1

Companies like Google and others love to install daemons/services on

~/Library/LaunchDaemons

Sonoma alerts me when this happens, but I want to be able to prevent bloat services like this even installing.

Unfortunately, I create things for the web and I need to test it using Chrome. Every time I run chrome, here we go, it fiddles with the LaunchDaemons and adds its crap.

I have thought of creating a zero byte file there, with the name they expect but with permission 000 (chmod 000), but because sometimes you are installing apps that have my admin password, these files will be overwritten.

I know that some files in the system have permissions that not even with a superuser permission one can access.

How can I set these files like that, so they cannot be overwritten?

Improve this question
2
  • Avoid running installers for third-party software, if possible. If the software comes as an Installer package, you can use an application such as "Suspicious Package" to open it, see what it contains, and install only the parts you want. I wouldn't advise trying to screw up the permissions of your files as a countermeasure.
    – Linc D.
    Commented Nov 28, 2023 at 23:59
  • Can you document your preferred gatekeeper settings? I wonder if you can restrict those and only relax when you’re going to want to be watching as a countermeasure here.
    – bmike
    Commented Nov 29, 2023 at 0:00

1 Answer 1

Reset to default
2

I would look at BlockBlock, From Objective-See.

It is a daemon that watches the normal persistence places, and silently blocks, or prompts, when something attempts to install itself there.

BlockBlock Alert Dialog Example

I use it myself and it alerts when Chrome tries to do something.

Improve this answer
0

Not the answer you're looking for? Browse other questions tagged .