4

I am running macOS 10.11. The system is as far as I know not infected, but natural I can not be sure. The system was in the past not as secure as it should have been (missing security updates and suchlike).

I want to use the opportunity of the update to 10.12 for a fresh and safer restart. I am going to make a clean install. Of course I have to copy my files to the new system. I fear that copying my old files will compromise my attempt to have a secure restart. I fear copying bad things to the new system. I will have to copy all my documents and media to the new system. Because of my very slow internet connection I also think about copying programs from the backup instead of downloading everything.

Am I too paranoid? What can I do to make it less likely that my new system is getting compromised by the files of the old system?

Thanks!

1 Answer 1

2

A good thing about macOS is that applications must be cryptographically signed. But if you want to launch an application that is not signed, you can add an exception (that's why macOS typically only asks once). By copying your home directory on a clean install, you don't migrate these exceptions, which means that any exceptions must be added again.

If you try to launch an application and macOS says it can't open it because it isn't signed, you should download it again if you want to be really sure. If it only asks if it's okay to open it, it's correctly signed and thus not changed from its original.

However, there are two things that could go wrong: Some programs run scripts, which are not cryptographically signed. If someone were to change the script but not the binary, you'd never notice. Also, if you copy the Library folder in your home directory, it may contain services that are started automatically. I'd recommend not copying the Library folder, but just keeping it around in case you need something. The same goes for dotfiles in your home directory.

All in all, there are some small risks involved in re-using your home directory, but unless you're really paranoid you can manage to get it relatively safe. I myself consider it safe enough.

1
  • This seems pretty fair. Unless this is a security critical application, I cannot see the issue with migrating old files.
    – DeepS1X
    Commented May 8, 2017 at 2:44

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .