Trusteer Rapport

You never buy online? Not even security software? If not, using TR makes no sense for you, obviously.

 

nope call me old fashioned but i never buy anything online.I dont pay for security software and even if i did i would buy from a retail store.

 

More and more banks are pushing savers to do their business online. It saves them a fortune if they do not have to run branches in every town. The best interest rates ( which are abysmal anyway ) are usually online accounts only.
I assume they have fixed the problem of slowing down machines, as mine is fine.
It's unfortunate you cannot run the program on demand, but thats how it is.
It's very handy being able to check an account in seconds, and I feel a lot safer if Trusteer is being used. It's one of the very few times I am online out of my sandbox
Funnily enough I buy things online all the time, it's much cheaper, however I only use Trusteer with banks.

 

I do not do withdrawals from banks on-line. I do purchase items on line and use ebay and Paypal.
I use Trusteer for everything involving purchases.

Jerry

 

Well, fortunately we have quite a few very high quality products to choose from where the developers DO answer questions, discuss the "how and why" for their products and actively work to solve problems in an open manner. Unfortunately, Rapport seems have a PR philosophy that consists of "trust us - all these banks and other institutions do". There seems to be almost no publicly available testing for effectiveness. In fact, I wasn't able to get a clear picture of exactly what Rapport is supposed to prevent, other than phishing/MITM. It implies more protection than that, but for the life of me I cannot figure out what else it is supposed to do.

Rapport is incompatible with many other security products and offers limited protection in specific scenarios (paraphrasing their website). Even when used with a "compatible" product, it slowed web browsing and in some cases overall computing to a crawl for many of my customers. In fact, it messed up Gmail for one of my customers today. Certain messages would not load until Rapport was uninstalled (benign messages, not phishing).

This summer, I set it up with I think five different AV's and AV/AS combinations. I set exclusions where deemed appropriate and I tried it in various virtual machines on a Linux host and also native installs of 7 and XP. Each was noticeably slower. It also added to startup, program launch and shutdown time, sometimes dramatically. Sometimes, there were boot or shutdown hangs. These were clean, fully patched installs with no other software but Adobe and Java installed. Browsers did not make a discernible difference. I tried it with both FF and Chrome. Both hung sometimes. Never actually tried to connect to a known phishing site. The slowdown and lockups were enough for me.

The test rig is an older but fast dual core Pentium with lots of RAM, an SSD, and a reasonable broadband connection. It does great even with the resource hogs of the security world. Except Rapport. Not willing to try again unless there are major revisions to the program and major revisions to the way the company communicates with its users. Apparently they are good at convincing the decision makers at the various institutions to offer it (who, let us not forget, are their real customers), but they do a poor job communicating with us, the end users and techs who actually use and troubleshoot the program out here in the real world.

Finally, any product that offers a remote support session in the uninstaller as an attempt to prevent the customer from ditching the product instead of actually fixing the issues that makes the customer want to uninstall it in the first place is just doing it wrong IMO.

Thanks. I feel better now.

 

If I remember well they ask you why are you uninstalling it, and there you can report, bug, incompatibilities, problems, you can tell them what ever you want... if that is wrong...

There is a list of compatibility
http://www.trusteer.com/support/compatibility-other-security-software
If you don't read it and you have a problem with an incompatible product or a product that requires additional configurations it's you fault, not trusteer rapport.


If you want proofs go here to the botton "TRUSTEER SECURITY DEMOS":
http://www.trusteer.com/Resources/Learning-Center
Tusteer rapport also appeared in the MRG banking test, if you want to read it go to MRG website.

Regarding the features the are explained clearly here:
http://www.trusteer.com/support/en/about-rapport
Click on "Which attacks does Rapport protect against?"
The features are also explained with more detail in the online help file of Trusteer Rapport

 

Yes, they seem to subscribe to "security through obscurity", which is actually no security at all IMHO. Being kept in the dark doesn't inspire confidence.

