First, please understand that Tunnelblick is not causing the problem, it is only pointing it out.
To summarize your complaint:
- Tunnelblick's refusal to operate on a computer system that has been compromised is "absolutely _awful_" and "unacceptable".
- You would rather operate a compromised system than fix it.
- You are repeatedly installing a program that compromises your system.
(And, yes, if you are getting these warnings, your computer is compromised. That's not to say that it has malware, just that it is more vulnerable to becoming infected with malware than a system that doesn't have ownership/permissions problems.)
A common reason an employer requires employees use Tunnelblick is because they consider it more secure than alternative programs. One of the reasons it might be considered more secure is that it refuses to run on already compromised systems. (If a compromised system connects to their network, it removes one layer of their "security onion" and puts their entire network more at risk, so it's quite reasonable for them to be unhappy about it.)
Since you are apparently repeatedly running into this problem, why don't you keep the one line command to fix it handy, and consider executing it a necessary step each time you run the badly-written or malicious installer? Just use the appropriate command from our
System Folder Security page.
By complaining about Tunnelblick, you are "shooting the messenger". Instead, you might want to direct some of your ire at the program(s) that are compromising your system. Or, more productively, you could notify the program's author(s) so they could fix their programs.
Or perhaps you could try to persuade your "work space" to relax their requirement so you can install an alternative to Tunnelblick, such as
Viscosity. If they don't care about you connecting your compromised system to their network, they might be fine with a proprietary program being used to connect to their network.