Trusteer Rapport Security Software

well... i didn't had any....and those probs were addressed to avast and are probably fixed in the recent updates.....

@nord1
The avast! SafeZone is special web browser in avast which allows you to browse the web in a private, secure environment, invisible to the rest of your system.

If you do your banking or shopping on-line, or other security-sensitive and financial transactions, you can be sure that your personal data cannot be monitored by spyware or key-logging software. Unlike the avast! Sandbox, which is intended to keep everything contained inside so that it cannot harm the rest of your system, the SafeZone is designed to keep everything else out.The SafeZone includes some other security features in addition to the basic "inside out" sandbox, such as vpn service,secure DNS etc.

avast! SafeZone browser utilizes Chromium engine, but it's an internal component of avast internet security. It doesn't require to be updated separately, the updates are included in standard avast! updates.

no idea.....

 

No, it was developed in-house.

 

Hi

My ten pennorth

I used Trusteer Rapport until yesterday. Like you guys two of my banks were touting it.

I have no reason to believe that it did not do its job well.

That said I had a lot of BSODs ( hence the reason for removing it) Verifier.exe and Windows mini dumps confirmed that one of the Rapport drivers was the culprit.

The most disappointing part was that despite a promising beginning with Rapport Tech Support including live on line support I was effectively "dumped" once they were aware of verifier.exe.

Much shout about help no delivery.

So I am now waiting to see if my BSODs have gone away

Terry

 

I don't jump at shadows from buzzwords like MiTM and MiTB attacks.

I'd say the most common reasons for a genuine 'man in the middle' attack will be because:
a) the system has a banking trojan
or b) the user has clicked on a phishing link
or even c) using a wireless connection in a public place

Just use security basics and you'll be fine. The pay-off for a skilled hacker to go out of their way to compromise my router is low.

It's the bank's responsibility to make sure that 3rd parties don't access my account, and it's my responsibility to secure my account details and system, including where I bank online. Anything else is the fault of the bank for not using better authentication methods (most banks requires extra authentication to set up a new payee anyway).

Using a heavy, slow piece of software and treating my computer like I don't trust it isn't the answer for me.

 

There's a big difference between not jumping at shadows from buzzwords like MiTM and MiTB attacks and ignore that they exist.

And, you clearly believe they do exist, because of what you say next...

You aren't saying that the type of MITM attacks I talked about don't exist. They do exist.

It's like a car crash or a plane crash. What's the most common type of crash? Car crash. Yet, that's no reason not to believe that plane crashes don't happen. They do happen... Either way, I'd hate to be the one facing such crash.

Whether it's the bank's responsability, that will depend on what happened, and from country to country, I'd say. I don't believe that banks are obligated to refund their costumers anymore, in my country, except with one or other exception, but I don't think they have to refund in case the user's system is infected. It's not the bank's problem. They have deployed security on their side, but the client failed to do his/her part of the deal.

There's one reason why I haven't subscribed to my bank's online service - I can't always blame the bank for anything that happens to my bank account.

The way I see it, it would be like someone stealing your credit card, you don't give a crap, and some weeks later you complain about it? Should the bank refund you? Or, you don't care if someone steals your credit card, and you simply place it in your shirt on plain sight. Are you going to complain to the bank, that someone stole your credit card, because you had it on plain sight, and only weeks later you actually cared about, when you realized you started loosing your money?

When a relative of mine opened a bank account, the bank told about a security application and alerted the new client for the Internet dangers, and to also check the bank's website for general good practices. Yes, banks do have general good practices in their websites that clients fail to read.

Can the banks be blamed for the lack of interest of some of their clients? Or, can they be blamed if their clients couldn't care less about their (computer) security?

A line needs to be drawn.

Wouldn't all this be like: Hey, I got a pirated Windows system, pirated security software, pirated software in general, BUT my bank failed to protect my money!!!

No, good sir... That doesn't work.

I'm not telling you to use it either. lol

All I'm saying is that the bank is offering it, the client should try and know why that is. Maybe the bank is trying to get off the hook if something bad happens.

That's what I'd do.

 

You've written a lot, but you've not addressed:
1. exactly how you believe a successful 'man in the middle' attack is going to be carried out, nor
2. the likelihood of it occurring.

We're talking needle in a haystack territory once you eliminate the more common risks. My bank requires use of a cardreader to set up a new payee, which would be a dead giveaway if all I was trying to do was check my account.

No compelling reason to permanently shackle my PCs' performance by using Trusteer Rapport.

 

Let's cut the chase, shall we?

I introduced the MITM attack as being one of Trusteer Rapport protection features. They triangulate to be sure that a server's IP is the real IP, and not belonging to a "man-in-the-middle".

Period. Anything you or I could say is mere speculation, and I won't go that route.