Maintaining credibility with the financial institutions that pay them has got to be their first priority, not satisfying the inquiries of end users. The fact that end users/techs are at the leading edge and better able to perceive what TR does and doesn't do is apparently seen as a threat, not an asset.

 

Sorry but none of this is good enough. Why? Because security vendors show what they're made of by the way they respond to problems/weaknesses in their products. I trust the vendor who acknowledges problems and works with the users to make the product better. A vendor that engages in denial and obfuscation has a different agenda.

 

My bank's site has a prominent link leading to a page featuring a big "Download Rapport Now, It's Free!" button and also has the following text further down the page for those that bother to read it (emphasis mine):

"Compatible with Your Current Security Software

Rapport works alongside your current security software to provide comprehensive protection when you bank online. Rapport also communicates with our security systems. This allows them to better use their security systems to protect your online account and block malicious attempts to steal money from your account."

Yep, I sure can see where it's my customer's fault for not checking compatibility.

Who handles their support? If it's a third party like IYogi, forget it. Even if it is in-house, why would anyone let an unknown technician in an unknown location mess with their computer's security and potentially access their personal information?

Just...no.

Yes I saw the MRG test. It was a single time test, and IIRC it used a simulator? Not enough for me. I need to see results over time against a series of real world threats to be convinced. As my father-in-law says: "Even a blind squirrel finds a nut every so often".

That link didn't tell me much. This is a bit more detailed: https://www.trusteer.com/support/user-guide/3.5.1201/index.htm#375.htm
I got a little better overview there, but its still just a list of features. (ETA: I see the link I found is the online help file you referenced above. Thank you for pointing me in that direction.)

Is this like EMET, or is it a behavior blocker, or an antikeylogger or what? How does it block all of these sensitive areas while remaining fully compatible with certain other security solutions? Does it affect detection and removal of serious infections like rootkits? In a nutshell, is the effectiveness of other security solutions diminished by Trusteer's processes and/or modifications?

Those are things I don't see the answer to anywhere. Sorry, still for me. But thanks for the reply!

 

Yes! Exactly! We can only hope they learn the difference between threat and asset. Time will tell!

 

Thanks for the info. I also noticed noticeable slow downs. There is honestly no point of keeping this product.

 

You are welcome to contact our support team 24/7 at http://www.trusteer.com/support/report-problem and describe any error you experienced or query you might have.

 

Yes. It's unfortunate.

I'd really like to see this succeed, especially because it is free for the end user.

 

Instead of privately contacting your internal support, I'd like to welcome you to answer the concerns listed previously, so everyone taking part in this thread can benefit from the answers.

Here are some of my specific questions:

1. My bank's site has a prominent link leading to a page featuring a big "Download Rapport Now, It's Free!" button and also has the following text further down the page for those that bother to read it:

"Compatible with Your Current Security Software

Rapport works alongside your current security software to provide comprehensive protection when you bank online. Rapport also communicates with our security systems. This allows them to better use their security systems to protect your online account and block malicious attempts to steal money from your account."

The fact is, there is a long list of incompatible security software listed on your site. Why imply universal compatibility when it clearly is not the case, and why not warn end users up front?

2. Who handles Trusteer support? Is it outsourced, or in-house? Why does Trusteer think it is a good idea to encourage having an unknown technician in an unknown location mess with an end user's computer's security and potentially access their personal information? Isn't this at odds with providing bank and credit card security?

3. Even when used with a "compatible" product, it slowed web browsing and in some cases overall computing to a crawl for many of my customers. In fact, it messed up Gmail for one of my customers today. Certain messages would not load until Rapport was uninstalled (benign messages, not phishing).

When I tested Rapport, in addition to slowdowns there were boot or shutdown hangs. These were clean, fully patched installs with no other software but Adobe and Java installed.

Why so slow and buggy? What is being done to mitigate this? Do you have a beta testing program? If so, where do I sign up? If not, why not?

