Rixstep
 About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search | Substack
Home » ACP » Tracker

Tracker

Go ahead.
Have fun.


'I love Tracker. It's a good way to kick idiots in the balls.'
 - Rixstep Forum

Don't give control to strangers. Or unknown untested software. Keep track of file activity. Know who's touching what. Don't let untested programs plant junk wherever they please and hide it from you. Don't let them spy on you either. Take control of your computer. Then go ahead and have fun. (And busting bad guys is always cool.)

Here are 14 things to consider.

1. Got new software?

There is - quite literally - no way to defend your computer without Tracker. There are no comparable products anywhere at any price. Ask anyone who uses it: there's simply no way to live without it. Tracker sees everything.

That's the funny thing about computers: it's almost impossible to know what's going to happen before it happens. Post mortem analysis might be all you have: finding out what's been done after it's done. It's all you ever have, and you need it.

Give your password to an unknown application and it's 'lights out': how can you find out where an application went and what it did with 20,000+ directories in your file system? Find out what it changed, what it added, what it read and sent on to someone?

They're getting nastier, the third party products (and nasty exploits). And even the benign ones are getting sloppier. And stupider. And meaner. Use of third party software is today ripe with hazards - even on your Apple computer. Giving an installer your admin password is asking for it.

There are two things that happen every time people get hit by crapware.

  1. The zealots come out of the woodwork. If the attack's described as a virus, they'll say it was a worm. If the attack's described as a worm, they'll claim it was a virus. Then they'll all retreat back into the woodwork and go on as before.
  2. Apple will issue the worn-out blanket statement 'never run unknown or untrusted software' and recede before anyone comes forward to ask them just how they expect that to happen.



That's why you need Tracker. Even if it's theoretically possible for a major shop to assign software testing to a seasoned admin and a dedicated machine, that admin needs an adequate tool with which to perform the testing.

And Tracker's the only tool available. The only one.

2. Take it for a test drive

Fire up Tracker. Click the 'Go' button. Go about your business for a while. Navigate into a few folders. Open a few files. Surf to a few sites on the Internet. And then come back to Tracker, click the 'Track' button and watch Tracker work - really fast.

Tracker lists all targets of all file operations, whether they be a mere access, a modification, or a change in inode data. Files accessed are listed in a regular font; files that have been modified and files whose inode data has been modified are listed in bold, as these operations are more serious (potentially damaging).

Tracker results include directories too: simply navigating to a folder gets you noticed by Tracker.

3. They can't wipe their tracks

Tracker will even show you when your 'untrusted' application is trying to rig your file system data on you: that all-important 'changed' field will show up in Tracker and make 'MacNasty.app' stick out like a sore thumb.

4. The info sheets

In addition to the standard ACP info sheets Tracker has a special tracking sheet that shows you just what fields have caught Tracker's eye.

5. Are you really really really sure?

Some malware tries to trick you by disguising itself as one type of file but opening as a different type of file. Even Finder can be fooled. But not Tracker.

Tracker sidesteps the classic 'Oompa-Loompa', 'Safari', and other 'exploit holes' by showing you before you launch your application (or what you're being duped into thinking is an 'innocent' file) exactly what program will in fact run. If things are not as you think they should be, you can nip things in the bud.

You decide what to run - and you get all the information you need up front before you run it.


Oompa Loompa came disguised as a zip file. Double-click it and be owned. Tracker caught it. Did you have Tracker?

6. Wanna go again?

Once a tracking session's begun, you can at any time refresh your listing, choose additional tracking areas of your disk - anything you want. You can even share tracking sessions between Tracker windows.

7. Everywhere, at once

Tracker lets you track as many areas as you want all at once - something you can't do from the command line. And Tracker automatically eliminates redundancy amongst your chosen target areas so fast scans stay fast. Tracker also lets you specify areas you don't want tracked - such as the increasing number of 'Apple' areas that only serve to clutter results.

8. Save it for later

Some especially pesky installers don't bother asking you to close all your other applications. They go ahead and close them anyway, no regard if you're ready for it or not. Tracker's OK with that - you've already saved the stamp to disk. And when the install is through - and whether or not the installer forced a reboot - you simply run Tracker again, fetch the stamp, and track.

Piece of cake with Tracker.

9. Check it out later

As soon as you hit that 'Track' button, you can go on doing what you were doing before and let Tracker finish its work. Times are capped at when you start the tracking session. So if you need to update later, just hit 'Track' again.

10. Play it again, Sam

Save your current Tracker session for later playback. Re-open the session, and resume precisely where you left off, with the same files, the same time stamps, the same search paths.

11. Exports

Tracker can export results in text format, with start time, stop time, target, areas scanned, areas skipped, files and directories accessed, files and directories modified - with everything listed for future reference.

12. You don' need no steekin' target!

As use of a target is optional, Tracker can obviously be used to track anything from a software installer to a complete Internet session to even a complete login session. Whatever it is you're after, Tracker can find it. You might, for example, be asked to let someone else use your computer for a while? Just set a stamp with Tracker, then come back and scan once they're gone, and find out exactly what they've done.

13. Tracker vs Spotlight

Spotlight and its corresponding driver fsevents can't help you track software and disk activities. fsevents misses out on file access stamps, and Spotlight can be easily overloaded and lose all its data - maybe not such a big deal if you're just crunching through your entire hard drive to build up those ridiculous Spotlight indexes all over again, but it is a big deal if you're trying to track unknown or untested software, in which case you're gonna be t-o-a-s-t.

Tracker doesn't lose data. An increasing number of software reviews at Rixstep are performed with the use of Tracker. Google Desktop was tracked in a matter of minutes - full system recovery may have been impossible without it.

14. Tracker vs App Uninstallers

Nope, the 'app uninstaller' is not an app Apple forgot. (Tracker perhaps is.) If you want to see how burnt you can get with an app uninstaller, check here.

Go ahead. Have fun. Use Tracker.

See Also
Software Reviews: The OmniFocus Project

About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search | Substack
Copyright © Rixstep. All rights reserved.