Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Being safe of paranoid? :D

  • Better safe then sorry!

    Votes: 1 100.0%
  • You are paranoid and crazy!

    Votes: 0 0.0%

  • Total voters
    1

cefey

macrumors newbie
Original poster
May 20, 2010
22
0
Hello,


Last few year I had couple of minor issues with security of my macbook air.
I have firevault installed, antivirus (avast or bitdefender) and firewall on.

I do travel a lot and had someone to look at my mac in couple of shady places (3rd world country, not autosized workshop). Is it possible that they have installed something on my mac, while "fixing" it?

- I had my CC information stolen (but it might in a store or some website got hacked).
- In e-mail attachment folder I found some PDF files created not too long ago. But it´s a "copy" of attachments I sent around 2 years ago. How they got created - I do not know...
- Recently I started learning about applescript and found 3 suspicious workflows, that was supposed (as I understood them) to keep track of all my archives (name of files, make silent copy etc). I panicked and deleted them.. :D
- 5 workflows were in i-cloud that I did not create... I think.


It´s been around 2 years since I had someone twitching on my mac. After last time, I even did I clean install. However, I did copy my mailboxes (whole folder), photos and some other stuff back to new installation.


So my questions are:
- Is it possible to install spyware, that will not be detected by antivirus (if someone have physical access to my mac)?
- Is it possible to create workflow/applescript, that will act like spyware. I assume, then it will not be detected by antivirus neither?
- Is it possible to write workflow/applescript that will keep track of my files (documents, archives, photos, audio, video files, etc?), make a list of all files and/or copy those files and silently e-mail them/upload them somewhere?


Now, second set of questions, assuming then answer is "yes" to any above.
- After clean install, if they were in my e-mail folder and I copy them back. They do start working again?
- Is it possible to hide this kind of script somewhere in my e-mail or icloud, so clean install would not help?
- Is it possible to place something like that in a keychain?



So what I did now:
Another clean install. New icloud account. New e-mail account.
But I still have backup of my older files. I´ll try to be careful with them.


So, am I being paranoid or being safe?


Thank you everyone!
 

Mcmeowmers

macrumors 6502
Jun 1, 2015
427
268
I would have wiped it ages ago!

I believe you could potentially hide a script like that in your email but you'd have to reactivate it on the clean install.

Hiding in keychain? No.

I'd clean install, do all updates, firewall on, don't install flash, only install apps from the AppStore(if you can) - don't install from backups
 

cefey

macrumors newbie
Original poster
May 20, 2010
22
0
I would have wiped it ages ago!

I believe you could potentially hide a script like that in your email but you'd have to reactivate it on the clean install.

Hiding in keychain? No.

I'd clean install, do all updates, firewall on, don't install flash, only install apps from the AppStore(if you can) - don't install from backups

I did clean install, new appleID and new e-mail boxes (checking my old ones from my phone).


This is really scary, to be honest. In theory, if someone is good enough, it´s enough to infect the computer once and that´s it! Clean install, new mac/pc will not help to get rid of it!

I need to install apps outside of AppStore, since most of apps I use is not in AppStore (even Viber, Skype etc).
But I will try to stay away from my old backup and migrate everything manually.


Is it possible to hide scripts in photos/music? So once I open the photo/music file/video file, the script runs and screws me over?
 

cefey

macrumors newbie
Original poster
May 20, 2010
22
0
Is it possible to zero-out HD? I know it was possible earlier, but I can´t find this option anymore, even if I restart through cmd+R.
 

Mcmeowmers

macrumors 6502
Jun 1, 2015
427
268
I think it's in Disk Utility which lost or hid a few options in el capitan. Try searching for some terminal commands. Zeroing is probably not worth the time, especially on ssd.
 

chown33

Moderator
Staff member
Aug 9, 2009
10,996
8,880
A sea of green
https://support.apple.com/en-us/HT201949
Note: With an SSD drive, Secure Erase and Erasing Free Space are not available in Disk Utility. These options are not needed for an SSD drive because a standard erase makes it difficult to recover data from an SSD. For more security, consider turning on FileVault encryption when you start using your SSD drive.​

If you turn on FileVault on the SSD, it will encrypt it, including the free space. Then lose the password, and it's good to go.

You could also make a giant disk image file on the SSD and zero that out.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.