Mac Gems: Automatic Launch Object Detection lets you track background processes
When you’re using your Mac, currently running applications appear in the Dock, but there are many processes running invisibly in the background. Some of these are processes you’ve initiated yourself—for example, by adding them to the Login Items list in System Preferences—but others are running because the OS or some installer set them up to run in the background, either continuously or on a schedule. Specifically, many of these processes are controlled by an OS X feature called launchd, which uses special configuration files to determine which processes should be run, and when.
Many of these processes are good, and some are even necessary. For example, some backup programs use them to make sure your scheduled backups run at the appropriate time(s). But I personally want to know when an app or an installer sets up a new background process. Partly because I like to know as much about what’s going on with my Mac as possible, but also because as useful as the launchd system is, it can also be used for nefarious purposes: Someone with less-than-honorable intentions can use it to launch, or to keep running, malware or spyware.
How do you know when one of these background processes—in other words, a new launchd configuration file—is added? One solution is a clever utility called Automatic Launch Object Detection (ALOD for short), created by the Computer Incident Response Center Luxembourg (CIRCL). This utility monitors all the locations that launchd configuration files (and other types of background programs) are stored:
When a change to the contents of one of these folders is detected, ALOD displays an alert similar to the one you see here, noting which folder has gained a new configuration file; it also offers to show you the newly added item(s). Click Yes, and ALOD opens the folder and selects the newly added file(s).
I call ALOD clever because it does its thing by using features built in to OS X: AppleScript and Folder Actions. The utility itself is a simple AppleScript that displays the aforementioned dialog and takes you to the appropriate folder. The ALOD installer confirms that OS X’s Folder Actions feature is enabled, installs the AppleScript (called add - new item alert without timeout.scpt) in your personal Folder Action Scripts folder (in ~/Library/Scripts), and then attaches the script to the seven folders listed above. When the contents of one of those folders changes, OS X’s Folder Actions feature passes information about that change to the ALOD script, which then presents you with the alert.
Of course, seeing a new launchd configuration file doesn’t actually tell you what it’s doing, but the names of these files usually offer solid hints as to their purposes—or at least their sources. For example, on my Mac, the file us.pandamonia.Bark-Helper.plist was added when I installed the Bark utility, and com.bombich.ccc.plist was installed by Carbon Copy Cloner, which just so happens to have the website URL bombich.com. You can also do a web search on the file’s name to find more information. If it turns out you don’t want a particular launchd configuration file, it’s usually safe to delete it.
One other drawback to ALOD, which is a consequence of it using Folder Actions, is that it works only for the current user account. If another user installs or uses software that adds a launchd configuration file, you won’t be notified. (That user can install ALOD in his or her own account, though, to get notifications.)
As should be obvious from the screenshots here, Automatic Launch Object Detection isn’t a Gem because of a beautiful interface, or because it offers scads of features, but rather because it’s a clever use of OS X’s own technologies to let you better manage what’s going on with your Mac.
Macworld | Server Error