Trusteer Rapport Security Software

[nord1]

My bank is offering this new security software (free) as an addon to my browser for secure financial transaction. Never heard of it. I'm running MalwareBytesPro and Avast 6.0.1125 at the moment. Do I need this stuff or?

Much thanks.

[pegr]

If you are concerned about identity/data theft from undetected malware that may be already be running on your system then it's a good idea. If you are reasonably sure that the machine is clean, and you are sure that your security measures are enough to keep it that way, then maybe not.

[nord1]

Quote:

Originally Posted by pegr

If you are concerned about identity/data theft from undetected malware that may be already be running on your system then it's a good idea. If you are reasonably sure that the machine is clean, and you are sure that your security measures are enough to keep it that way, then maybe not.

pegr,

Always concerned, seldom compromised with reasonable precautions. However, would like to hear if anyone, anywhere has heard of this piece of software my bank is touting and whether or not it is any good.

[Victek123]

Quote:

Originally Posted by nord1

pegr,

Always concerned, seldom compromised with reasonable precautions. However, would like to hear if anyone, anywhere has heard of this piece of software my bank is touting and whether or not it is any good.

Trusteer Rapport has been around for a while and there are other threads here where it has been discussed (sorry, can't provide links at the moment). It protects against key and screen loggers, DNS spoofing, etc. Here's a list of features from the developer's website:

http://www.trusteer.com/product/trusteer-rapport

I tried it on a couple of machines and found it slowed down browsing somewhat, but that wasn't true for everyone. I'm not sure if Avast and Malwarebytes Pro together cover all of the same areas. I would recommend trying TR and see how it behaves on your system.

[RJK3]

In dealing with the problem of malware - there's Prevention, Detection, Disinfection, then lastly Mitigation (reducing the effects of something).

I put most of my effort into prevention, followed by detection. I only need to bother with disinfection on other people's computers. I can't imagine a situation where I'd be happy with reducing the harm of an infection on a computer.

Trusteer Rapport will mean putting a lot of resources into Mitigation, i.e. reducing the risk of harm on an already infected PC. "Yes you're infected M'am, but I put Trusteer Rapport on so you can bank safely!"

This is the same approach used by many Western healthcare systems - expensive drugs over someone's lifetime designed just to manage the symptoms of diseases instead of actually treating them. The focus is just wrong, all IMO.

Rapport does have a noticeable effect on system performance, at least on every non-quadcore i7 system I've seen it used on. There are better approaches that use less resources.

[Victek123]

Quote:

Originally Posted by RJK3

In dealing with the problem of malware - there's Prevention, Detection, Disinfection, then lastly Mitigation (reducing the effects of something).

I put most of my effort into prevention, followed by detection. I only need to bother with disinfection on other people's computers. I can't imagine a situation where I'd be happy with reducing the harm of an infection on a computer.

Trusteer Rapport will mean putting a lot of resources into Mitigation, i.e. reducing the risk of harm on an already infected PC. "Yes you're infected M'am, but I put Trusteer Rapport on so you can bank safely!"

It's possible the banks think about it this way since they have no control over the security (or lack of it) on customers' computers. But I believe an argument can be made for conscientious users using Rapport simply because zero day malware are real and malware is getting better at hiding even from the best scanners.

One approach is to dedicate a browser exclusively for online banking and install added security, such as Rapport, only in it. That way it doesn't impact other browsers or the system generally.

[RJK3]

Quote:

Originally Posted by Victek123

It's possible the banks think about it this way since they have no control over the security (or lack of it) on customers' computers.

Yes I can see that point of view - they want to encourage internet banking (reduces the cost of business for the bank), but they want a secure platform from their end all the way to the customer. The weakest link for them is going to be the computer they don't control, so Trusteer Rapport gives them that control.

I've looked briefly - but haven't seen how to install Rapport so it only runs when you use a certain browser. Do you mind explaining further?

[Victek123]

Quote:

Originally Posted by RJK3

Yes I can see that point of view - they want to encourage internet banking (reduces the cost of business for the bank), but they want a secure platform from their end all the way to the customer. The weakest link for them is going to be the computer they don't control, so Trusteer Rapport gives them that control.

