Tracker Grows Up

Post mortem analysis on OS X - the only way to protect yourself. With the only program that can protect you.

There's a funny thing about computer code: it's almost impossible to know what it's going to do before it does it. Post mortem analysis might be all you have, but that's certainly a lot better than nothing.

Third party software is getting nastier - and stupider. Use of supposedly innocent products is today ripe with hazards - especially on OS X. Giving an installer your admin password is asking for it.

What do these programs and installers do? Where do they go? There's a command line way of tracking them but with the frequency of software trials it becomes tedious - and in this particular case the GUI does a more thorough job as well.

Enter Tracker. There is and will never be any substitute for caution, but Tracker will help automate a number of these otherwise tedious tasks. Use Tracker with 'unknown cards' and you'll at least have a chance for recovery. You'll know where they went, what they did - even what they were peeking at.

Take it for a Test Drive

Fire up Tracker and click the 'Track' button. Then go about your business: open a few files, surf a while on the Internet - and then come back to Tracker. Click the 'Scan' button and watch it work - it's fast, isn't it?

Tracker lists all targets of all file operations, be they a mere access, a modification, or a change in inode data. File accessed are listed in a regular font; files that have been modified or whose inode data has been modified are listed in bold to get your attention.

And this includes directories too: simply listing the contents of one will get you on Tracker.

[Maybe you better read that again: just launching Terminal and entering a directory (with 'cd') gets you listed. Need to read it again?]

So starting now you can not only see where software puts things and how it messes up things - you can also find out where it's snooping around.

Set the Root

The default scan root is your home directory; if you're really adventurous - or if you have a potentially nasty app that wants your admin password - change the scan root to encompass your entire file system.

Choose a Target

If you have a target program you want to track, drop it on Tracker's icon or a Tracker window.

Watch the Toolbar

Watch the toolbar: you can configure it any way you like, but the progression from left to right in the default configuration is important. Drop a target on the Tracker window - either an application to run or a document to open - and click the 'Track' button. The tracking begins and will continue until you click the 'Scan' button.

The Stop Button

Clicking the 'Stop' button either stops (cancels) the current track or stops the current scan.

Exports

Tracker can export its results in an easy to read text format with start time, stop time, target, files accessed, inodes changed, and files modified all listed.

Depending on whether you chose to begin your scan at root, Tracker will either search from there or through the entire contents of your home area.

You Don't Need a Target

As use of a target is optional, Tracker can obviously be used to track anything from a software installer to a complete Internet session to even a complete login session.

Time for Technobabble

When you click 'Track' a time stamp is recorded and kept for future reference; when you click 'Scan' another time stamp is recorded (it's listed in the export but otherwise not used) and Tracker now begins looking for files that have been accessed. 'changed', or modified since the first time stamp.

BSD records three time stamps for all items in a file system. The 'ctime' field is a bit peculiar: it denotes the time an inode was last changed.

Should rogue code attempt to reset time stamps to cover its tracks, this field will be nevertheless updated. The system hooks used to reset time stamps do not access this field.

Safety & Compete Control

Tracker runs scans from an embedded module that can get anywhere anyone else can. It's a console tool and so well protected against exploits. Tracker establishes a 'back channel' to this module and is fed results at a bewildering speed as they come in.

Tracker is fully armed with all the perks of the ACP Framework so you get a launch pad, full POSIX file info, global searches, and all the other goodies for which the ACP is well known.

Tracker also functions as a mini file manager. Drag and drop with the other applications in the Xfile System, drag server for other applications, for the dock, and so forth. It's total.

And Tracker is a full fledged ACP app - it's industrial strength, extremely lean and mean, extremely robust - and as many have already commented, extremely fast.

Try it today.

See Also
Tracker Home Page