Why Special Bank Protection

Obviously no one wants his financial information compromised, but if I have a good AV why do I need something like Trusteer Rapport?

I have AVs that have special protection built in like Safe Money so I am not asking for myself but wonder how information is intercepted or why any good AV would not provide protection.
I realize that tests show they do not, but how is your information compromised?

Thanks,
Jerry

 

how - same question as usual - how gets malware onto the system?
- by unsafe (or old) browser
- by drive-by (java, pdf, flash)
- by usb-stick, disk, cd/dvd, external drive
- by illegal stuff (purpose)
- by adware with standard installations (recommend: user chosen setup)

 

I think what Jerry is asking, is what makes "Trusteer Rapport" BETTER than an antivirus that SHOULD handle all of those things that you mentioned (?)

In other words....

1) is the antivirus software that offers "banking protection" FAULTY in the protection that it offers?

2) does "Trusteer Rapport" do something special that the antivirus software does NOT? Or...

3) Is Trusteer Rapport simply "another layer" operating on the premise that "you can never have enough good security when it comes to your financial information"?

 

Sad thing is that your credentials are probably safer on your computer than on the Bank's servers (don't go overboard).

 

Thanks, JR for clarifying it.
cruelsister, I am not sure what you are saying.?
If we do any financial transactions on-line then information is on the bank's servers is it not? What do you mean by going overboard?

When I mention special protection for on-line banking folks tell me about their AV, and the bank's security. That is OK, but I wonder why a first class AV such as Bit Defender without a "Safe Money" type component is not safe? I realize nothing is 100%, but maybe the TRs are and a normal AV is not.
How is the interception of information made?

Thanks,
Jerry

 

BitDefender's Safego uses a proprietary "hardened" browser which I would trust more than a regular browser that could be exploited regardless of if Trusteer was active for the connection.

 

Most of this stuff is really just marketing taking advantage of some paranoia. Most major banks will cover any and all fraud that occurs on your account, period. So there really isn't anything to worry about.

 

Exactly. It's Bitdefender's own browser which is known as "Safepay", and uses sandbox technology.

 

I can't argue that, but what I want to know is why is not an excellent AV adequate protection.
It may be that there is some sort of sandbox that protects better.

Even though the fraud may be covered there will be a lot of time and stress before it is cleared up, I think.

Jerry

 

True, it's best to prevent it from happening to begin with. My bank says it would take anywhere from 7 days to 30 days to clear up and reimburse you, depending on the dollar amount involved. Meanwhile, they freeze your account, and it's a hassle. Anyway, I don't know the answer to your question, so I can't help there.. sorry.

 

I've used Quarri's My Protect on many occasions without any issue. I use it anywhere I'm accessing personal information even at airports and such. The idea behind it is to be able to browse securely even on a machine that might be infected. The down side to these types of technologies is that you have to trust them as well as testing organizations on whether you are truly protected or not.

 

Thanks for the comments, All, my biggest concern would be to have to do financial transactions using an unsecured WiFi in a hotel. I don't travel much anymore so it is as much curiosity as need.

Regards,
Jerry

 

First phase infection
Browsers had (have) options for silent installation of add-ons (extensions, plug-ins, skins, user scripts, active-X, etc). Also users can be tricked to lower the 'change my browser' threshold' (invisible/overdrawn window pop-ups, through links from other, social engineering, sources). This type of financial malware installs itself in your browser as an add-on or through add-on triggered process changes (e.g. dll).

So Trusteer Rapport prevents unintended sneaky browser changes (Hitman Pro alert checks whether your browser is changed at startup). When your browser is not changed changed, infection chance of MITB malware is minimal.

Second phase misuse
Like phising websites and keyloggers try to steal your credentials by rerouting you to a seamingly identical website and logging your security/identity credentials, financial malware lays waiting in your browser and is triggered when you initiate a financial transaction (e.g. a payment service or your on-line bank). The malware intercepts your requests and captures your keystrokes. So when you think you are on for instance your "First Chartered On-line Banking webpage" you are actually communicating with a mirror (a detour which is operated by the financial malware).

So Trusteer rapport checks whether your are on a strong HTTPS/SSL encryption, checks the certificate of the website and checks the IP-adres of the website (so you are really communicating to "First Chartered"). It also encrypts keystrokes, prevent screenprints and closes the internal doors in your browser (to prevent data leakage from secured to unsecured zone's/links/pages).

