Playing with my Mac this evening, the following system popup appeared, while I’m browsing around the web:
I’m always a bit suspicious, esp. if it shows up when I’m wandering around the web in Chrome. I assume nothing can get out of the sandbox, but who knows? I’ve already disabled the Java plugin, and nondescript programs asking me to type in my admin password always make me pause.
Various Google searches return non-helpful results, since it splits “finish” and “installation”, and, again doesn’t do order-dependent or phrase searches. And since most of the phrase is pretty non-unique, the results aren’t great.
But, I did manage to find this post on MacRumors.
Turns out the “finish_installation” is part of Sparkle, which is that handy-dandy autoupdate framework. But it’s not helpful when you don’t know which app is requesting the update, and/or if this app is legit.
So open up Activity Monitor, and Inspect the finish_installation process, which will tell you what you want to know.
In this case, the app to be updated is the Amazon Cloud Drive program, which is legit.
thanks for this.
I googled “finish_installation” and landed here. In my case it was Teamviewer that started the program.
I was just presented with the same dialog and was quite suspicious, hence googling my way to this post. Thanks for sharing your investigations, your images are all 404-ing though.
Thanks for the comment, I’ve fixed the images. For whatever reason WordPress saves ’em as absolute URLs :(.
Just got the same dialog box from Java update, but was unable to find the process in the Activity Monitor.
Java is getting really annoying, it’s a shame that ebanking apps rely on it.
Excellent post. In my case, it was VLC which popped up the “finish_installation wants to make changes” popup after I clicked the “Install update upon quit” button.
I also encountered this suspicious password request dialog on OS X 10.7, updating Java 7 v51 to v67.
“finish_installation is trying to install a new helper tool. Type your password to allow this.”
I searched and found this post. Like commenter braindance, I was NOT able to find a finish_installation process in Activity Monitor as per the screenshot in the original post.
However, when I switched to “All Processes, Heirarchically” view and looked under “Java Updater”, I found a subprocess named “Java Update” — clicking Sample Process revealed that it is actually the finish_installation process that the original post describes (and appears to be just Sparkle).
Process: finish_installation [46741]
Path: /Users/*****/Library/Application Support/Java/finish_installation.app/Contents/MacOS/finish_installation
Load Address: 0x100000000
Identifier: org.andymatuschak.sparkle.finish-installation
Version: 1.0 (1)
Code Type: X86-64 (Native)
Parent Process: Java Updater [46708]
I went ahead and approved, and the update of Java finished normally.
Thanks for your excellent post. When this same message appeared I presumed it was malicious and denied access. If vendors are going to spring such potentially dangerous messages on us without proper verifiable notice and information they don’t deserve to have their software installed on users’ computers. So Amazon please get your act together…
Had the same thing, but with a window titled Autoupdate. Again, this comes from Sparkle via uTorrent.
Not impressed.
Process: Autoupdate [2072]
Path: /Users/xxxxxxxx/Library/Application Support/µTorrent/.Sparkle/Autoupdate.app/Contents/MacOS/Autoupdate
Load Address: 0x6d000
Identifier: org.andymatuschak.sparkle.Autoupdate
Excellent post along with the comments. I get suspicious, as others obviously do, when I’m asked for permission to allow an insutallation that isn’t 100% clear. In my case it was Java. Thanks to all.
thx for this post, i had pressed ‘cancel’ anyway
I got a suspicious Java update, with a request to log in with my administrator password to complete installation. One article I found suggested that it was to complete installation of “Sparkle” (which I don’t have, use, or know anything about). I aborted the installation after a little more research.
It responded by informing me that the installation was successful, even though I’d aborted it without admin authorization.
Thanks for the post. I just saw the same in MPlayerX. However, I also saw it in uTorrent but it made a real mess of my backups by hard linking back to a bunch of files in the /Applications directory. I’d be very, very cautious.
Still useful. Gitter (Electron based) was doing for me. Thanks
I was brought here by VLC
Any process that asks for password credential should always clearly say which program it’s doing for and why. This dialog fails on both fronts.