Someone at Google is flunking security ergonomics
June 22, 2012
User experience, starting a few weeks ago:
Using the Little Snitch firewall, a program called “ksfetch” wakes up every hour or so, asking for permission to connect to the world.
I check to see that it is Google software update related, decide that is okay, and give it eternal permission.
A little while later, even though it has eternal permission, I am bothered again. And again, and again, and again, and again, and again.
What’s happening is that the Google Software updater (“Keystone”, apparently) frequently writes out a new version of ksfetch, and because it is a new application, firewalls like Little Snitch decide that it has not been approved for access. Why this fails security ergonomics is that it is very annoying, and it trains people into the bad habit of automatically approving access by anything named “ksfetch”; if I were writing a virus, I’d be sure to call it “ksfetch”.
You can see people attempting to figure this out on a Google product forum here. There’s one reply from someone who might be with Google, but they’re clearly not getting it.