What's the likelihood of such type of MITM happen? As I said, it would be speculation. But, believing what I hear about such MITM, they do exist. But, are they happening against bank clients? I don't know. Have they been happening? I don't know. Will they happen? I don't know. Will they ever happen? I don't know either.

But, neither can you say you know the answer, because you don't, and you'd only be speculating and nothing else. So, let's no speculate.

Well, this isn't exactly about your bank, is it? It's about user nord1's bank, that offered/suggested this user Trusteer Rapport.

If it were me, I'd want to find out the real reason why the bank is making such offering/suggestion. I'd would want to know if there's something more to it than the mere suggestion of a security tool.

Again, it's not about you...

 

quite right,
one would want to make sure there are no undesirable policie changes from the bank that could affect liability in case your money were to disappear.

 

It's important to know how a 'man in the middle' attack can actually be set up, instead of throwing the term around like a mysterious bogeyman

Most of them require the attacker to have access to:
- your local network (ARP poisoning, DNS ID spoofing, session hijacking, SSL hijacking)
- your router (DNS hijacking)
- your machine (DNS hijacking, HOST hijack, various man in the browser)
- your wireless connection (rogue access point, network intrusion)
- your browser session (cross site request forgery)

Access internet banking at home; don't use wireless if possible. Secure your machine; secure your router.

As long as you don't click on idiot links in phishy emails, and remember to log out from internet banking - someone pretty much needs to compromise your router in order to stage a 'man in the middle' attack. There are remote attacks, with just as remote chances of them being directed at you. I'm happy to be corrected with a plausible scenario.

 

That's all very good... BUT, you're failing to understand the core "problem" here. A bank suggesting/offering a security solution to the client. A concerned client MUST know if the bank is simply trying to get itself off the hook, in case the client system is infected.

You can't simply advise xyz person not to use something THEIR bank is suggesting, based on a simple fact that you don't need it or because you say that it will be heavy to the system (your system).

All I can say, and all I ever did, was to mention ONE more feature provided by Trusteer Rapport. Now, if you're saying that Trusteer Rapport fails* to deliver what it promises, then it's not my concern, as I'm neither suggesting it nor not suggesting it. I'm advising the client of the bank to KNOW all the facts.

* That would be something for you to prove, actually.

Resuming, I simply talked about a Trusteer Rapport feature, and you made a hell of a storm... Calm down...

User nord1 should know all the facts, before making a decision. And, if the bank is trying to get off the hook, by suggesting Trusteer Rapport, the client should know that, and find out if the bank can do that. Each country is different, and that means different laws. Laws from one country won't apply in another.

A simple No, don't use it. You don't need it. isn't helpful. What if the client ends up not using Trusteer because of what was mentioned by some, and then the client loses money from the account, and the bank says We did provide you with a security solution specially designed to deal with financial malware, etc.

I don't know about you, but I'd hate that to happen to myself.

 

m00nbl00d,

The bank in question is ING Direct and it has pretty decent security (not counting this new twist with Rapport). Login is difficult with multiple steps, but man in the middle seems to be their worry. Not sure where this is going with them as they are the American branch of a Dutch bank and the EU has forced them to sell off to Capital One, so things may well change if the buyout gets past regulators in the States.

I put in a query, but have gotten nothing more than boilerplate, which is pretty much how I see this software.... it is simple to a fault IMO and as I like my software to give me detailed reports about what it finds, this software really fails that standard.

 

Moonblood, I feel like you're saying a lot - and saying very little in the process. If you raise a point, you need to justify it in some way - rather than dodging it and using strawmen arguments (of which you've made a number so far.) We gain nothing in a discussion if you only argue against points I haven't made.

You originally stated:
A user's system may be clean, but a cybercriminal may hijack the connection between the user and the bank's server, diverting the connection to his own server, and act as a middle man.

Yet did not give a single example of how this might occur for a home user when malware isn't involved. I've mentioned broadly quite a number of methods, and why they aren't relevant to anyone who secures their system (and network) properly.

Now you've decided the sticking point is instead whether or not a bank will honour their requirements to pay in the case of financial fraud if someone doesn't use Trusteer Rapport. Have you any concrete facts about this? I've not heard of a single bank that that requires the customer to use Trusteer Rapport. Just check with the bank in question. Simple.

OTOH some banks do require certain browsers to be used - in fact there is Nationwide in the UK will not refund customers if they use Linux browsers (click the 'support' tab http://www.nationwide.co.uk/internetbanking/helpandsupport/browserhelp.htm).

