Securely erasing a 2020 Intel based MBP

callbarney wrote:

Hi guy, I recently purchased a second hand MacBook Pro. It’s a 2020 intel based running Sonoma at the moment.

I’m overly security conscious and would like to ensure there is nothing installed that has any level of tracking etc. The only peace of mind would be doing a secure erase the internal HD (where the SSD is over written with 1s and 0s) however as I’m running an intel based machine I can’t see this option.

Can anyone advise me how to complete this? If it’s not possible what steps can I take to ensure there is no deeper left over tracking solution (I used to have Prey on an old machine. I’m not entirely sure how I would remove that)

thanks in advance

On contemporary Macs with SSD encryption— you do not need or want to "over-write 1s and 0s.

This is needless wear on an SSD.

Your over-write is old school, old technology, old advise— not applicable today

macOS - Security - Apple macOS - Security - Apple

Apple Platform Security - Apple Apple Platform Security - Apple Support

https://support.apple.com/guide/mac-help/protect-data-on-your-mac-with-filevault-mh11785/14.0/mac/14.0

same as here—

What to do before you sell, give away, trade in, or recycle ...

Erase your Mac - Apple Support

Erase your Mac and reset it to factory settings

For your third party app— Prey ref: How to uninstall Prey

The drive controller in an SSD drive with TRIM enabled takes the deleted data blocks, bundles them up into SuperBlocks (randomizing the block numbers in the process) and bulk-erases the SuperBlocks. Your data are GONE within seconds.

There is no need to write over data on an SSD drive. Doing so slightly reduces the useful life of the drive.

--------

Rotating Magnetic drives have fixed block numbers and do not over-write the old data. When you delete data, only the Directory entry is cleared and the block numbers are merely placed on the freelist for re-use. it may be quite some time before the blocks are over-written, leading to the cottage industry of scavenger Utilities, now a complete anachronism.

if you l follow the steps leroydouglas provided in this cited article, there will be no trace of the previous anything left on the drive:

What to do before you sell, give away, trade in, or recycle ...

The reason COMPLETE erasure of absolutely every block is ever being discussed (and its a really obtuse discussion) has to do with drives that may have held Nuclear Secrets.

The drive controller holds a certain number of blocks in reserve, to be used as spares if a Bad Block develops during use. On rotating magnetic drives with fixed block numbers, a few blocks were held this way in each of several zones on the drive, and their size was never figured in the computations of "formatted" drive size. They NEVER held User data unless they were actually substituted permanently into the block number plan of the drive.

SSD drives use dynamic block numbering. Rather than 'hidden' spares, the blocks required for spares are accomplished by "over-provisioning". That means some percentage of all block will be excluded when figuring the total "formatted" drive size. But since block numbering is dynamic, all blocks can (and will) be used, and percolated through slightly smaller drive address space.

When you erase such an SSD drive, it is possible there may be a tiny handful of blocks that still contain some data. After erasure, these blocks are not accessible, and will eventually get re-used as needed. But that is NOT good enough for Nuclear Secrets.

Your other query was about residual malware, "hiding" on the drive. That is nothing to worry about if the drive will be used for a recent version of MacOS

MacOS shares a lot of the lock-down mechanisms developed for the iPhone. Applications are all sand-boxed with a list of the resources they require, and they cannot ask for anything outside their sandbox without crashing. Signed Applications are checked that they are from legitimate Developers, and Notarized Applications are delivered with the assurance that they have NOT been modified since their release by the Developer.

From MacOS 11 Big Sur onward, the system is on a Separate, crypto-locked System Volume, which is not writeable using ordinary means. Any unauthorized changes to the crypto-locked volume are quickly detected and you are alerted.

So you could store just about every malware known to mankind on your Mac, and your Mac would not get infected spontaneously. Scanning for virus-like patterns might make you feel a little better now, but non-stop scanning is outdated nonsense, and a tremendous waste of resources.

Nothing can become Executable Unless/Until you supply your Admin password to "make it so".

At that moment, the candidate to become executable WILL be scanned for virus patterns Apple keeps frequently updated, provided you allow: 

[√]  install system data files and security updates