Hello,
As the title suggests, does erasing the hard drive + reinstalling OS from cmd+r on start up wipe out all viruses/keyloggers/exploirs/malware etc?
Feel free to ask any questions to better help my query and I will respond asap.
Thank you
macOS Sierra (10.12.6), Since updated further.
Fitaap05 wrote:
None of the above... just your average guy with anxiety
Wipe the disk, reinstall, you'll be just fine, then set up two-factor authentication on everything you can, use a password manager, don't download anything you didn't go searching for, disable Office document macros, disable the automatically-open-safe-files setting in Safari, upgrade to current software versions, be skeptical about all mail links and mail attachments and particularly from folks you trust, encrypt everything, choose longer passwords, remove Flash and Java Web Start, etc.
All that is standard and typical advice, too. Yes, Flash has been deprecated for a while and Java Web Start is finally gone with Java 11, but there are still older installations of both around.
Quite unfortunately, what we're dealing with now is past what any of us can reasonably cope with and there've been spoofing efforts that have fooled very competent folks. Everybody is eventually going to get fooled, too. Mistakes happen. We all get tired and hungry and distracted, on occasion.
Plan for it.
So... have backups and preferably have some of those backups rotated off-site and have some depth to your backups, as the backups are your recovery path. Backups are the recovery path for other data-adverse cases, too. Encrypted too, and particularly if copies are going off-site.
FWIW... macOS does have a more advanced and much more complex replacement for the functions provided by BIOS, and that replacement is known as EFI, and there is security research going into EFI, and there've been issues found with EFI. And there've been macro malware and other malware efforts targeting macOS users, and there'll likely be more. Apple added EFI validity checks a while back—ponder why they added that, too—though EFI is not the only place that a software or hardware implant or an exploit can be located within a computer. Apple is doing a pretty good job of hardening Mac security with these EFI checks, System Integrity Protection, encryption, and the T2 hardware. But folks will still find and other folks will still pay for exploits. There are folks actively looking for and finding exploits within the add-on anti-malware tools, too. Most of us will never be the subject of any of these or similarly-expensive exploits, though.
Fitaap05 wrote:
None of the above... just your average guy with anxiety
Wipe the disk, reinstall, you'll be just fine, then set up two-factor authentication on everything you can, use a password manager, don't download anything you didn't go searching for, disable Office document macros, disable the automatically-open-safe-files setting in Safari, upgrade to current software versions, be skeptical about all mail links and mail attachments and particularly from folks you trust, encrypt everything, choose longer passwords, remove Flash and Java Web Start, etc.
All that is standard and typical advice, too. Yes, Flash has been deprecated for a while and Java Web Start is finally gone with Java 11, but there are still older installations of both around.
Quite unfortunately, what we're dealing with now is past what any of us can reasonably cope with and there've been spoofing efforts that have fooled very competent folks. Everybody is eventually going to get fooled, too. Mistakes happen. We all get tired and hungry and distracted, on occasion.
Plan for it.
So... have backups and preferably have some of those backups rotated off-site and have some depth to your backups, as the backups are your recovery path. Backups are the recovery path for other data-adverse cases, too. Encrypted too, and particularly if copies are going off-site.
FWIW... macOS does have a more advanced and much more complex replacement for the functions provided by BIOS, and that replacement is known as EFI, and there is security research going into EFI, and there've been issues found with EFI. And there've been macro malware and other malware efforts targeting macOS users, and there'll likely be more. Apple added EFI validity checks a while back—ponder why they added that, too—though EFI is not the only place that a software or hardware implant or an exploit can be located within a computer. Apple is doing a pretty good job of hardening Mac security with these EFI checks, System Integrity Protection, encryption, and the T2 hardware. But folks will still find and other folks will still pay for exploits. There are folks actively looking for and finding exploits within the add-on anti-malware tools, too. Most of us will never be the subject of any of these or similarly-expensive exploits, though.
As Danny says, yes it does. But if you then migrate from a backup you may reintroduce the malware. Best to just copy your own files back and leave the rest alone.
Yes, absolutely. When you boot into recovery, use disk utility to format the drive (to APFS assumably, which OS are you on?), and then proceed to install the OS onto your formatted drive.
There no viruses that affect Mac OS and there is no bios on Mac OS. It's possible you may have some other form of malware. If you want to check download and run Malwarebytes. Malwarebytes was developed by one of our own colleagues here in ASC and is about the most proven anti-malware software for Mac.
Ah - if it helps, I wiped it because I was logged on (I'm the admin of this computer) and this guy showed me something on python (but I can't read code) so he opened terminal and wrote some code into it and I didn't know what it was.
I was afraid it was some key logger or something he could see my screen, personal info like passwords etc...
so based on the addition information - what do you think?
I'm on Mojave now
I just read online about bios virus that are hard to delete etc but it seemed windows related, so yeah just wondering really...?
None of the above... just your average guy with anxiety
You don't have a bios virus-- trust me. There are occasionally exploits but that doesn't come from things on the Internet. If you wipe your drive, you will; start out fresh. There is nothing better than a fresh reinstall😁
What's your exposure? Are you a journalist, political dissident, or have access to sensitive governmental or health or financial data, or have access to someone else that does, or otherwise someone of interest to a persistent or well-funded adversary?
Or are you an end-user who's not wealthy and not well-connected and not holding access to classified or military data, and not otherwise causing problems for somebody far richer than you?
Have untrusted folks had unrestricted physical access to your computer or to your network or network-connected devices? Compromised network-attached printers can provide network beachheads, and can make surprisingly effective network probes, for instance.
Most folks just aren't worth the effort and the costs and the risks of mounting a sophisticated attack. Are you?
Does erasing the hard drive (SSD) + reinstalling OS from CMD + R on start up wipe out all viruses/keyloggers/exploirs/malware etc?
