Trusteer Rapport

Hey guys,

My bank has just offered me this software for free.

How has production of this software been in the past few years (since I originally heard about it) ?

Does it operate similar to Prevx safe online?

What are peoples experiences with the software like?

It does say it blocks viruses to.

Rapport’s unique technology blocks advanced Trojans including Zeus, Silon, Torpig and Yaludle without the need to constantly update and chase the different variants of these Trojans.

 

It works kind of like keyscrambler on sensitive web pages. It encrypts your keystrokes. It also intercepts screen captures while on sensitive pages.

While on pages that they do not protect, it really doesn't do much.

 

It's not like keyscrambler at all, keyscrambler just encrypt the keys and does not protect against the modern banking malware.

@PC__Gamer
Trusteer Rapport offers more or less the same level of protection than Prevx safe online and both are much more advanced than keyscrambler. What I dont like of it is eats a lot of RAM. But I like that it is more configurable than Prevx Safe Online

You dont need your bank to give it to you, you can get it for free from here: http://www.trusteer.com/webform/download-rapport

You can start to test it right now, install it and take a look to the rules so you will see that protects against more stuff that you can read here:

 Blocks Zeus, Torpig, Silent Banker and other Man-in-
the-Browser attacks
 Blocks all malware attacks including Keyloggers and
Pharming
 Enables phishing site detection and confirmation
 Delivers advanced reporting on current and new
threats including zero-day attacks

Trusteer Rapport differs from Anti-Virus and Firewalls
because it:
1. Locks down access to financial and private data
instead of looking for malware signatures
2. Communicates with your online banking website to
provide feedback on security level and report
unauthorized access attempts
3. Enables you to take immediate action against
changes in threat

http://www.trusteer.com/presentation-how-it-works

 

guest.
How would compare Trusteer to Quaresso? Does it achieve the same thing as Trusteer?


http://www.quaresso.com/products/myprotect/myprotect-overview

 

I've only run into Rapport once that I can remember, but my experience with it may be relevant. This was perhaps a year ago on a customer's computer. XP MCE, IE8 and a gig of RAM on a Centrino laptop, IIRC.

I cannot speak to its effectiveness, but I can confirm guest's observation that it does (or did) use a lot of RAM. It also slowed browsing considerably and some websites would not load completely. We decided to remove it. That was not easy, there were stubborn leftovers. To the best of my recollection, I had to manually remove a service and a browser add-in. After removal, browsing returned to normal.

Customer was using Avira Personal, so the antivirus was not contributing to the slow browsing - no web guard in AntiVir at that time.

It's certainly possible that these issues have been addressed in the latest version, but I'd do a system image before installing it. It is tenacious.

sbcc

 

I had this installed few days ago and on my Laptop it did eat RAM while it was installed with OA Free and Panda Cloud AV.

So I went back to Prevx SO.

 

Indeed, Trusteer is quite like Prevx SOL, but unfortunately uses quite some memory and apart from some pre-configured protected sites you have to enter each site you want to protect manually.(With SOL you can add also set protection level for all HTTP and HTTPS sites.)

I'm not sure about Quaresso, haven't tried it myself and the site doesn't go in much detail. It doesn't seem to protect against form grabbing.

 

True, but it seems to have maximum value if it supports your bank directly. Here's a statement from the Trusteer CEO during an interview:

Our software integrates into the bank’s site and communicates with the [Rapport] software installed on customer machines, and the two of them can work together so that the bank can effectively measure what the software does on the customer’s desktop. Whenever the customer logs into the bank’s site, the bank knows whether Rapport is there, whether it’s up to date, whether its been attacked or compromised.

I installed it on one of my Windows 7 systems with 3 gigs of ram. Since ram is as cheap as dirt (well, maybe not dirt) why worry about ram usage? I just checked and its currently using 30 megs. I don't notice any slowdown when browsing with IE 9.

 

I've found a video explaining Quaresso, it's quite different from SOL and Trusteer:
http://www.quaresso.com/flash/POQue/POQue.html
It works on demand, it is not even installed permanently. It is launched through the browser using Java or ActiveX(meh) and then launches a new protected browser window until the secure session is over.