I've looked briefly - but haven't seen how to install Rapport so it only runs when you use a certain browser. Do you mind explaining further?

It's been a while since I tried TR and since you asked I thought I'd better reinstall. I stand corrected - it doesn't appear possible to install for a specific browser. TR installs a system driver. One option would be to turn it off for general browsing (settings are available by clicking the icon in the address bar) and turn it back on just for banking if it creates some overhead. Anyway, sorry for the incorrect information.

[RJK3]

No problem, thanks for following up.

[sun88]

Quote:

Originally Posted by RJK3

There are better approaches that use less resources.

I would like to hear more about these better approaches.

In my experience, TR only slows things down at the time when you are logging in to a protected site. I don't mind waiting while it sets up protection from crimeware.

[sun88]

Quote:

Originally Posted by nord1

My bank is offering this new security software (free) as an addon to my browser for secure financial transaction. Never heard of it. I'm running MalwareBytesPro and Avast 6.0.1125 at the moment. Do I need this stuff or?

Much thanks.

Major banks and Paypal and eBay endorse Trusteer Rapport and offer it to you for free. It's one of a handful of tools that can actually protect you from crimeware even if your PC is already infected, and it's the only one that's free. Unless you are certain you don't need it, only twisted logic would stop you from using it.

[aigle]

Quote:

Originally Posted by nord1

pegr,

Always concerned, seldom compromised with reasonable precautions. However, would like to hear if anyone, anywhere has heard of this piece of software my bank is touting and whether or not it is any good.

One of the best passive defence against keyloggers.

But I will make sure I have a clean system if I do online banking etc.

[m00nbl00d]

This is my take on it. And, I'm just generally speaking.

Generally speaking, most people won't know whether or not their systems are infected. For all they care, their systems are clean.

Do their banks offer/suggest a security solution? That's great, IMHO. Why? If a piece of malware does get the credentials, then the user can blame the bank, because the security application they suggested/offered didn't work!

If the user declines the security solution, and if malware gets the bank credentials, then the bank will say Well, we did offer this security solution to protect you, and you declined it. It's not our fault, now is it?.

Which side to pick? lol

[1chaoticadult]

Quote:

Originally Posted by m00nbl00d

This is my take on it. And, I'm just generally speaking.

Generally speaking, most people won't know whether or not their systems are infected. For all they care, their systems are clean.

Do their banks offer/suggest a security solution? That's great, IMHO. Why? If a piece of malware does get the credentials, then the user can blame the bank, because the security application they suggested/offered didn't work!

If the user declines the security solution, and if malware gets the bank credentials, then the bank will say Well, we did offer this security solution to protect you, and you declined it. It's not our fault, now is it?.

Which side to pick? lol

Neither side lol..

[pegr]

Quote:

Originally Posted by nord1

Always concerned, seldom compromised with reasonable precautions. However, would like to hear if anyone, anywhere has heard of this piece of software my bank is touting and whether or not it is any good.

It has been tested several times and has been found to work to protect the browser against banking trojans, keyloggers, screen grabbers, etc, which is not to say that it's bullet proof. Nothing is invulnerable but browser protection utilities like Rapport can definitely help as part of a layered security setup.

I have experimented with Rapport, on and off, for quite a long time (I get it from my bank) and on my Windows XP system it hasn't slowed down browsing, but it does use quite a lot of memory for what it does.

My experience of Rapport is that it isn't especially tolerant of other security software though so you will need to experiment to see if it works well with your setup. On the occasions I have experienced performance issues with Rapport, it has been due to conflicts with other security applications.

If using a light virtualization application such as Returnil or Shadow Defender to keep the system virtualized for normal use then the argument in favour of using a browser protection utility like Rapport is weaker, as a reboot to remove any live malware that may be running prior to engaging in online banking or shopping should be all that is required (providing of course that the real system was clean prior to entering the virtual system).

Light virtualization has the advantage of being highly compatible with other security applications, and is the approach I personally favour, but I realise it doesn't suit everyone.

