8

I recently bought a new computer. Now I want to convert my old PC into a Linux system. However, I want to start completely fresh and not bring over any malware. I am already planning to wipe everything to start from scratch and I was wondering if this is enough.

If not, are there additional steps I can take to do so, keeping in mind that there is nothing on this PC I care about saving?

Vilican
  • 2,723
  • 8
  • 22
  • 35
Chrus
  • 97
  • 1
  • 2
  • 3
    If you are currently running Windows the odds of any malware transferring over to a Linux system are extremely small. – AstroDan Apr 12 '16 at 18:21
  • 2
    Appears to be a dup of http://security.stackexchange.com/q/7204/971. See also http://security.stackexchange.com/q/44750/971. – D.W. Apr 12 '16 at 23:56

2 Answers2

23

How deep down the rabbit hole do you want to go?

For OS level malware: Sure, wiping the hard drive is fine. To be extra sure, overwrite the entire hard drive with 0s manually using a secure erase tool.

For hardware/firmware level malware: Well... no. These things live in the actual firmware of your PC and will reinfect your hard drive every time.

For periphery level malware: Now this is a much deeper hole to dive into than OS level and not as bad as the firmware level, but the gist of it is that something else on the network is infected, and will infect you too. This most commonly happens with routers, but if this sort of attack was already happening you'd see weird page redirects, odd DNS settings, and bad behavior on your entire network.

Now out of the truth of the matter: You probably only have OS level malware, if any, which is easy to fix. Just reformat, secure erase, and reinstall. Have fun!

Robert Mennell
  • 6,978
  • 1
  • 14
  • 38
  • 2
    And don't forget the your router might have been hijacked too, i.e. periphery l level. [More common](https://nakedsecurity.sophos.com/2012/10/01/hacked-routers-brazil-vb2012/) then one might think. – Steffen Ullrich Apr 12 '16 at 20:10
  • 1
    Or the malware could be [in the hard drive firmware](http://www.kaspersky.com/about/news/virus/2015/equation-group-the-crown-creator-of-cyber-espionage) (see "Ultimate persistence and invisibility"). – Greg Sadetsky Apr 13 '16 at 01:16
  • 1
    Software level is imho a bit misleading since software is not defined to reside on the harddrive only. Some rootkits flashed themselves into the motherboards chips etc. so they are "hardware level malware" but still of course a software. Nice answer anyway though – ljrk Apr 13 '16 at 09:06
  • If we rename "software level" to "OS level", I think everyone would agree. Though I disagree that periphery level is the deepest rabbithole. Firmware is always deepest - it can rewrite USB devices, overwrite or rootkit certain integral device firmware like harddisks and ethernet cards, etc. These are infinitely harder to find and recover from than wiping a router or buying a new keyboard. – Vegard Apr 13 '16 at 09:12
  • @Vegard by deepest I mean has the most chain of chains. Most insidious I don't think anyone will disagree is the hardware level virus. – Robert Mennell Apr 13 '16 at 15:57
0

Just a complement to @RobertMennell's answer for the software level part.

There are different levels for wiping a hard disk, because the disk contains:

  • a master boot record containing the primary loader => normally boots the active partition
  • n partitions (4 primary or 3 primary and m extended with MBR-BIOS, 128 with GPT-UEFI), each containing:
    • a partition boot record (usually contains a boot loader)
    • a file system

Software level malware can be present in the file system (most common), but some can install (parts of) themselves in a partition boot record or even in the master boot loader. If you only erase the disk partition containing Windows, with a new Linux system, you are likely to leave the master boot record and other partitions untouched. If you want to make everything clean, you must remove all partitions and install a brand new master boot record

Serge Ballesta
  • 25,952
  • 4
  • 42
  • 84