KSFetch Annoyance on Mac OS X 10.8 ML with ‘Hands Off’ or ‘Little Snitch’ Firewall.

So you have some firewall on your Mac OS X setup, and it nags about 4 times a day about wether you want to grant KSFetch access to the net. Thats the thing that has been bugging me for months and finally decided to figure out a way to sort out this little menace.

As it turns out, this is a common issue with an ongoing discussion in several places across the web, namely here and on here at google groups.

KSFetch is a process for autoupdating of any and all google products installed on your system. Chrome being one of the most popular. Unfortunately, KSFetch is recreated each time it wants to check for updates and placed in a new directory, part of which is randomised. The randomised part of it means your firewall won’t know of it every time a new one is created even though you may have selected ‘always allow’ or ‘always deny’ because its looking at the wrong directories due to the nature of the random string in each. This results in your firewall having a ridiculous list of KSFetch entries in it and a continual nagging from your firewall about wether to allow or deny.

Another aspect to the issue is that, not only can we not block programs that keep moving and re-spawning in new locations effectively in our firewalls but that it does it every single bloody hour as the default. Its insanity.

We have only but a few options. The first of which is to change the respawn time through a configuration option that is available for setting its spawn interval, the second option is to uninstall every single google product on your system. Great choice huh?

You cannot remove the updater apparantly because if you do, any installed google product you have will reinstall it. So basically your trusted google software is acting like a virus/malware. Awesome.

This is what you need to type into terminal to change the interval:

This one is for 24 hours.
$ defaults write com.google.Keystone.Agent checkInterval 604800

This one is for 7 days
$ defaults write com.google.Keystone.Agent checkInterval 4233600

The interval is measured in seconds, so thats the examples i gave above for some good defaults you could use, which should mitigate the annoyance and frustration of the issue. Ultimately though, google is at fault for implementing such a bizarre and incredibly annoying approach to solving a rather simple problem that stubbornly won’t play well with firewalls, won’t allow itself to be removed without removing all google products and that creates new instances of itself for each updater check.

Or, we use other solution in the following:

Little Snitch and ksfetch

Apparently a significant amount of Mac users has trouble with the Little Snitch firewall not understanding ksfetch. This is a different approach.

The ksfetch application is often associated with Google’s automatic updates when you are using (or previously used a version with a buggy uninstaller of) Chrome or Chromium. The trouble with this application is the following: it is placed in a subdirectory of the temporary directory, but each time this subdirectory is created, it has a different path name.

Little Snitch does not understand this. Because ksfetch has a different location every time, it assumes these occurrences of ksfetch are actually different applications, which all need their own set of firewall rules. The developers of Little Snitch could fix these problems by using application fingerprinting, but that’s probably not why you are here.

Little Snitch and ksfetch

Now we know what the problem is, it’s actually easy to fix.

In the dialog box to add a new rule in Little Snitch, you enter the rule to deny all connections to any server on any port with any protocol. The application name is entered as “/tmp/*/ksfetch”. The asterisk is a wildcard, this actually tells Little Snitch: “Match all the applications called ksfetch, which are in any 1st level subdirectory of the top level directory tmp.”

This will probably only work using the newer versions of Little Snitch. If it doesn’t work: update!

Notice: this solution could still work for a lot of people, but support is discontinued because of time constraints. Leaving a comment is still possible. Solutions to common issues are:

• Updating Little Snitch.
• Updating Chrome.

You’re better off with Firefox anyways.