[nord1]

I run MalwareBytesPro and Avast 6.0.1125. I do my banking from within Avast's sandbox and for overkill use DropMyRights. A system driver separate from individual browsers, eh. As I have an old laptop (XP PRO SP3) with only 768 megs ram, system resources are at a premium. I will install it using InCtrl 5 and then Revouninstaller if it doesn't work out. Will post back after a trial run.

Much thanks to everyone for all your posts.

[RJK3]

Quote:

Originally Posted by sun88

I would like to hear more about these better approaches

Don't get infected in the first place.

Plenty of discussion on how to achieve that here.

[m00nbl00d]

Quote:

Originally Posted by RJK3

Don't get infected in the first place.

Plenty of discussion on how to achieve that here.

In all fairness, you can't just think inside the box. You also need to think outside the box.

A user's system may be clean, but a cybercriminal may hijack the connection between the user and the bank's server, diverting the connection to his own server, and act as a middle man.

I'm not saying it would be able to protect against all kinds of MITM attacks, but it would provide protection against most common type of attacks.

I believe tools like Trusteer Rapport use triangulation to detect wether or not the user is in fact communicating with the bank's servers.

[Amit]

if you have avast internet security then trusteer is not needed.... avast safezone will more than take care of the safety of online banking or shopping...

[treehouse786]

i liked it until it started blue screening on me

[nord1]

Quote:

Originally Posted by ams963

if you have avast internet security then trusteer is not needed.... avast safezone will more than take care of the safety of online banking or shopping...

am963,

Didn't get a graph on the resources used, but subjectively it was slower than before on my old T40 Thinkpad. Report was sketchy at best: found 3 cookies it didn't like and blocked (didn't ask), but no info about what cookies and which browser it used. Only use IE6 for windows update and my bank won't use that anymore. Firefox 3.6 is supported, so FF 3.6.23 was my testbed, but no mention of FF 7.0.1, which is what I generally use. A couple of other browsers (K-Meleon and Iron) are not supported.

The report can't be copied anywhere for further analysis and you can't see any details, guess it is a dumbed down interface.

Removed it with Revouinstaller with zero problems.

As you said, Avast does enough, along with MalwarebytesPro and of course, standalone apps for emergencies (and a Linux Knoppix CDR with F-Prot).

Tks.

[1chaoticadult]

Quote:

Originally Posted by treehouse786

i liked it until it started blue screening on me

i liked it until it started crashing my browsers and freezing my laptop.

[Victek123]

Quote:

Originally Posted by m00nbl00d

If the user declines the security solution, and if malware gets the bank credentials, then the bank will say [i]Well, we did offer this security solution to protect you, and you declined it. It's not our fault, now is it?

Actually a very serious question - it would be important to find out if your bank, by virtue of offering Trusteer Rapport and/or other security software is waiving responsibility for any losses incurred while using the online banking service. A friend of mine had his bank account emptied via a "banking trojan" and the bank replaced all of the funds. That was some time ago though, and I don't know that all banks replace lost funds as a matter of policy.

[Victek123]

Quote:

Originally Posted by ams963

if you have avast internet security then trusteer is not needed.... avast safezone will more than take care of the safety of online banking or shopping...

Screenshots of Avast Safezone remind me of SafeCentral. I wonder if it's SafeCentral rebranded?

[Victek123]

Quote:

Originally Posted by m00nbl00d

A user's system may be clean, but a cybercriminal may hijack the connection between the user and the bank's server, diverting the connection to his own server, and act as a middle man.

I believe tools like Trusteer Rapport use triangulation to detect whether or not the user is in fact communicating with the bank's servers.

Yes, it's important to understand that malware on the local system is not the only attack vector. The connection has to be protected/verified all along the way. For instance I believe TR (and others such as Prevx SafeOnline and SafeCentral) protects against DNS poisoning. There's some information here:

http://www.trusteer.com/product/trusteer-rapport

Unfortunately it's not very technical, but perhaps there's an in-depth PDF somewhere...