbie
Original poster
Jul 10, 2017
17
2
Well, if you internal SSD were encrypted (FileVault), then when you boot from an external drive, the system would ask you for a decryption password. Thats it. You are right that normally it doesn't show, because no password is needed.
Ok so basically at that point I must not give it the password to decrypt the disk right?
But can I boot on the ssd properly anyway?

And also if I activate FileVault now (since it takes some time I can save some time for later) and insert the ssd because I want to check its health, will it ask for a password and remember it afterwards, even if now it is clean with no OS whatsoever on it?
So do I need to activate FileVault once I have checked the ssd's health on the mac and installed the OS on?
Or does it remember it if I use it to create the bootable ssd maybe?
 

leman

macrumors G3
Oct 14, 2008
9,963
4,550
I think you are making it much more confusing than it really is... the situation is really very simple. When you boot from an external drive, the OS on that drive will try to access (mount) your internal disk. If that disk is password protected, yo will be asked for a password. Just don't give the password, and the OS won't have any access to your internal disk.

If you want to attach the external disk while running from the OS installed one the internal drive, its a completely different thing, because its a different instance of the OS!
 

nndei

macrumors newbie
Original poster
Jul 10, 2017
17
2
I think you are making it much more confusing than it really is... the situation is really very simple. When you boot from an external drive, the OS on that drive will try to access (mount) your internal disk. If that disk is password protected, yo will be asked for a password. Just don't give the password, and the OS won't have any access to your internal disk.

If you want to attach the external disk while running from the OS installed one the internal drive, its a completely different thing, because its a different instance of the OS!
Ok I think I got the first part.
Yes I need to check the SSD's health beforehand because I have purchased one marked as "new with broken box" from a guy off eBay that claims it's completely working fine, he's got 100% feedback, lots of stars, and sells a lot of stuff here in my country since 2004 so I kind of believe him, but want to test myself before.
Once I have tested it I will then create the bootable SSD using my Mac ofc…
The SSD will be clean at that point because nothing would be installed on it, but will the procedure of creating the bootable SSD using my MBP create some sort of link between the drives anyway?
that's all the sorcery I'm asking ahah
 

leman

macrumors G3
Oct 14, 2008
9,963
4,550
The SSD will be clean at that point because nothing would be installed on it, but will the procedure of creating the bootable SSD using my MBP create some sort of link between the drives anyway?
No. If you are SUPER-PARANOID, you can also make a bootable USB key with macOS installer and then install from there to the external disk :)
 
  • Like
Reactions: nndei

nndei

macrumors newbie
Original poster
Jul 10, 2017
17
2
No. If you are SUPER-PARANOID, you can also make a bootable USB key with macOS installer and then install from there to the external disk :)
Ahah, that's a little too much. Thank you for your patience you have been very helpful
 

nndei

macrumors newbie
Original poster
Jul 10, 2017
17
2
Hello again, I have managed to install macOS properly and use FileVault on my internal SSD. I was wondering how can I encrypt the bootcamp partition of my internal HD as well? Is there a FileVault kind of option for that? Or do I need to create the Windows partition again starting from the encrypted with FileVault internal HD?