 

I think that still there is no difference, the partners/banks are preconfigured in trusteer rapport so maybe this is what they want to mean.
I would say that your bank will provide the same installation file but you will have access to direct support, and important security news of your bank using the interface.

I agree with you, although I mentioned it the RAM is not an issue and I didn't notice any slowdown.

I have never use quaresso probably because you can get the same benefits for free using Prevx SOL free or Trusteer Rapport.

 

Rapport only using around 30mb for me and I noticed no slowdown with websites at all.

 

In my testing in the past with Rapport and AKLT, I noticed that Rappport scrambles keys in a regular, predictable way. Like if I write USER in password filed, it will always write ABLE( just an example). So I guess a keylogger will grab it and then the info can be de-coded to get aftual passord.

Can anyone confirm this? Thanks

 

It (Trusteer) did well in testing here. http://malwareresearchgroup.com/

 

No, Rapport just outputs the same string in repetition. On my system whatever I type results in the keylogger test application (e.g. Spyshelters) seeing ABCDABCDABCD and so on.

 

Ah... ok. Same thing with me I guess. I just mis-understood it. Thanks

BTW does any one know what are the limitations of free version?

 

All the anti-keylogging software are just marketing gimmicks. There is simply no way they can protect you from malware that is already running on the machine. I mean think about, they are hooking the keyboard device stack. Well.. ok, however low they hook, my kernel-mode malware can hook below them and still see the unencrypted keystrokes.

If they patch a user-mode API to block certain calls to it, I can patch over them and see the API call before them.

The guys that write Zeus and other such Trojans are not idiots.. they are far more sophisticated than the average malware writer.

So its no wonder that these products are being given out for free since they dont really work.

 

agree 100%

 

Don,t agree at all. MRG people,s tests showed that some of these are usefull. Rapport is one of them.

 

MRG like all the other reviewers are in this for money. They are not running a charity organization. So they will publish any review that someone will read and hopefully pay for.

I challenge anyone from MRG to disagree with any of my comments.

If you want to read about device stacks, see http://www.codeproject.com/KB/recipes/keystroke-hook.aspx?display=Mobile

although all of this is second nature to anyone that writes Windows device drivers.

 

No, they are not hooking the keyboard device stack.

Strange then that these products, especially Rapport, are proving extremely effective in the fight against Zeus, Spyeye, Carberp et al. Either the authors of Zeus and Spyeye are stupid or these products don't work work how you think they do.

So if they don't work, why are the banks seeing reduced losses and why do independent security firms confirm that Trusteer stops Zeus et al working? They're all being paid to post false analysis and reviews right?

 

Now all that need a practical proof that is not possible unless we do test all of it ourself.

But i do believe that some products can deceive malware loggers and in the same way loggers can defeat security software, but it,s not a one way process.

 

"The guys that write Zeus and other such Trojans are not idiots..." no, but they are smarter than you think, they don't lose the time setting hooks on the keyboard.

Sorry but you are completely wrong. First Zeus and his friends does nothing to do with hook the keyboard, or capture keystrokes.
And trusteer rapport protects against Zeus and his friends even in a pre infected computer.

And trusteer rapport is probably free for the users because their partners and important clients are the richest people in the world, the banks.

http://www.secureworks.com/research/threats/zeus/

And the user guide of Zeus: http://pastehtml.com/view/1ego60e.html

 

That's right. If I'm not mistaken, they wait until you make some transaction in your bank account and then modify it to their benefit. Keyloggers are good for hacking your sister's Facebook account and things like that.

My bank, for instance, send me a one-time code via my mobile phone everytime that I try to log in, in addition to the regular password. So the keyloggers are useless for criminals when dealing with serious banks.

 

is it not better to use an cardreader, with own keyboard and display, its more secure as to use an keyboard or virtual keyboard...

 

Probably but at least in Spain I don't know any bank offering this option, but for example my bank send me a password to my mobile to use it on every operation and to login in the website. You can also request a personal coordinates card (TCC).