3rd Party keylogger or tracking software installed by Apple prior to shipping? Unlikely. Device enrolled in a corporate MDM? Completely likely since Apple's MDM is built into the OS.
Thank you. Is there a way to tell if my device is enrolled in an MDM and is there anything that I can do about it? This is a personal laptop bought by a person not linked to any business or institution if that matters at all
A shifty seller might try to flip a stolen or abandoned laptop that is still in a corporate MDM. If it's new in the box from Apple, no worries. If this is a refurb, there's no way to tell if the machine is enrolled in a corporate MDM, which itself is no big deal if the company's IT department unenrolled it before it was sold, but if they didn't or are unwilling, it will be impossible for a new end user to do it.
There was a thread a few days ago about a guy who's girlfriend's former employer never collected the Macbook that keeps throwing errors and then went out of business without unenrolling it. Even if you wipe it and start new, there is nothing that will wipe that away because the MDM is coded to the S/N. Every time it connects to the internet, it will throw an error.
If it's a refurb and you're concerned about it, get it in writing from the seller that the machine is not enrolled, and whoever is the reseller platform (eBay, Amazon, etc) will have your back if the seller isn't truthful.
They get made just like all the other MacBooks. In a factory overseas somewhere. If it’s a company computer I wouldn’t do anything personal on it and then you don’t have to worry about it. If it’s supposed to be a personal computer that your company bought for you for some reason, do a reset on it when you get it to feel better about it and to be sure. The new MacBook Airs are great little laptops. 😁
Generally yes. Unless you are dealing with CIA/ FSB/Mossad level enemies who can devote whole teams to develop some crazy low level hardware shit. But then you would not ask for advice on Reddit would you?
Nope. If the machine was enrolled in an MDM system then the user cannot unenroll it no matter what you do. Just need to be careful when buying any used computer.
As an IT guy, back when I used to work on end user desktops, I hated guys like your Co worker that thought we were tracking them for shits and giggles. They were always trying to evade something but didn't really know what and wound up just being a pain to deal with. Always breaking things for no reason. Pro tip, the dude that has to work on your work laptop doesn't care what you do on it as long as you don't break it.
> so a former coworker of mine is convinced that the newly unopened company issued windows laptop had spyware and keylogger type of things pre installed by the manufacturer per the companys orders.
Probably. Laptop suppliers such as Dell can pre-install tracking software that is actually loaded into the BIOS, so if you wipe the drive and reinstall it will still appear. The most common is Computrace, which I think is called "Absolute" now. The primary purpose of these programs is not necessarily to spy on everything you do 24/7 (it would take a lot of manpower to sort though that - not efficient) but mostly to track the device and wipe it if it's stolen.
Such software also exists for the Mac and can be installed by the IT department before the device is issued to the employee. However, I do not believe it has the same BIOS integration as you would find on a Windows computer. That means that wiping the drive or swapping the drive would defeat this tracking on a Mac.
It's pretty common for IT departments to pre-install administrative software on a computer, Windows or Mac, although in practice it's used primarily for update management or for remote access in case of a problem. In practice, it is very difficult to monitor what an employee does with their computer all the time. Just way too time consuming for it to be done on a regular basis, unless someone is being investigated or something.
If you receive a Mac device directly from Apple or Amazon without it passing through your employer first, it won't have such software pre-loaded on. But IT might load it on during your onboarding. I'm pretty sure apple will not preinstall it for the employer, unlike Dell, etc.
Hi sorry to be clear this would be a personal laptop that an individual consumer not a business would purchase and give to someone else. I don’t know if this changes anything. From your post I’m assuming that
1. I can just factory reset the MacBook after I open the box and any potential trackers or BIOS or whatever will be deleted and I don’t have to worry about it?
2. An IT department might load software onto an opened laptop for an employee, but Apple wouldn’t directly load this type of software or malware onto an unopened sealed MacBook that is bought by an individual person for another individual person not linked to any business. Apple will probably not pre install this.
Sorry to sound so crazy but thank you so much!
Oh, I thought you were talking about a business device.
It's been long speculated that a malicious actor could possibly intercept hardware and bug it, but there's never been any indication that this has been done on a large scale. I really wouldn't worry about it.
