Does wiping your Mac really work?

by
Does wiping your Mac really work

Some people choose to wipe, or perform a “clean install,” of their Mac’s operating system from time to time. Wiping a Mac means erasing the entire hard drive and reinstalling the operating system and applications from scratch. This differs from simply deleting individual files or applications. When you wipe your Mac, you essentially reset it to a factory fresh state.

There are a few reasons people choose to wipe their Macs. Some do it to solve performance issues or “speed up” the computer when it starts running slowly. Wiping everything and starting fresh can potentially improve speed by clearing out old clutter and traces of unneeded apps. Others wipe their Macs periodically as a security measure, to eliminate any malware or vulnerabilities that may have accumulated over time. And some simply enjoy the feeling of having a freshly set up system.

Overall, wiping a Mac erases all user data and customizations, restoring the computer to its out-of-the-box state. People choose to do full wipes for various performance, security or personal reasons.[1]

Reasons People Wipe Their Macs

One of the most common reasons people wipe their Macs is when they are selling or giving the computer away. As this article points out, wiping the MacBook is important to ensure no personal data or files are transferred to the new owner. When you sell or give away your Mac, you want to protect your privacy by erasing all of your documents, photos, browser history and settings. A factory reset helps avoid any of that personal or sensitive information falling into the wrong hands.

Wiping the Mac also allows the new owner to start fresh with their own data and settings, without inheriting yours. It’s like giving them a brand new computer out of the box. According to Apple’s guide on erasing your Mac, the wipe erases all volumes and partitions, including the macOS partition and any Windows partition created with Boot Camp. This gives the new owner a blank slate to work from.

How Wiping Works

Wiping a Mac involves overwriting the data stored on the hard drive or SSD multiple times to ensure it can’t be recovered. According to Apple Support, when you erase your Mac it overwrites the drive by default with a single pass of zeros [1]. This overwrites all the sectors on the drive so any previous data is no longer accessible. However, advanced recovery methods may still be able to recover some data from a single pass wipe.

For a more secure wipe, many tools perform multiple overwrite passes using different data patterns. For example, Backblaze recommends a 35-pass wipe sequence developed by Peter Gutmann to thoroughly overwrite data beyond any possibility of recovery [2]. Each pass targets a different encoding scheme to ensure all remnants of data are eliminated. While excessive for most consumer uses, this approach is used to meet higher data security standards.

Wiping Tools

There are a few different options for securely wiping a Mac. The most basic option is to use Apple’s built-in Disk Utility tool. Disk Utility includes a “Secure Erase” option that overwrites a drive’s data with zeroes before reformatting it (https://support.apple.com/guide/disk-utility/erase-a-volume-dskutl14189/mac). This meets the US Department of Defense 5220.22-M specification for securely erasing data.

Third-party erasing tools like CleanMyMac X also provide advanced wiping capabilities beyond Apple’s built-in options. CleanMyMac X offers a feature called Malware Removal that can detect and remove malware as well as securely overwrite system files to erase anytraces left behind. It utilizes a 35-pass overwrite technique that meets the US DoD 5200.28-STD specification (https://macpaw.com/how-to/remove-malware-from-mac).

Other third party tools like Mac Cleaner Pro and MacBooster also offer advanced wiping features, though some users report performance issues with these tools. Overall, Apple’s Disk Utility provides a basic secure erase while tools like CleanMyMac X offer more advanced options for completely wiping a Mac.

Effectiveness of Wiping

Wiping a Mac does not guarantee that all data will be erased. If the wiping is not done properly using secure deletion methods, some data may still be recoverable by forensic tools. Simply reformatting the hard drive or doing a basic erase does not overwrite all existing data1. There are still remnants of files left behind that can be pieced together if someone has the right tools2.

To effectively wipe a Mac and prevent data recovery, specialized disk utilities that perform secure erases must be used. These overwrite the drive with multiple passes of random data to obliterate any traces of the previous data. Standard erases like reformatting simply remove file system references to the data, but do not actually delete the underlying bits.

