Would You Buy a Used Computer?
With all of today’s rampant malware, spyware, and ransomware, would you buy a used computer for sale at a thrift store, on Ebay, or Craigslist? How about a refurbished computer offered by Dell, HP, or another well-known vendor? What about a used hard drive, memory module, printer, or even a mouse? Is it ever safe to go with used tech hardware? Read on for my advice...
Is it Safe to Buy Used Computer Hardware?
People buy used cars every day, with the understanding that something could go wrong. If you're lucky, you might get a limited warranty from a dealer. But if you buy from a private individual, it's a "buyer beware" situation, and you hope for the best. Of course, many items are sold online as "used" or "reburbished" and things work out just fine. But you'd be surprised how much returned (and sometimes defective) merchandise is being sold online as "new." (I published an eye-opening article on that a while back. See [WOW] What Happens To Amazon Returns?.)
But what about computer gear? Is there a chance that malware could be lurking in a used computer, a hard drive, or even a printer? What about state-sponsored spy organizations implanting spyware in the computer supply chain? Such questions are not raised only by the tinfoil-hat crowd. A bit of googling will turn up examples of brand-new computers and smartphones being infected with malware. If the culprit can be found, it’s usually a disgruntled or careless factory employee who allowed malware into the production line. How much more vulnerable is used hardware?
Any computer that has been used by someone else is suspect, because anyone - no matter how security-conscious - may allow malware to slip into his/her system. Even automatic updates of legit software can (and have) introduced malware. There have even been examples of antivirus software being corrupted.
Refurbished gear is guaranteed to be restored to factory-specified performance levels. But that means the machine performs adequately on benchmark tests. It does not, necessarily, mean that it has been scanned with a good anti-malware utility, let alone thoroughly cleansed of any malware. When shopping refurbs, be sure to ask specifically about malware scanning, including names of anti-malware software used and what components are scanned.
Don’t expect refurbished gear’s limited warranty to cover undetected malware delivered with the refurbished hardware. Even if you can prove you found the malware almost immediately after opening the box, it will be an uphill battle to convince a vendor that you were not the source of the infection.
I would not trust any seller or giver of used computers, from a stranger on Craigslist to my family’s “IT geek.” OK, I might trust the latter, because he is me! That’s my point: trust only yourself to do a proper job of checking used gear for malware, and do the job properly.
Before plugging anything into any “new” used computer - including allowing it to connect to your WiFi network - you should boot it from a rescue disk that does an automatic anti-malware scan. You can made a rescue disk with Windows or your anti-malware program. If you haven’t made such a disk, do it before you need it! Here are instructions for several offline malware scanners you can run from a CD.
Running blindly with a used computer is kind of like moving into a fully-furnished abandoned house. Would you sleep on a bed that might be harboring bed bugs or dust mites? Would you sit on that dirty old couch?
Another option when purchasing a used or refurbished computer is to toss the hard drive. Install a new hard drive, and either restore your files from a backup, or start from scratch with a Windows installation disk. Did the previous owner fail to apply security patches, use anti-virus tools, and keep software up to date? Did he download stuff from dark corners of the Internet? You don't want to inherit someone else's problems.
RAM (memory) modules should be safe. When they’re without power, they lose all data stored on them, including any RAM-resident malware. However, that is not true for firmware chips such as those embedded in printers and other peripherals, including graphics cards that may be inside a used computer. Firmware chips retain their contents even without power.
A mouse does not contain any writable memory, not even firmware. A mouse is driven by the driver software that is installed on a computer. I would not trust a USB flash drive full of “mouseware” that might accompany a used mouse. I would download the latest version of the compatible software from the manufacturer’s site, not a third-party software repository.
What About Other Gadgets?
For that matter, I would not trust any USB flash drive or external storage device that I didn't purchase brand new myself. Aside from the fact that a careless person might be passing along an infected USB drive, it's a well-known tactic for bad guys to load malware on USB drives, and "accidentally" leave them where someone might find them. Under the right conditions, simply inserting an infected drive into a USB slot will transfer a virus to your computer.
A used printer contains plenty of writable memory in which malware can lurk. Most modern printers require bi-directional communication with the host PC, meaning the printer can transmit data to the PC. That data may include malware, so treat your “new” used printer as a potential threat. It does seem unlikely, but this article from Computer Weekly details how it can happen.
For the first month or so after acquiring it, keep your PC’s shields at their highest sensitivity, and scan for infections daily. Better some false positives than a malware infection that was timed not to go off until you became complacent.
I would not buy a used “Internet of Things” device at all. Every one of them contains writable memory in which malware can hide, and there is presently no satisfactory way to scan IoT things for malware. Whether it’s a "smart" appliance, or a relatively cheap smart light bulb, I would buy a new one.
Sorry if I seem overly negative on buying used or refurbished computer equipment. But you can (for example) buy a new PC from Dell, HP, or Lenovo for about $350, with 4GB of RAM and a 1-terabyte hard drive. How much will you save, after buying a junker and upgrading the hard drive? Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 20 Apr 2020
|For Fun: Buy Bob a Snickers.|
Deep Fakes: Getting Too Real?
The Top Twenty
Which People Finders Are Legit?
There's more reader feedback... See all 34 comments for this article.
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- Would You Buy a Used Computer? (Posted: 20 Apr 2020)
Copyright © 2005 - Bob Rankin - All Rights Reserved