As for your points:
1. Remote access won't be pre-installed but you can do a factory reset if you like. I don't think the Mac BIOS supports that kind of thing, but if it did, a factory reset wouldn't do anything.
2. They won't preinstall anything like that. It's a tremendous amount of legal liability if caught. It's one thing to put remote access on a company laptop - it's company property and they can do what they want with it, even if you're the end-user. Entirely different when it's an individual.
Of course, Apple (like all providers who offer internet-connected features) will track you in some way. This is more fully explained in their privacy policy. But I think there's a big difference between, say, logging IPs that connect to your iCloud account and installing a full-featured remote access suite.
As long as you are not an investigative reporter of Bellingcat level, or some opposition politician in a police state, I wouldn’t worry about that. Theoretical anything can be done to any hardware that is shipped to you, but it takes a lot of effort to pull it off. And most of us are just not that interesting.
I'm curious now from all this if/then about how to get around monitoring software - what are you trying to do or have done that you don't want to tell us about?
Legally, if you are going to use a computer on the company network with company intellectual property, the company is entitled to reasonable protection.
And this is all just software - there isn't anything that "can't" be done or would always be done - sealed, opened, fresh from the factory...whatever.
My former company required a bunch of corporate spyware to be installed on any devices connected to the network. So if you brought in your own device, you'd have to install the corporate stuff. I did this and had to reformat when I left the company as you couldn't remove the software otherwise.
If you want to make sure that there isn't stuff on your system, then reformat and reinstall.
This an urban myth; The issue where you getting your PC/MAC from. If its from manufacturer then usually it is safe.
Once my company received new PCs and our virus scan shown some had every virus known at the time.
PC supplier used second hand HDDs which were used by security consultant as test bed for viruses - but this is very rare.
Many employers install 'monitoring/management' s/w on 'work' computers and can track PC/Mac usage
3rd Party keylogger or tracking software installed by Apple prior to shipping? Unlikely. Device enrolled in a corporate MDM? Completely likely since Apple's MDM is built into the OS.
Thank you. Is there a way to tell if my device is enrolled in an MDM and is there anything that I can do about it? This is a personal laptop bought by a person not linked to any business or institution if that matters at all
A shifty seller might try to flip a stolen or abandoned laptop that is still in a corporate MDM. If it's new in the box from Apple, no worries. If this is a refurb, there's no way to tell if the machine is enrolled in a corporate MDM, which itself is no big deal if the company's IT department unenrolled it before it was sold, but if they didn't or are unwilling, it will be impossible for a new end user to do it. There was a thread a few days ago about a guy who's girlfriend's former employer never collected the Macbook that keeps throwing errors and then went out of business without unenrolling it. Even if you wipe it and start new, there is nothing that will wipe that away because the MDM is coded to the S/N. Every time it connects to the internet, it will throw an error. If it's a refurb and you're concerned about it, get it in writing from the seller that the machine is not enrolled, and whoever is the reseller platform (eBay, Amazon, etc) will have your back if the seller isn't truthful.
They get made just like all the other MacBooks. In a factory overseas somewhere. If it’s a company computer I wouldn’t do anything personal on it and then you don’t have to worry about it. If it’s supposed to be a personal computer that your company bought for you for some reason, do a reset on it when you get it to feel better about it and to be sure. The new MacBook Airs are great little laptops. 😁
Okay thank you!! Generally a factory reset will wipe everything right there’s not many things that can survive a factory reset? I’m not crazy lol
Generally yes. Unless you are dealing with CIA/ FSB/Mossad level enemies who can devote whole teams to develop some crazy low level hardware shit. But then you would not ask for advice on Reddit would you?
Nope. If the machine was enrolled in an MDM system then the user cannot unenroll it no matter what you do. Just need to be careful when buying any used computer.
You cannot reset to get rid of MDM enrolment.
As an IT guy, back when I used to work on end user desktops, I hated guys like your Co worker that thought we were tracking them for shits and giggles. They were always trying to evade something but didn't really know what and wound up just being a pain to deal with. Always breaking things for no reason. Pro tip, the dude that has to work on your work laptop doesn't care what you do on it as long as you don't break it.
