removing/editing read only file system

Beginning with macOS 10.15 Catalina, Apple separated the macOS system files from user data. Apple now places the macOS system files onto a read-only APFS volume.

About the read-only system volume in macOS Catalina or later - Apple Support

And beginning with macOS 11.x Big Sur, Apple then made the read-only system volume a signed & sealed volume so that you can be sure nothing is modifying the core system files.

Signed system volume security in iOS, iPadOS, and macOS - Apple Support

What is a signed system volume? - Apple Support

I can appreciate you want to minimize the area for potential issues & vulnerabilities, but macOS is not an OS you can do this with. In fact macOS does not like being modified too far from system defaults (personal experience & also reading these forums). macOS has great built in security especially when the user also practices safe computing habits such as those outlined in this excellent article written by a respected forum contributor (also includes tips to keep the OS running smoothly). While I'm sure you may be already be aware of these safe computing habits, I'm including it here for others who read this thread and want to better understand how to keep their Mac secure & running smoothly.

Effective defenses against malware and other threats - Apple Community

If you want an OS you can customize, then you may want to learn & use Linux or one of the BSDs such as FreeBSD. I was able to customize a Linux installation to only use about 70MB of memory when booted to the Desktop (typically most default Linux distributions' graphical Desktop Environment installs utilize 400MB+ of RAM)....yes it had a very basic graphical interface, but I did lose out on some automated features (not a problem for me). I don't recall how much storage space it took up on the drive, but it wasn't much. Even with Linux, some higher end features may pull in a lot of support libraries and projects. But if you want to customize the OS as you are describing here, then a Linux distribution or one of the BSDs are your best options to do so.

Any unusual customization that macOS used to allow is slowly being removed or broken with each new macOS update & upgrade. macOS is becoming more & more like iOS so expect this trend to continue....even the Mac computer hardware is moving that way too. Some of it is motivated by enhancing security and to make the OS more stable for a better user experience. Part of it is to also keep users from accidentally removing a critical part of the OS. I'm sure other motivations are also involved with some of these changes.

You cannot remove these files, and that is a good thing!

Why on earth would you try such a thing? You could damage your system to the point that your mac might not even boot.

Anything under /System is mounted in a readonly volume, for security. This prevents tampering with the OS.

There is NO reason why anyone would need to delete or change these files other than Apple.

Two cent here

What the user is attempting is futile and may end up with an expensive " Paper Weight " on the Desk

The Operating System resides in a Sealed and Read Only Volume that can not be opened by the User nor by Third Party Applications.

The only Entity that can open and modify or alter this Volume is Apple.

That would occur when a update or UpGrade is performed.

The others are absolutely correct. Maybe you should restrain yourself a bit and consider that they may know something you do not.

You do not realize, but macOS normally contains some ARD files to allow for others to remotely connect to macOS. Keep in mind that only the person using the ARD server software need to install software.....the clients you are connecting to do not need to install anything. Why? Because macOS already has some ARD files to accept remote connections.

Here is the contents of that same folder on my Apple Silicon Mac running Ventura (factory installation) and migrated from another Apple Silicon Mac with a factory installed OS. Neither Mac ever had the ARD server software installed, so this is what Apple ships by default for macOS Ventura.

macOS includes a lot of stuff people are unaware of and many times it may include odd & scary sounding names.

I don't know enough to determine whether you have been hacked due to a vulnerability in ARDAgent or something associated to it. I do know that there are hundreds of processes running on a mac at any time.

If you found a vulnerability then you should report it to Apple, so they can fix it.

I don't think I was disrespectful by pointing out that you were making changes to the base OS, which could damage the system.

For your own peace of mind I strongly suggest you stop using Apple products. You'll never make them secure enough for your needs. They will never bring you joy. Best to use some other system more suited to your requirements.

IMHO - There has been sufficient advise offered, from at least 3 Different Contributors, for the User ( you ) to make an informed and educated choice what remedial actions are  required for this computer.

The suggestions have been put forth on a volunteer basis, in good faith and in the best interests of the computer.

Perhaps some additional unless information but here goes anyways >>

About Apple threat notifications and protecting against state-sponsored attacks - Apple Support

“ He who knows, does not speak. He who speaks, does not know. “ Lao Tzu

“ A little knowledge is a dangerous thing “ Alexander Pope

As Apple has now completed the Total Transition from Intel CPUs to Apple Silicon CPUs ( Latest released Computers announce June 6, 2023 ) - the circle is compete.

It would be reasonable to expect the blurring lines between macOS and iOS to become even more iOSish in time.

The Locking Down of macOS would seen more evident to these old eyes

Well, here is a knotty problem. Python3.9 is installed in /usr/bin/. It is no longer the current version - it is now 3.11.

If I run python3 --version is says Python 3.11.4

If I run python is says Python 3.9.6.

To my mind, for consistency sake, both commands should give the same result. Windows and Linux can easily be configured to symlink python3 to python but that doesn't work on Mac because even if you create a symlink to the up-to-date python 3 in /Library/Frameworks/Python.framework/Versions/3.11/bin (which is the first entry in my path), that symlink is ignored. If you enter python you still get 3.9 from /usr/bin.

And since there is no way to delete that it remains a permanent irritant.

Perhaps it was a mistake to hard-code a version of python into the OS, because it is updated so frequently.

Some will say, MacOS "depends" on python so it must be this way. Apple support will say "Why are you trying to work with python on your computer? We don't support that"

You would think that after all the years that Apple has been working on the OS and the billions they have in the bank, they could figure out some way to keep python current so that it wouldn't be necessary to get updates directly from python.org.

anyway, IMHO, restrictions like this always have undesirable consequences, as would not having the restrictions. I'd rather be able to clone my drives frequently and be free to do whatever I think necessary. Of course, with APFS it's no longer really possible to clone your disk either.

I'm never comfortable or happy when I run into this kind of paternalism. Every time I encounter it I seriously consider just dumping mac completely, it's that frustrating.

Unfortunately ,the only solution if for Apple to change it's ways.

You are making things more complicated than they need to be.

What is your shell? zsh?

Just add a line like this one to ~/.zshrc:

alias python=/usr/local/bin/python3

or whatever the correct path to your python 3.11 command is.

FINALLY!!! I have had the same issue. I have been using macs for over 30 years and the last few months have been **** dealing with something or someone getting into my machine. The processes you listed are the exact same ones that I have noticed being the common denominator. It's not a bug or a corrupted plist file. The damage is too deliberate and targeted to a specific project I am working on.

I am going to try what you suggested

AlexGreggs2 wrote:

FINALLY!!! I have had the same issue. I have been using macs for over 30 years and the last few months have been **** dealing with something or someone getting into my machine. The processes you listed are the exact same ones that I have noticed being the common denominator. It's not a bug or a corrupted plist file. The damage is too deliberate and targeted to a specific project I am working on.

I am going to try what you suggested

Do whatever you like, it is your mac, but if you start messing around with files that Apple includes as part of the OS you may risk making your mac unbootable. There are thousands of processes running at any time in macOS (or any other OS, for that matter). Most users have no idea what they are. Deleting files left and right is unlikely to fix the issues you are facing, and could have devastating effects. At the very least, make a full backup of your data because embarking on this adventure. Just saying.