
BlockBlock 1.0.0 beta – rewritten and open source - sashk
https://github.com/objective-see/BlockBlock
======
vipa123
What does this do?

~~~
scanr
Found this:

[https://objective-see.com/products/blockblock.html](https://objective-
see.com/products/blockblock.html)

“Malware installs itself persistently, to ensure it's automatically re-
executed at reboot. BlockBlock continually monitors common persistence
locations and displays an alert whenever a persistent component is added to
the OS.“

~~~
xtf
And it seams to be for MacOS, at least. May be portable, but don't know.

Worst project-documentation 2020, so far.

------
app4soft
Is there same thing for Linux?

~~~
hoistbypetard
No. But we should make a one for systemd now that it has provided similar
common persistence mechanisms. Prior to the wide availability of user
services, I'd have said that mechanisms for (especially non-root) persistence
were too fragmented for a thing like this to be useful for Linux.

One that did nothing but scan systemd would probably be worthwhile now,
though.

~~~
app4soft
> one for systemd

Is it possible to create for non-systemd?

~~~
hoistbypetard
You could try and detect some percent of persistent installs. The linked item
is scanning launchd. Systemd is very similar for Linux. Non-systemd things are
so diverse (IMO) that an attempt would devolve into a generic IPS. Which exist
already, kind of suck, and find crapware with varying degrees of success.

------
danieldk
Also, if you want something more passive, KnockKnock by the same developer is
also great:

[https://objective-see.com/products/knockknock.html](https://objective-
see.com/products/knockknock.html)