4. Is this like EMET, or is it a behavior blocker, or an antikeylogger or what? How does it block all of these sensitive areas while remaining fully compatible with certain other security solutions? Does it affect detection and removal of serious infections like rootkits? In a nutshell, is the effectiveness of other security solutions diminished by Trusteer's processes and/or modifications?

Again, will you please respond here so that the Wilders community can gain further understanding as to how Rapport works and why it is of benefit?

Thanks in advance.

 

In case they don't accept your kind invitation:

http://www.trusteer.com/Products/trusteer-rapport-pc-and-mac-security

Just fill the "Request More Information" form. If they answer back you can always come here and post your findings so that Wilders community can gain further understanding.

 

You can find a list of Rapport's compatibility with other security software in the following link: http://www.trusteer.com/support/compatibility-other-security-software

Additional information about Rapport is available in our FAQ's: http://www.trusteer.com/support/faq

Lastly, please don't hesitate to contact us directly regarding any issues you are experiencing with Rapport at: http://www.trusteer.com/support/report-problem

 

@Trusteer Rapport

did you not see this request;

Maybe it's a robot answering!

 

Dear Trusteer Support:

You can find a list of problems with, and concerns about, Rapport by reading the posts in this thread.

Additional information about your end-user's experiences with Rapport are also available in this thread, posted here in hopes you will provide answers.

Lastly, please don't hesitate to contact any of us directly regarding the issues we are experiencing with Rapport by using the reply box conveniently provided on this page.

Until then, I'm saying goodbye to Trusteer.

 

Trusteer's real clients are the banks, for us this is freeware. Patronizing attitudes like those seen in this thread are really quaint, to be honest. If you want to discuss security issues from a customer perspective contact your bank, I'm sure that Trusteer keeps them fully informed.

 

I find your own attitude interesting. Do you speak for Trusteer in an official capacity? I've heard this argument before that because something is freeware we somehow don't deserve to ask questions and receive answers. I suggest if the vendor prefers that we take our questions to the banks they should make that clear, and not participate in a public forum.

 

Why would you assume I haven't already discussed this with my bank?

I'll be meeting with them about this for the third time very soon.

Interesting you would assume they are fully informed about Rapport. So far, no one has any idea how it works. Maybe this time they'll put me in touch with someone who does.

What you are seeing here is not patronization, it's due diligence.

Remember the "old" LifeLock? (still around but now a much more limited service than what they originally claimed): http://www.pcworld.com/article/191092/article.html

I'll always question any product that makes big claims about financial security and transaction monitoring. It just makes sense to do so.

Oh, and it's not *completely* free for me. I pay interest and fees to my bank, they pay Trusteer.

 

As always everybody complains... but nobody can proof that the latest version can be bypassed.

 

No one here should have to prove it. The vendor should get out in front and demonstrate that the latest version can't be bypassed. Wouldn't that make you feel more confident about both the vendor and the product?

 

http://www.trusteer.com/sites/default/files/Mandiant.pdf
http://www.trusteer.com/sites/default/files/Testing_Rapport.pdf
http://www.trusteer.com/sites/default/files/Efficacy-Assessment.pdf
http://www.trusteer.com/sites/default/files/MRG.pdf
http://www.matousec.com/info/reports/Online-Payments-Threats.pdf
http://www.mrg-effitas.com/wp-conte...Online-Banking-Browser-Security-Project-2.pdf
http://www.trusteer.com/sites/default/files/Matousec-Malware.pdf
http://www.trusteer.com/sites/default/files/First Bank C.S.pdf
http://www.trusteer.com/case-studies

....seems like they have continually tried to demonstrate what you're asking for.

 

Thanks for posting these links. I've had a look at the 2012 docs and at first glance TR appears to do very well. I don't know how these test results relate to the information talked about in the 44con 2011 video though. Someone more knowledgeable will have to speak to that.

Edit: Hungry Man states that these tests and results don't apply to the weakness demonstrated in the 44con 2011 video. Do you feel he is in error? Is there any documentation showing that that weakness has been addressed?