Other Secure Safe Banking
Some AV's have secure safe banking options, some HIPS also (e.g. DefenseWall, BufferZone Pro), some HIPS/AV's like WSA have a feature which triggers on any HTTPS website (so you this website is protected automaticcally and does not need to be added manually). These extra options often come with more user friendliness and a price.

Trusteer Rapport Pro's and Con's
When you know your way into Trusteer Rapport's settings and how to add protected websites, it is actually a good additional layer (yes like any other security it is not 100% and yes it feels a heavy on dual and single core PC's). When you own a four or six core CPU with fast SSD and/or RAM disk all these performance bla bla is a non issue. EDIT: the feeling heavy is not related to browsing but to browser launch/start, so feeling heavy is often parotted and sometimes overstated (thanks Fax .



Regards Kees

 

Contrary to the common knowledge here, I have tested it on a 10 years old PC and there is no noticeable impact on its performance. This is even if run at the same time with a security suite.

 

Hi Kees,
Thank you for the explanation. It clears up the problem for me in realizing that the browsers are a big part of the vulnerability.

Regards,
Jerry

 

Part of the answer to your question is until recently many antivirus/security suites did not have the specific protections included in Trusteer Rapport (TR), but that has changed. Now a number of suites protect against keyloggers, DNS poisoning, browser vulnerabilities, etc. There is a lot of overlap between these suites and TR, and TR does not necessarily add additional protection depending on what else you're using. My own experience with TR is that it generally slowed down browsing and although it says it "Works alongside your existing anti-virus software and firewall" (from the Bank of America TR download page) it is a good idea to check Trusteer's website to confirm compatibility with the other security products you're using.

You specifically mentioned financial transactions over open Wifi. Note that a VPN (virtual private network) is needed to protect against session hijacking when using open wifi. TR does not include a VPN, nor do any of the AV/suites. It is a separate subscription service and definitely worth it if you use open wifi IMHO.

 

HI victek,
[ Note that a VPN (virtual private network) is needed to protect against session hijacking when using open wifi. TR does not include a VPN, nor do any of the AV/suites. It is a separate subscription service and definitely worth it if you use open wifi IMHO.]

I did not realize that. I do not travel much anymore so don't really have a problem. However, I am surprised that there I don't hear of problems associated with unsecured WiFi. Maybe it is a case of probabilities with the numbers of users.


Thanks for the information.

Regards,
Jerry

 

Here's some info about session hijacking - definitely something to take seriously. I won't do email on open wifi, let alone online banking without a VPN.

http://en.wikipedia.org/wiki/Session_hijacking

http://www.gizmag.com/firesheep-http-hijacking-tool/16726/

http://marketmoose.com/2011/11/3-ru...ssion-hacking-of-your-laptop-or-other-device/

 

all these software protections are fine but the one i trust most is the OTP delivered over a registered mobile to authenticate each financial transaction.many banks(& in my area all banks) provide this service so ask for it & if it is present take it immediately.though this method is also not fool-proof but it is far more harder to clone a mobile after disabling the original one not to mention a clearly identifiable electronic trail in your home country compared to some wild goose chase across the world ending in china/russia.

 

Thanks, both of you. I have learned some things on this thread. I appreciate the help.
Jerry

 

Very good point. My bank offers "dual authentication" using SMS to a mobile phone to protect account logon. They also offer instant email notification for all account activity.

 

I don't want to hijack Jerry's thread, but I'm very interested in this as well. What are the best VPN services out there, in your opinion? I do a lot of traveling, so I really need to look into this more seriously...

 

Ah, an actual user. Thanks for the feedback.

I know Quarri's Protect on Q was one of the few stand alone selections that passed Malware Research Group bank security test. I don't know if they have tested My Protect which I beleive is the free product designed to run in any supported browser? Protect On Q uses a standalone "hardened" browser.

BTW - Trusteer also passed the MRG test.

 

Yes as hotels and hotspots are unsafe or can't be trusted a VPN is necessary. http://www.howstuffworks.com/vpn.htm

HTH,

TH

 

It's OK. Let's see what we can learn?
Jerry