Skip to content
Thoughtful, detailed coverage of everything Apple for 34 years
and the TidBITS Content Network for Apple professionals

Out to Launchd

Anyone who has ever run Activity Monitor (in the Utilities folder) and chosen Administrator Processes from the pop-up menu is aware that a Mac OS X computer is actually a hotbed of little programs that start automatically and whose purposes are probably unclear to most users. This is not usually a source of concern; most of these programs were put there by Apple and are part of Mac OS X. Ignorance is Bliss, and Big Brother Knows Best.

Recently, though, a new and unknown process, "dashboardadvisor", has been making an occasional appearance on the Activity Monitor scene. What’s more, users of Objective Development’s Little Snitch utility, which intercepts outgoing network connections, were alerted to the fact that such a connection was precisely what this process, each time it runs, was attempting to form (under the name "dashboardadvisoryd"). It was connecting with a server at Your computer, in popular parlance, was "phoning home!" This discovery cued the usual spate of reactionary and indiscriminate Fear, Uncertainty, and Doubt: Big Brother, so far from Knowing Best, was apparently Watching You. What was the process doing? Counting Mac OS X users? Reporting your name and address? Stealing your password?


Let’s put the matter in perspective. What’s wrong with a program making an outgoing network connection? That is precisely the job of your Web browser and your email client; you’re more likely to be troubled when it doesn’t do it. But in that case, in some sense, you initiated the connection, and in some sense you can "see" the connection as it happens (by means of a progress indicator, for example). An automatically launched, background-only task that "phones home," on the other hand, is an invisible program secretly sending an invisible message. And this, after all, really is how spammers and hackers learn your secret information or attack servers from the machines of innocent, unsuspecting users.

But this process, you happen to know, is not the work of a spammer or a hacker. It is part of Mac OS X; in particular, it was introduced into the Dock application as part of the recent upgrade to Mac OS X 10.4.7. Apple made no secret of it; they announced that "you can now verify whether or not a Dashboard widget you downloaded is the same version as a widget featured on before installing it." Furthermore, interception of the actual network "conversation" initiated by the process in question (easily performed with Stairways Software’s Interarchy) shows no information is being transmitted; rather, some information is being requested and received. It’s exactly like what happens when the Software Update window suddenly appears unbidden on your computer and announces that "New software is available for your computer." How do you think Software Update knows this? It’s because an invisible background process initiated an invisible network connection to Apple’s server, and information was requested and received.

< artnum=303771>


Still, there is one tiny but arguably crucial difference between the behavior of Software Update and that of "dashboardadvisory": Software Update gives you a way to turn off its automatic behavior (through the Software Update pane of System Preferences). The advertised behavior of the Dashboard check is that "you can now verify," whereas the reality turns out to be that "your computer is going to check in periodically with Apple whether you like it or not." That difference is enough to raise the hackles of many users, including me. Apple might have elected to use any of several nicer ways to implement this, and didn’t.

< phones-home-too>

< applePhonesHomeTwo>

So, even though this feature is probably benign, one can’t help imagining a silent mass protest in which every Mac OS X user would assert freedom of choice by turning it off, notwithstanding Apple’s failure to provide an on-off switch. And this, it turns out, is not difficult to do. The process in question is triggered through a file located in /System/Library/LaunchDaemons/ (the file is called Files in this folder are actually commands to a kind of ultimate background process called launchd, whose job is basically to launch other processes. These commands are just text files, and therefore they can be edited. And there’s a wonderful freeware program, Peter Borg’s Lingon, that allows you to do just that, very easily.



So, if you’d like to participate in the protest, here’s what to do:

  1. Download and run Lingon.

  2. Switch to the "System Daemons" pane (you’ll have to supply administrator authorization).

  3. Find and select the line whose Label is "".

  4. Click the Unload button in the toolbar.

That’s it! The plist file will have a Disabled key written into it, and the Dashboard advisory process will, I believe, never again be run automatically through launchd. Of course, it’s possible that you’ve now opened your computer to a new risk, where you might download a malicious Dashboard widget masquerading as a legitimate one; but my favored solution to that, given its annoying implementation and inherent insecurity, is not to use Dashboard at all.

< apple_reinvent_the_antivir.html>


Subscribe today so you don’t miss any TidBITS articles!

Every week you’ll get tech tips, in-depth reviews, and insightful news analysis for discerning Apple users. For over 33 years, we’ve published professional, member-supported tech journalism that makes you smarter.

Registration confirmation will be emailed to you.

This site is protected by reCAPTCHA. The Google Privacy Policy and Terms of Service apply.