Trusteer Rapport

PC__Gamer · #1 June 17th, 2011, 10:31 AM

Hey guys,

My bank has just offered me this software for free.

How has production of this software been in the past few years (since I originally heard about it) ?

Does it operate similar to Prevx safe online?

What are peoples experiences with the software like?

It does say it blocks viruses to.

Rapport’s unique technology blocks advanced Trojans including Zeus, Silon, Torpig and Yaludle without the need to constantly update and chase the different variants of these Trojans.

codylucas16 · #2 June 17th, 2011, 10:42 AM

It works kind of like keyscrambler on sensitive web pages. It encrypts your keystrokes. It also intercepts screen captures while on sensitive pages.

While on pages that they do not protect, it really doesn't do much.

lordraiden · #3 June 17th, 2011, 10:56 AM

Quote:

Originally Posted by codylucas16

It works kind of like keyscrambler on sensitive web pages. It encrypts your keystrokes. It also intercepts screen captures while on sensitive pages.

While on pages that they do not protect, it really doesn't do much.

It's not like keyscrambler at all, keyscrambler just encrypt the keys and does not protect against the modern banking malware.

@PC__Gamer
Trusteer Rapport offers more or less the same level of protection than Prevx safe online and both are much more advanced than keyscrambler. What I dont like of it is eats a lot of RAM. But I like that it is more configurable than Prevx Safe Online

You dont need your bank to give it to you, you can get it for free from here: http://www.trusteer.com/webform/download-rapport

You can start to test it right now, install it and take a look to the rules so you will see that protects against more stuff that you can read here:

 Blocks Zeus, Torpig, Silent Banker and other Man-in-
the-Browser attacks
 Blocks all malware attacks including Keyloggers and
Pharming
 Enables phishing site detection and confirmation
 Delivers advanced reporting on current and new
threats including zero-day attacks

Trusteer Rapport differs from Anti-Virus and Firewalls
because it:
1. Locks down access to financial and private data
instead of looking for malware signatures
2. Communicates with your online banking website to
provide feedback on security level and report
unauthorized access attempts
3. Enables you to take immediate action against
changes in threat

http://www.trusteer.com/presentation-how-it-works

tgell · #4 June 17th, 2011, 11:40 AM

lordraiden.
How would compare Trusteer to Quaresso? Does it achieve the same thing as Trusteer?

http://www.quaresso.com/products/myp...otect-overview

sbcc · #5 June 17th, 2011, 11:46 AM

I've only run into Rapport once that I can remember, but my experience with it may be relevant. This was perhaps a year ago on a customer's computer. XP MCE, IE8 and a gig of RAM on a Centrino laptop, IIRC.

I cannot speak to its effectiveness, but I can confirm lordraiden's observation that it does (or did) use a lot of RAM. It also slowed browsing considerably and some websites would not load completely. We decided to remove it. That was not easy, there were stubborn leftovers. To the best of my recollection, I had to manually remove a service and a browser add-in. After removal, browsing returned to normal.

Customer was using Avira Personal, so the antivirus was not contributing to the slow browsing - no web guard in AntiVir at that time.

It's certainly possible that these issues have been addressed in the latest version, but I'd do a system image before installing it. It is tenacious.

sbcc

Nekromantik · #6 June 17th, 2011, 11:52 AM

I had this installed few days ago and on my Laptop it did eat RAM while it was installed with OA Free and Panda Cloud AV.

So I went back to Prevx SO.

BoerenkoolMetWorst · #7 June 17th, 2011, 12:04 PM

Indeed, Trusteer is quite like Prevx SOL, but unfortunately uses quite some memory and apart from some pre-configured protected sites you have to enter each site you want to protect manually.(With SOL you can add also set protection level for all HTTP and HTTPS sites.)

I'm not sure about Quaresso, haven't tried it myself and the site doesn't go in much detail. It doesn't seem to protect against form grabbing.

Victek123 · #8 June 17th, 2011, 12:12 PM

Quote:

Originally Posted by lordraiden

You dont need your bank to give it to you, you can get it for free from here: http://www.trusteer.com/webform/download-rapport

True, but it seems to have maximum value if it supports your bank directly. Here's a statement from the Trusteer CEO during an interview:

Our software integrates into the bank’s site and communicates with the [Rapport] software installed on customer machines, and the two of them can work together so that the bank can effectively measure what the software does on the customer’s desktop. Whenever the customer logs into the bank’s site, the bank knows whether Rapport is there, whether it’s up to date, whether its been attacked or compromised.

I installed it on one of my Windows 7 systems with 3 gigs of ram. Since ram is as cheap as dirt (well, maybe not dirt) why worry about ram usage? I just checked and its currently using 30 megs. I don't notice any slowdown when browsing with IE 9.

