How to find a rogue updater?

Joined
Dec 8, 2009
Messages
453
Reaction score
10
Points
18
Location
The same as Sheldon Cooper - East Texas
Your Mac's Specs
iMac 2014 i5 5k 32gb 1tb fusion, second TB display, 2014 MBA
Imac i7 with Snow Leopard and all updates.

I use Hughesnet for my connection and with it comes a daily download limit of about 200 mb. Normally, that is far above my daily use and if I need to download some massive update, I can wait till 1am when the download isn't metered. If the daily limit is exceeded, the ISP drops your access speed to about dialup rate for 24 hours - in our jargon, you have been "Fapped".

In the last couple of months or so, every couple of weeks I suddenly find that I have exceeded the threshold and fallen into the fair access policy hole. Looking at the ISP supplied log, I always find that something has initiated a massive download of over 200mb. And so far I can't find what is causing it. Here is what I have looked at.

System updates have been set to manual.
The only apps that I have that approach 200 meg are Apple supplied Istuff (Iphoto, Imovie, Garageband, etc) which I assume fall under the system update control, and OpenOffice, Xcode, and Gimp - all of which are set to manual update only.
The download folder for Opera has nothing new, so I didn't accidently click on a full length movie download or the like. Besides, a couple of times it has happened when I was out of the house.
I have searched the entire Application and Utilities folders and my Home folder for every app that is over 100 meg and have come up with nothing that is set to auto update or has a new modification date.

My last option, if nobody comes up with a suggestion, is to drop back into Unix mode and write a script that catalogs every file on the system that is larger than about 100 meg and has a modification date that matches the download time. That will take a while since I will have to dust off the old script manuals.

Anyone got a suggestion on how to trap this thing?
 
Joined
May 22, 2005
Messages
2,159
Reaction score
67
Points
48
Location
Closer than you think.
Your Mac's Specs
Performa 6116 2GBSCSI 8MB OS 7.5.3
They supplied you with a log?

Look at you console logs for activity during the time frames referenced in the Hughes log.
 
OP
cptkrf
Joined
Dec 8, 2009
Messages
453
Reaction score
10
Points
18
Location
The same as Sheldon Cooper - East Texas
Your Mac's Specs
iMac 2014 i5 5k 32gb 1tb fusion, second TB display, 2014 MBA
They supplied you with a log?

Look at you console logs for activity during the time frames referenced in the Hughes log.

Well, sort of a log. No details. They show that between 13:00 and 14:00 today I downloaded 238 meg. Come to think of it, I wasn't even home during that hour.

Nope. The console log has nothing whatsoever with a date stamp during that hour. Syslog shows timemachine starting and stopping and two ntpd time resets and that's it.

Just in case their log is off, I looked several hours on either side of that hour but nothing unusual is there.
 

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top