malware – Bought a new Laptop. Can’t reset. Is it Safe? – Information Security Stack Exchange

malware - Bought a new Laptop. Can't reset. Is it Safe? - Information Security Stack Exchange

It’s definitely sketchy of the seller to sell a “new” computer that is not in OOBE (out of box experience) configuration. Frankly I would have avoided a seller that opens the physical hardware, unless they’re well-known and trusted, for anything I wanted to use for really sensitive stuff.

With that said, you can definitely reset or (better yet) fully reinstall the OS. You may or may not need to extract the license key first; it can be stored in the firmware but if one of the “upgraded” things was the OS license then the one stored in the firmware might be Home edition instead. If the seller didn’t provide the license key directly (on e.g. a sticker on the laptop, or separately) you might need to extract it from the registry, for which there exists software but I’m not sure what the best tool is.

Once you have the license key (or are willing to trust that it’s in the registry / are willing to buy a new one if it’s not), download the install media from and follow the steps to create a bootable image. I recommend deleting all existing disk partitions and letting the installer re-create the partition scheme for you; this will erase the OEM/seller’s recovery partition but hey, if it doesn’t work then it’s just wasted space.

Note that you might need to download drivers – potentially a lot of drivers, if there’s a lot of cutting-edge hardware – from the websites of the manufacturers of the hardware (you can probably get many of them from Acer, though if different hardware was added you might need to look elsewhere too). Make sure you have a machine you can do that on, or do it before reinstalling the OS (and store them on external media); it’s entirely possible for the network driver to be missing (very rare these days, but possible!)

Now, with all that said: while it is pretty unlikely there’s anything maliciously added to your machine, there’s definitely more reason for concern than if you’d bought the machine sealed from Acer. Opening the box means the seller could have added malicious hardware (such as a physical keylogger, or any other hardware implant that can e.g. sit in an M.2 slot from which it may have direct memory access). They also could have installed modified firmware, which will survive a disk wipe / OS reinstall. Even if the firmware itself is stock, they could have configured it in various ways; UEFI allows for storing lots of custom data, and while usually this is things like “the Windows license key”, it can also be entire UEFI programs or drivers (“OEMs can add UEFI applications that aid in manufacturing and servicing the device.”, “Lenovo Caught Using Rootkit to Secretly Install Unremovable Software”).

Again, realistically, the danger is quite low; the expected benefit from malicious modifications would need to be quite substantial to exceed the risk of discovery and legal action. But there is more risk (especially if the third-party seller is some tiny, unknown fly-by-night business with no established reputation or meaningful wealth to be at risk from legal action) than with a sealed box directly from a trusted OEM (although OEMs can, and have, abused their own ability to pre-install stuff that’s arguably malware; see the link above about Lenovo).

As such, asking “is it safe” is very hard to answer. Nothing is 100% safe. Is it as safe as an unmodified, sealed machine? No, but maybe not much less so. It is safe enough? Maybe, but that’s hard to tell. A clean install of the OS may help. Wiping and re-installing the UEFI also might help, but I’m not actually sure if that removes the customizations and it could also introduce problems if it does.

This content was originally published here.

Laat een reactie achter

Het e-mailadres wordt niet gepubliceerd.