 

Out of curiosity, did the RapportKELL.sys file remain? On machines I've removed it from, I've noticed it tends to remain whether or not I use Revo.
c:\Windows\system32\drivers\RapportKELL.sys

 

i think m00nbl00d's point is valid folks.

check the fine prints.
rule of thumb is: 'they' will usually try to get away with it if you're not watching.
'they' will try to separate you from your money.
why do you think there's always a bank televangelist calling you when you're having supper to sell you some service you don't need?

once you're comfortable with that you can start worrying about if the Trusteer drivers are BSODing your machine and whatnot.

 

Isn't by that the definition of a man-in-the-middle attack? An attacker diverting the traffic to him/herself?

Therefore, I mentioned that one of Trusteer's features aims to protect against MITM attacks. What's the bloody problem?

I mention one of Trusteer's features, and I explained what that feature meant. What's the big deal about it?

There's a huge difference between raising a point/points and explaining one of Trusteer's features. Huge difference.

As I previously said, don't make of this what it isn't.

You clearly seem to be the one who's trying to make some point... whatever that point is... I talked potato (a feature)... you talked tomato... Fine by me...

And, there you go... Again, just in case you still haven't understood, I only brought to the user's attention one of Trusteer's features, and I explained what it means.

WTH? Now you talk about facts? You ask Have you any concrete facts about this?... I ask you, do you? Do you have any inside information that says that there's nothing else behind the scenes? By all means, reveal those facts then.... Until then, you're only speculating. Sorry, but that's what it is, speculation.

I merely advised nord1 to be aware of the reasons why the bank is suggesting a security tool.
And, you know all the banks from the whole planet, I suppose? I suppose you also know every client...

Now, comes the interesting part... You say Just check with the bank in question. Simple..... WTH? Isn't that what I've always been saying?

The same way a bank does that, couldn't a bank have a policy of not refunding in case their clients refuse to use a security solution that they suggest?

But, if you say no, because you know all the banks... then that's great.

 

RJK3,

Thanks for the heads up.

I used RevoUninstaller followed by RegScanner... don't recall seeing that driver in windows systems32 drivers. Just ran a file find (system and hidden too) and can't find it anywhere on my hard drive, so think it was removed by one of my programs.

 

-edit-

I thought I mentioned something about this, but I forgot.

I totally agree with the part I bolded. I actually couldn't agree more. But, you fail to understand two things:

1) I only mentioned a feature;
2) Now, that you bring it up, it seems that they (man-in-the-middle attacks) are relevant to anyone who doesn't (probably, and most likely, because they don't know any better) secure their system (and network) properly...

Life is funny, isn't? There are always two sides of the same coin, it appears. Who would have thought about that.

 

Thanks for the list of attack scenarios. Regarding DNS do you think there is an advantage in using a proxy in the local IPv4 settings? In my (limited) experience the computer will use specified DNS IPs in the local adapter settings instead of those in the router. I'm thinking of services like Norton DNS or OpenDNS.

 

I really like Rapport but I worry about how they collect data.

 

Trusteer's privacy policy is here:

http://www.trusteer.com/privacy-policy

Given the nature of the service they provide the policy doesn't seem unreasonable at first glance. After all, you're trusting them to protect your bank account. Was there something specific you were worried about?

 

There's people on here with far more knowledge of networking than me, but I believe ultimately that the router is king and can force its own DNS in various ways. It's certainly how I set up a simple home network for my in-laws, with the router forcing all clients to use OpenDNS no matter what DNS is specified in the IPv4 settings.

Specifying the IP addresses of the bank's servers in the HOSTS file is probably a better bet.

There was some discussion at Wilders on how routers might be compromised:
https://www.wilderssecurity.com/showthread.php?t=261012

and an article about a cross-site scripting vulnerability in the wild in 2008 (requires user to click on a dodgy email link):
http://news.cnet.com/Symantec-warns-of-router-compromise/2100-7349_3-6227502.html

 

Very good observation, very good metaphor (comparing malware mitigation to mitigation of physical disease).

 

I was unable to find where Rapport kept data and what it did send back to its home. However, I was able to find out what my particular bank (ING Direct) thought about the necessity of using it.

"The security software offered at ingdirect.com is optional. If you have existing protection from a different third party program, you should be safe."

 

Good practice, generally speaking. But, one should know whether or not, and probably it does happen, the bank switches IPs from time to time, and how often.

For example, my bank switches between two IPs x in x time, and I'm talking about a period of seconds. So, adding a bank's domain to the hosts file may not work. Not without its headaches.

You cannot map domain1 to IP1 and IP2 at the same time. It's either one or the other.

 

Just one more testimony about Trusteer : one year ago my online bank also recommended it. It tried it on my XP Home system, SP2 and it kept crashing all the time (not the system, just the app itself). I decided it was crap and quickly removed it. I now use Avast and an occasional Malwarebyte scan, plus some other tools like winpatrol.