Admin, Security

KSFetch Annoyance on Mac OS X 10.8 ML with ‘Hands Off’ or ‘Little Snitch’ Firewall.

So you have some firewall on your Mac OS X setup, and it nags about 4 times a day about wether you want to grant KSFetch access to the net. Thats the thing that has been bugging me for months and finally decided to figure out a way to sort out this little menace.

As it turns out, this is a common issue with an ongoing discussion in several places across the web, namely here and on here at google groups.

KSFetch is a process for autoupdating of any and all google products installed on your system. Chrome being one of the most popular. Unfortunately, KSFetch is recreated each time it wants to check for updates and placed in a new directory, part of which is randomised. The randomised part of it means your firewall won’t know of it every time a new one is created even though you may have selected ‘always allow’ or ‘always deny’ because its looking at the wrong directories due to the nature of the random string in each. This results in your firewall having a ridiculous list of KSFetch entries in it and a continual nagging from your firewall about wether to allow or deny.

Another aspect to the issue is that, not only can we not block programs that keep moving and re-spawning in new locations effectively in our firewalls but that it does it every single bloody hour as the default. Its insanity.

We have only but a few options. The first of which is to change the respawn time through a configuration option that is available for setting its spawn interval, the second option is to uninstall every single google product on your system. Great choice huh?

You cannot remove the updater apparantly because if you do, any installed google product you have will reinstall it. So basically your trusted google software is acting like a virus/malware. Awesome.

This is what you need to type into terminal to change the interval:

This one is for 24 hours.
$ defaults write checkInterval 604800

This one is for 7 days
$ defaults write checkInterval 4233600

The interval is measured in seconds, so thats the examples i gave above for some good defaults you could use, which should mitigate the annoyance and frustration of the issue. Ultimately though, google is at fault for implementing such a bizarre and incredibly annoying approach to solving a rather simple problem that stubbornly won’t play well with firewalls, won’t allow itself to be removed without removing all google products and that creates new instances of itself for each updater check.