Secure Wiping Standards

When securely erasing data from a Mac, it is important to follow secure data sanitization standards. One of the most well-known standards is the U.S. Department of Defense 5220.22-M standard.

The DoD 5220.22-M standard, also referred to as the DoD wiping standard, is a specification created by the U.S. Department of Defense for sanitizing removable and non-removable rigid disks. It requires overwriting all addressable locations with a specific set of data patterns designed to remove any residual data.

Specifically, the DoD 5220.22-M standard defines a 3-pass overwrite procedure:

  1. First pass: Overwrite with all zeros (0x00)
  2. Second pass: Overwrite with all ones (0xFF)
  3. Third pass: Overwrite with a random character pattern

By overwriting the drive using this defined pattern, it aims to prevent the recovery of any residual data left on the drive (source: https://www.bitraser.com/article/DoD-5220-22-m-standard-for-drive-erasure.php). When data wiping software for Mac advertises DoD 5220.22-M compliance, it generally means the software performs this type of 3-pass overwrite.

Steps for Secure Wiping

Here are the detailed steps to securely wipe a Mac clean:

  1. Restart your Mac and boot into Recovery mode by holding down Command + R when turning on your computer.
  2. Select Disk Utility from the macOS Utilities window.
  3. Click “Continue” if prompted to unlock the disk.
  4. Select the disk you want to wipe in the left sidebar.
  5. Click the “Erase” tab.
  6. Choose a format type – “APFS” is recommended.
  7. Select “Security Options” and choose a secure erase method like 35-pass erase or 7-pass erase [1].
  8. Rename the disk if desired.
  9. Click “Erase” and confirm to securely wipe the disk.
  10. Quit Disk Utility once complete.
  11. Reinstall macOS if you wiped your startup disk.

Following these steps will securely erase all data by overwriting the disk multiple times, making the data unrecoverable.

Verifying the Wipe

After wiping your Mac’s drive, it’s important to verify that the wipe was successful and no data remains. Here are some ways to check the disk is fully wiped:

Use Disk Utility’s Erase process – Disk Utility has a built-in feature to securely erase a volume by overwriting it. After running this process, Open Disk Utility again and select the erased volume. In the bottom details pane, it should show the disk as “Empty” with 100% free space if the wipe was successful (Apple Support).

Restart in Recovery Mode – Boot your Mac into Recovery Mode, launch Disk Utility from there, and examine the main drive. It should be formatted as a single volume showing 100% free space if the wipe worked (Apple Discussions).

Use a file recovery app – Download a free data recovery app like PhotoRec and scan the erased volume. It should not find any recoverable files, indicating a full wipe.

Wipe verification tools – Some disk utility apps like Disk Drill have built-in wipe verification functions to scan for remnant data. These can provide added assurance the wipe process finished completely.

By taking the time to verify, you can ensure your old Mac’s drive is totally wiped clean of all data before selling or disposing.

Reinstalling macOS

After securely wiping your Mac, the next step is to reinstall macOS with a clean install. This will ensure no trace of your previous data remains on the Mac. According to Apple Support, you can reinstall macOS from macOS Recovery by booting into Recovery Mode, selecting Reinstall macOS, and following the prompts [1]. The clean install will reformat your drive and install a fresh copy of macOS.

It’s important not to restore from a backup after wiping your Mac, as that could potentially reintroduce old data back onto the device. Doing a clean install ensures only the macOS operating system and stock apps are installed. You can then configure the Mac as new and download desired apps afterwards. This completes the wipe process and provides you with a fresh Mac.

Conclusion

In summary, wiping your Mac can be an effective way to erase all data before selling or recycling your device. There are several options for securely erasing data, including Apple’s built-in erase feature, third party wiping tools, and even physical destruction. The key is understanding the difference between standard erasing and secure standards like DoD 5220.22-M to truly prevent data recovery. While wiping your Mac provides more security than a simple delete, it’s not foolproof against highly sophisticated adversaries. Verifying the wipe was successful gives added assurance. With the data securely erased, you can then reinstall macOS to get the Mac ready for its next user. Just be certain to backup any important files beforehand.