BoerenkoolMetWorst · #9 June 17th, 2011, 12:19 PM

I've found a video explaining Quaresso, it's quite different from SOL and Trusteer:
http://www.quaresso.com/flash/POQue/POQue.html
It works on demand, it is not even installed permanently. It is launched through the browser using Java or ActiveX(meh) and then launches a new protected browser window until the secure session is over.

lordraiden · #10 June 17th, 2011, 12:20 PM

Quote:

Originally Posted by Victek123

True, but it seems to have maximum value if it supports your bank directly. Here's a statement from the Trusteer CEO during an interview:

Our software integrates into the bank’s site and communicates with the [Rapport] software installed on customer machines, and the two of them can work together so that the bank can effectively measure what the software does on the customer’s desktop. Whenever the customer logs into the bank’s site, the bank knows whether Rapport is there, whether it’s up to date, whether its been attacked or compromised.

I installed it on one of my Windows 7 systems with 3 gigs of ram. Since ram is as cheap as dirt (well, maybe not dirt) why worry about ram usage? I just checked and its currently using 30 megs. I don't notice any slowdown when browsing with IE 9.

I think that still there is no difference, the partners/banks are preconfigured in trusteer rapport so maybe this is what they want to mean.
I would say that your bank will provide the same installation file but you will have access to direct support, and important security news of your bank using the interface.

I agree with you, although I mentioned it the RAM is not an issue and I didn't notice any slowdown.

Quote:

Originally Posted by tgell

lordraiden.
How would compare Trusteer to Quaresso? Does it achieve the same thing as Trusteer?

http://www.quaresso.com/products/myp...otect-overview

I have never use quaresso probably because you can get the same benefits for free using Prevx SOL free or Trusteer Rapport.

1chaoticadult · #11 June 17th, 2011, 12:58 PM

Rapport only using around 30mb for me and I noticed no slowdown with websites at all.

aigle · #12 June 17th, 2011, 03:33 PM

In my testing in the past with Rapport and AKLT, I noticed that Rappport scrambles keys in a regular, predictable way. Like if I write USER in password filed, it will always write ABLE( just an example). So I guess a keylogger will grab it and then the info can be de-coded to get aftual passord.

Can anyone confirm this? Thanks

The Hammer · #13 June 17th, 2011, 04:53 PM

It (Trusteer) did well in testing here. http://malwareresearchgroup.com/

Scoobs72 · #14 June 17th, 2011, 05:11 PM

Quote:

Originally Posted by aigle

In my testing in the past with Rapport and AKLT, I noticed that Rappport scrambles keys in a regular, predictable way. Like if I write USER in password filed, it will always write ABLE( just an example). So I guess a keylogger will grab it and then the info can be de-coded to get aftual passord.

Can anyone confirm this? Thanks

No, Rapport just outputs the same string in repetition. On my system whatever I type results in the keylogger test application (e.g. Spyshelters) seeing ABCDABCDABCD and so on.

aigle · #15 June 17th, 2011, 06:18 PM

Ah... ok. Same thing with me I guess. I just mis-understood it. Thanks

BTW does any one know what are the limitations of free version?

qakbot · #16 June 17th, 2011, 09:57 PM

Quote:

Originally Posted by PC__Gamer

Hey guys,

My bank has just offered me this software for free.

How has production of this software been in the past few years (since I originally heard about it) ?

Does it operate similar to Prevx safe online?

What are peoples experiences with the software like?

It does say it blocks viruses to.

Rapport’s unique technology blocks advanced Trojans including Zeus, Silon, Torpig and Yaludle without the need to constantly update and chase the different variants of these Trojans.

All the anti-keylogging software are just marketing gimmicks. There is simply no way they can protect you from malware that is already running on the machine. I mean think about, they are hooking the keyboard device stack. Well.. ok, however low they hook, my kernel-mode malware can hook below them and still see the unencrypted keystrokes.

If they patch a user-mode API to block certain calls to it, I can patch over them and see the API call before them.

The guys that write Zeus and other such Trojans are not idiots.. they are far more sophisticated than the average malware writer.

So its no wonder that these products are being given out for free since they dont really work.

jmonge · #17 June 17th, 2011, 10:01 PM

agree 100%

aigle · #18 June 17th, 2011, 11:10 PM

Don,t agree at all. MRG people,s tests showed that some of these are usefull. Rapport is one of them.

qakbot · #19 June 17th, 2011, 11:24 PM

Quote:

Originally Posted by aigle

Don,t agree at all. MRG people,s tests showed that some of these are usefull. Rapport is one of them.

MRG like all the other reviewers are in this for money. They are not running a charity organization. So they will publish any review that someone will read and hopefully pay for.

I challenge anyone from MRG to disagree with any of my comments.

If you want to read about device stacks, see http://www.codeproject.com/KB/recipe...display=Mobile

although all of this is second nature to anyone that writes Windows device drivers.

Scoobs72 · #20 June 18th, 2011, 02:34 AM

Quote: