Tracker No. Escape.

[Download the Xfile Test Drive here. ]

GOT NEW SOFTWARE? TWO THINGS TO CONSIDER.

There is - quite literally - no way to protect your computer without this tool. No way. There are no comparable products anywhere - at any price. And ask anyone who uses it: there is simply no way to live without it - it sees everything.

There's a funny thing about computer code: it's almost impossible to know what it's going to do before it does it. Post mortem analysis might be all you have: finding out what's been done after it's done. It's all you ever have. And you need it.

Give your password to an unknown application and it's 'lights out': with 20,000+ directories in your file system how can you find out where the application went and what it did? What it changed, what it added, what it read and sent on somewhere?

They're getting nastier, the third party products (and nasty exploits). And even the benign ones are getting sloppier. And stupider. And meaner. Use of third party software is today ripe with hazards - even on OS X. Giving an installer your admin password is asking for it.

There are two things that happen every time people running OS X get hit by crapware or malware.

1. The zealots come out of the woodwork. If the attack is first described as a virus, they'll claim it was a worm. If the attack's described as a worm, they'll claim it was a virus. Then they'll all retreat back into the woodwork and go on as before.
2. Apple will issue the worn-out blanket statement 'never run unknown or untrusted software' and recede before anyone can ask them just how they expect that to happen.

That's why you need Tracker. Even if it's theoretically possible for a major shop to assign software testing to a seasoned admin and a dedicated machine said admin needs an adequate tool with which to perform the testing. And Tracker's the only available tool for OS X.

TAKE IT FOR A TEST DRIVE.

Fire up Tracker. Click the 'Track' button. Go about your business for a while. Navigate into a few folders. Open a few files. Surf to a few sites on the Internet. And then come back to Tracker, click the 'Refresh' button and watch Tracker work. It's really fast.

Tracker lists all targets of all file operations, whether they be a mere access, a modification, or a change in inode data. Files accessed are listed in a regular font; files that have been modified and files whose inode data has been modified are listed in bold, as these operations are more serious.

And this includes directories too: simply navigating to a folder gets noticed by Tracker.

THEY CAN'T WIPE THEIR TRACKS.

Tracker will even show you when your 'untrusted' application is trying to rig your file system data on you: that all-important 'changed' field will show up in Tracker and make 'MacNasty.app' stick out like a sore thumb.

THE INFO SHEETS.

In addition to the standard ACP info sheet Tracker has a special tracking sheet that shows you just what fields have caught Tracker's eye.

'ARE YOU REALLY SURE?'

Some malware tries to trick you by disguising itself as one type of file but opening as a different type of file. Even Finder can be fooled. But not Tracker.

Tracker sidesteps the classic 'Safari' and other 'exploit holes' by showing you before you launch your application (or what you're being duped into thinking is an 'innocent' file) exactly what program will in fact run. If things are not as you think they should be, you can nip it all in the bud.

You decide what to run - and you get all information up front before you run it.

The Oompa Loompa exploit came disguised as 'latestpics.tgz'. Tracker would have stopped it.

WANNA GO AGAIN?

Once a tracking session's begun you can at any time refresh your listing, choose additional tracking areas of your disk - anything you want. You can even share tracking sessions between Tracker windows.

SAVE IT FOR LATER.

Some of the cheekier installers not only advise you to close all other applications but close them for you whether you like it or not. Tracker's OK with that - you simply save the stamp and exit. And when that obstinate installer is through, you launch Tracker again, get back the stamp, and scan. Piece of cake.

CHECK IT OUT LATER.

As soon as you hit that 'Refresh' button you can go on doing what you were doing before and let Tracker finish its work. Times are capped at when you start the scan session. If you need to update later - just hit 'Refresh' again.

TWO PLACES AT ONCE.

Tracker lets you track as many areas as you want all at once. And it automatically eliminates redundancy amongst your chosen target areas so fast scans stay fast.

EXPORTS.

Tracker can export results in text format with start time, stop time, target, areas scanned, files accessed, inodes changed, and files modified all listed.

YOU DON'T NEED A TARGET.

As use of a target is optional, Tracker can obviously be used to track anything from a software installer to a complete Internet session to even a complete login session.

Whatever it is, Tracker will find it all.

TRACKER VS SPOTLIGHT.

Spotlight and its corresponding driver fsevents can't help you track software and disk activities. fsevents misses out on the all important file accesses and Spotlight can be easily overloaded and lose all its data. Which isn't such a big deal if you're just crunching through an entire hard drive to build up Spotlight indexes again. But it is a big deal if you're trying to track unknown or untested software and you lose all your data.

Tracker doesn't lose data. An increasing number of software reviews at rixstep.com are performed with the use of Tracker. Google Deskop was tracked in a matter of minutes - full system recovery may have been impossible without it.

There. Is. No. Escape.