Detecting What Your Computer is Doing with Private Eye

“I didn’t think Macs got viruses.”

A friend told me that as I helped her clean off a spyware program from her Mac computer last year. While the Mac user has less to fear than a PC user when it comes to the dark side of the Internet, the days when a Mac user could just assume they had nothing to worry about from malware are over. It’s not just viruses causing damage and data loss to be concerned about, but also programs that want to steal your data or personal information. These applications send your info to someone with malicious intent, track what you do and where you go notifying you, and otherwise invade your privacy. Being careful about what you install can do a lot to protect you. Even then, security flaws in software can let software such as the Flashback Trojan that took advantage of a bug in Java to silently install and begin sending your personal information back to remote servers.

It’s just good to see for yourself what’s running on your computer and connecting out. Overall a program that shows you what your computer is doing will help you better understand what’s running and notice when something is amiss. Private Eye from Radio Silence is a free network monitor for the Mac that gives you a real time view into the network connections to and from your computer. Let’s see how well it works and if it can help keep you safe online.Like the article? You should subscribe and follow us on twitter.

Using Private Eye

Private Eye when Started

When first started Private Eye displays an empty window that will fill as applications make network connections.

Private Eye runs on Mac OS X Lion and Mountain Lion. It’s a free application that you can download from the Radio Silence web site. When initially run the program will present a blank list and a few options. As applications on your computer make connections or connections come back to your computer from the network, you will see the list show those connections in real-time.

Private Eye After Running for a Few Minutes

As Private Eye runs the list will show connections to and from your computer and a list of the applications that have been involved in network connections.

For each connection, Private Eye will show several items. The first column shows the time of the connection. The next column tells you the application making the connection and the third column tells you the the direction of the connection by an arrow along with the IP address or hostname of the other end of the connection. For outgoing connections this arrow points to the right (toward the hostname or IP address) and tells you what the application connects to. For incoming connections the arrow points toward the application name and shows you the source of the connection. The program only tracks connections that occur while running. You therefore can’t use the program to go back and see a connection made while not running. When exited, the program does not continue to run and takes up no resources.

Filtering to Only View Firefox Connections

Here I’ve filtered to only view connections to and from Firefox.

As you let Private Eye run you’ll likely see many connections from your computer. To help filter down to just the connections that you’re concerned about, Private Eye provides several filtering options to the left of the list. Under the Connections header you can choose to view only incoming or outgoing connections in addition to the default all connections. Unless you’re running a server, you’ll likely find the majority of connections will be outgoing from your computer to other sites. As applications make network connections, the list under applications will grow to include each application. You can click on the name of an application to filter the list to only the connections made to or from that application. You cannot combine to two to for example only view inbound connections to Dropbox for example.

Limitations

As a tool designed for simplicity, Private Eye omits some features that more network savvy users might wish to find. Private Eye will display connections as they happen, but it is not a firewall and can do nothing to stop or block connections. That functionality is available in the company’s paid Radio Silence application. Private Eye also cannot display detailed information on the connections. You cannot see what data was sent over the connection or the ports involved in the connection which can indicate what type of traffic is being sent or received. You also cannot save the list of connections to review or compare later.

It would be nice to be able to see a bit more about the connections that are shown. If you see an application that you are not familiar with, a good first step is to search for the application’s name. Having the ability to do this from the program would be a time saver. Another feature that would be nice is the ability to look up more information on the remote connection point directly. In both cases you can do these searches manually, but being able to select an entry in the list and do them from a menu would speed up the process.

What is Private Eye Telling Me?

Less Obvious Programs

Some applications are obvious, but others are more obscure and might require research to determine what they do.

You might wonder what this program really tells me and how does it keep me more secure? Private Eye is providing a list of all programs on your computer that are sending or receiving network traffic. This is a starting point as it tells you nothing about what the program is doing or if you should be concerned about it. Taking the list shown in the screenshot above, some of the programs are obvious. Firefox is my browser and Dropbox is the client for the Dropbox syncing program. Some of the other items in the list might look less familiar such as usbmuxd. For any application a web search on the application name will often be enough to tell you if the program is a normal, but usually unobserved, part of the system or something to be concerned about. Running the program over time will also show if and when new applications appear in the list.

Another thing to watch for are links to sites that you would not expect. A program that provides no network functionality connecting to the vendor’s web site could just be seeing if an updated version is available. It could also be sending something back that you don’t know about. This tool will only tell you about the connections going on. Research on the program in question or more detailed research on the traffic being sent could be required to determine if there is something to be concerned about.

Conclusion

Private Eye is a simple network tool, but does a good job at what it’s designed for. It aims to be a simple tool and does a good job of presenting information that would otherwise require a trip to the command line to see. It also is accurate and showed all traffic coming through my system while I tested it. The ability to know what’s on your computer and where it connects to can help you learn what’s on your computer now which will make finding the unusual easier in the future if needed.

I would like to see a little more functionality. I feel that what Private Eye shows is useful, but being able to go just a bit deeper would increase the usefulness of the program without increasing the complexity much. Overall Private Eye is a useful tool to add to your computer and run once in a while just to keep an eye on what’s going on.


Summary

A simple and effective free network monitor allows easy viewing of network connections on your computer, but has some limitations that reduce its usefulness a bit.

7
  • Sigilist

    A concise rundown that told me the critical details in then end. This app is really lacking in a number o simply areas. It should at least show the port and type of data exchange occurring, which would be easy to do considering from where the info that is displayed is being tap. Looks a little too much like a fear gimmick buit to sell their other product, since the average person might misinterpret activity shown with knowing how its being done or for what purpose.

  • http://jtechcommunications.com Joshua Reynolds

    I recommend Little Snitch from Objective Development. I has all of the monitoring abilities of Private Eye and much more. Little Snitch prompts you each time a new program attempts to make an outgoing connection. You can then either tell it to temporarily allow the connection, allow the connection until you quit the application or permanently allow it. These actions then form a list of rules that you can control and edit. If you were to install malicious software, Little Snitch would notify you and block the connection as soon as the software attempted to make a network connection. Anyway, if you’re interested in this sort of thing, definitely give Little Snitch a try.

theatre-aglow
theatre-aglow
theatre-aglow
theatre-aglow