Follow The Safe Mac on Twitter to stay advised of the latest Mac security news!
Posted on November 10th, 2012 at 4:18 PM EDT
People sell their computers all the time. Unfortunately for the buyers, this is often done improperly, leaving the buyer with a junk computer that isn’t working properly… sometimes even containing malware! For the seller, such improper preparation is a danger as well, as the buyer may be able to access sensitive data left unknowingly on the machine. Proper security is important to both parties. (As the seller, you may not be terribly concerned about the buyer’s feelings, but keep in mind that the price you get when selling on sites like eBay can depend on how satisfied previous buyers were with you as a seller.) With just a little work, you can clean the machine up, preventing all of these issues, prior to sale.
The first thing you need to do, as the seller, is deauthorize the computer from any systems that only allow you to use a certain number of machines and track which ones you are using. One example is iTunes. If you have purchased music or movies from the iTunes Store, you can play them only on machines that have been authorized by your account. Before selling, you will want to deauthorize the computer. (In the case of iTunes, you can deauthorize all devices, without having access to all of them, then re-authorize the ones you still own. However, you can only do this once per year. It’s easier to just deauthorize in advance, by opening iTunes and choosing Deauthorize This Computer from the Store menu. Other companies may also track which machine their software is installed on and will not allow you to install that software on a new machine without first deauthorizing the old one. You will need to check to see how each such app handles such things. (Fortunately, most do not use such a system.)
Back up your data
Next, you must, of course, make good backups of the data on your computer. One backup will not do… you should have a minimum of two separate backups, on separate physical media. You don’t want to finish this process only to find the hard drive containing your one and only backup has died! For more information on backing up your computer, see my Mac Backup Guide.
Determine what system to install
Once your machine is deauthorized and the data is safe, it’s time to wipe it clean and reinstall a fresh copy of the system. Before you start this process, you need to ask yourself: what system do I want to install? Keep in mind that you do not want to install a system that you are not willing to legally transfer to the new owner or that is linked to you in some way. The general rule of thumb is to reinstall whatever system the machine originally shipped with. For example, if the machine shipped with Snow Leopard (Mac OS X 10.6) and you have upgraded it to Mountain Lion (Mac OS X 10.8), you will want to reinstall Snow Leopard from the original discs the machine came with. The one acceptable exception to this rule is if you are willing to include the newer Mac OS X install disc as part of the sale, which you should only do if you don’t have any other computers using that system. It’s important to understand that this only works with systems that came on physical media. If you have upgraded to Mountain Lion, for example, that system is permanently associated with your Apple ID, and you cannot sell the machine with that system installed.
Erase the hard drive
Once you have decided what system to include, how you proceed depends on the system. If you plan to install Snow Leopard, or any previous system, insert the Mac OS X install disc and restart the computer. Hold down the ‘c’ key as soon as you hear the chime, then let go when you see the Apple logo. The system should eventually boot into the installer, where you first must choose a language. Pick your language, not the buyer’s (unless you know what the buyer’s language is and can read it). Next, choose Disk Utility from the Utilities menu.
If you plan to install either Lion or Mountain Lion (which you should only do if that is the system your machine had on it when it came out of the box), restart the computer and hold command-option-R as soon as you hear the chime. When you see the Apple logo, you can let go. This will start the computer in internet recovery mode, so you will have to have a good internet connection. (Later in the install process, you will need to download about 4 GB of data, so be sure your internet connection can handle that.) Once you have fully booted into recovery mode, open Disk Utility.
Once in Disk Utility, you need to select your hard drive in the list and select the Erase tab. Select “Mac OS Extended (Journaled)” from the Format pop-up and name it something innocuous (like “Macintosh HD”). Next, click the Security Options button. What you see will depend on your system, but there will always be four options: a non-secure erase, one that writes zeros over your entire hard drive and two more that write random data across the entire drive in multiple passes. In Snow Leopard or before, this will take the form of four radio buttons, of which you can choose Don’t Erase Data, Zero Out Data, 7-Pass Erase and 35-Pass Erase. In Lion (Mac OS X 10.7) or later, it will take the form of a slider with four positions, Fastest at the left end and Most Secure at the right. In older systems, 35-pass erases are just frankly ridiculous, and don’t really do any better than a 7-pass erase; do not use that option. On newer systems, the last two positions on the slider are 3-pass and 7-pass erases. The more passes you use, the safer you are, but you shouldn’t need more than a zero erase unless you’re trying to hide important government or industry secrets that may be worth a lot of money to access. Select the appropriate secure erase for your needs, then click the Erase button. And go read a book or something, as it’ll be a while.
Why bother with a secure erase? Because the buyer can use file recovery software to find any files that may still be on the drive somewhere, and some of those files may contain important data. See Recovering deleted files for more information about this.
One important thing to note is that all this is irrelevant if your computer has a solid-state drive (SSD). Such drives have load-balancing firmware, as flash storage wears out with use. The firmware tries to ensure that all areas of storage are used equally, so that particular areas don’t wear out prematurely. Unfortunately, this means that an SSD cannot be securely erased. When Disk Utility tries to write data over the entire drive, the SSD’s firmware will write that data where it chooses, and that may mean that some portions of the SSD remain unerased, and thus may contain recoverable data. If you have sensitive information on an SSD, you should probably replace the SSD with a new one before selling, or simply not sell the computer.
Install the system
Once the erase is finished, quit Disk Utility and proceed with reinstalling the system. Eventually, the system will get to a point where the Setup Assistant will open, allowing you to set up the new system. At this point, quit Setup Assistant and shut down the computer. This way, when the buyer turns on the computer for the first time, it will act like a new machine, and will allow them to go through the setup process themselves.
Pack the box
Finally, keep in mind that you need to include any physical Mac OS X install discs in the box when you ship it to the buyer. You should always include the two gray discs that came with the machine. This is important, even if you are also including a newer install disc, because the second gray disc contains the copies of the iLife apps that came with the machine. If the buyer wants those apps, he or she will have to purchase them separately if you don’t include this disc. If you can’t find both of those discs, do the right thing for the buyer: contact Apple and order replacement copies, which will only cost a small shipping & handling fee. Remember, the happier you make the buyer when selling through sites like eBay, the easier future sales are likely to be!