[Someone]

Idea is to prevent the Zoom Software from ‘repairing’ the ‘damaged’ app by overwriting it with the malware.

I would also set the ‘user immutable’ flag. If you want even better, set the ‘system immutable’ flag (see ‘man chflags’)

[bluecmd]

Yes sure, but I question if these permissions would do anything to prevent that. It would reject an open() call on the file, but these are expected to be directories so that would never happen, and it doesn't stop an unlink()