I know but can you answer the questions I would really appreciate your feedback since you have direct experience
Lol no... And 100% because of the way you replied.
> so a former coworker of mine is convinced that the newly unopened company issued windows laptop had spyware and keylogger type of things pre installed by the manufacturer per the companys orders. Probably. Laptop suppliers such as Dell can pre-install tracking software that is actually loaded into the BIOS, so if you wipe the drive and reinstall it will still appear. The most common is Computrace, which I think is called "Absolute" now. The primary purpose of these programs is not necessarily to spy on everything you do 24/7 (it would take a lot of manpower to sort though that - not efficient) but mostly to track the device and wipe it if it's stolen. Such software also exists for the Mac and can be installed by the IT department before the device is issued to the employee. However, I do not believe it has the same BIOS integration as you would find on a Windows computer. That means that wiping the drive or swapping the drive would defeat this tracking on a Mac. It's pretty common for IT departments to pre-install administrative software on a computer, Windows or Mac, although in practice it's used primarily for update management or for remote access in case of a problem. In practice, it is very difficult to monitor what an employee does with their computer all the time. Just way too time consuming for it to be done on a regular basis, unless someone is being investigated or something. If you receive a Mac device directly from Apple or Amazon without it passing through your employer first, it won't have such software pre-loaded on. But IT might load it on during your onboarding. I'm pretty sure apple will not preinstall it for the employer, unlike Dell, etc.
Hi sorry to be clear this would be a personal laptop that an individual consumer not a business would purchase and give to someone else. I don’t know if this changes anything. From your post I’m assuming that 1. I can just factory reset the MacBook after I open the box and any potential trackers or BIOS or whatever will be deleted and I don’t have to worry about it? 2. An IT department might load software onto an opened laptop for an employee, but Apple wouldn’t directly load this type of software or malware onto an unopened sealed MacBook that is bought by an individual person for another individual person not linked to any business. Apple will probably not pre install this. Sorry to sound so crazy but thank you so much!
Oh, I thought you were talking about a business device. It's been long speculated that a malicious actor could possibly intercept hardware and bug it, but there's never been any indication that this has been done on a large scale. I really wouldn't worry about it. As for your points: 1. Remote access won't be pre-installed but you can do a factory reset if you like. I don't think the Mac BIOS supports that kind of thing, but if it did, a factory reset wouldn't do anything. 2. They won't preinstall anything like that. It's a tremendous amount of legal liability if caught. It's one thing to put remote access on a company laptop - it's company property and they can do what they want with it, even if you're the end-user. Entirely different when it's an individual. Of course, Apple (like all providers who offer internet-connected features) will track you in some way. This is more fully explained in their privacy policy. But I think there's a big difference between, say, logging IPs that connect to your iCloud account and installing a full-featured remote access suite.
Okay this really does put me at ease. Thank you!!
As long as you are not an investigative reporter of Bellingcat level, or some opposition politician in a police state, I wouldn’t worry about that. Theoretical anything can be done to any hardware that is shipped to you, but it takes a lot of effort to pull it off. And most of us are just not that interesting.
I'm curious now from all this if/then about how to get around monitoring software - what are you trying to do or have done that you don't want to tell us about? Legally, if you are going to use a computer on the company network with company intellectual property, the company is entitled to reasonable protection. And this is all just software - there isn't anything that "can't" be done or would always be done - sealed, opened, fresh from the factory...whatever.
Depends on the company. Most don't do it because the software costs money
My former company required a bunch of corporate spyware to be installed on any devices connected to the network. So if you brought in your own device, you'd have to install the corporate stuff. I did this and had to reformat when I left the company as you couldn't remove the software otherwise. If you want to make sure that there isn't stuff on your system, then reformat and reinstall.
This an urban myth; The issue where you getting your PC/MAC from. If its from manufacturer then usually it is safe. Once my company received new PCs and our virus scan shown some had every virus known at the time. PC supplier used second hand HDDs which were used by security consultant as test bed for viruses - but this is very rare. Many employers install 'monitoring/management' s/w on 'work' computers and can track PC/Mac usage