Whats the diff between SafeOnline vs Trusteer Rapport?

Oh, I see.

You have a possible new client here, look:

Aren't you interested?. Or you have already made so much money with this that you prefer to spend your time uploading videos to Youtube?.

 

I don't want to get into too many details as Prevx are obviously not comfortable with it.

Generally speaking - every "hooked API" can be unhooked even if you try to protect it from being unhooked. There is a lot of technical information about it and this is what bad guys do best. I wouldn't rely on this type of protection.

As for classifying malware programs - also generally speaking, if you're polymorphic enough you will avoid it.

 

To 9501 Frank

Prevx has said that no single malware protection software is flawless. In finding a flaw in prevx you are proving what is already known. Any motives to bring something to the attention of prevx users seem therefore suspect.

Prevxhelp has offered to to use your findings to strengthen the protection of prevx. Have you offered your help?

Uli

 

I will share my findings with prevx once I complete the report. I understand the sensitivity of people on this forum to such information.

 

It's not just about the "sensitivity of people on this forum" or any other security fora for that matter. It's about ethics.

If you have found flaws in the product, I would say it's advisable to discuss it with the developers directly and help them to improve it. If I was so inclined to do research in the same manner, I wouldn't be bringing up my findings in this or any other forum; I would be contacting the company direct and having dialogue with them about such findings in order to learn about and improve the program.

This is the problem with such disclosures. They often take place before any real changes can be made if indeed any need to be actioned. Being open like this isn't always the best way. It's like when people complain about product X doesn't detect certain malware; rather than moan about it, they should be contacting the vendor. That way, things can get resolved in a timely and discreet manner.

 

you are probably right in so many ways, yet it would have to be Prevx specifically open to such discussion (which at least is offered in this thread), else history in recent years shown that a lot developers just did not care about fixing bugs/flaws and the lot and kept ignoring such until they were forced to do so by public disclosure.

 

We are always open for fixing issues. As I mentioned earlier, we have multiple third party companies hired on a continuing basis for finding specifically this - we are proactive with identifying issues which is why there have never been any exploits against Prevx

EDIT: We've officially released the changed version which protects against additional screen grabbing attacks: https://www.wilderssecurity.com/showthread.php?t=274000 - we'll be looking into the IE AsteriskWin issue but note that this only affected Internet Explorer - all other browsers are immune.

 

Am I wasting memory by running Prevx alongside NIS2010, if the above is true and Prevx 'disables' some of the NIS browser protection? Would it make any difference if I uninstall NIS and just run Prevx?

 

Please do not read into his FUD. Prevx unhooks malicious hooks in the browser but has exceptions in place for AV vendors that have legitimate hooks. We've spent considerable effort ensuring that AV products are fully supported in the browser and the value of removing information stealing banking trojans from the browser that would have already bypassed the existing AV far exceeds the few cosmetic hooks that some AVs place.

If you are concerned, you can lower SafeOnline's protection to Medium to prevent this protection but it will degrade the protection against unknown threats.

 

Thanks PrevxHelp for the clarification. Both NIS2010 and Prevx remain installed on my laptop.

 

9501Frank,

You seem to be combative about this. The answers I've seen from Prevx in this have never been evasive, but you insist on believing there are holes in it, rather than understanding the imperfection of written language, inability to automatically question something to clarify (which is possible in verbal communication), and withheld your hand on co-operating with Prevx, as you claim to want to help them...which should have gone immediately to PM once they offered the choice. After PM'ing, you could always have come back and let us know what you thought of your interactions with them. You did sound so genuine at the start...and maybe you are.

And before you think I work for Prevx, see my join date, which predates Prevx's tenure here by quite some time, or you're also welcome to search my posts.

 

Hi All

Not sure whether this post is allowable as opposed to creating a new thread. I am sure the MODS will straighten me out if I am in contravention.

I have been very interested in this thread simply because like many others I am interested in protecting all my online activities including and specifically banking.

I am not sure where this thread has actually got to in terms of a full understanding of the differences. What we do have however is a standoff between Prevx and someone who claims to have considerable knowledge about claimed flaws in SafeOnline. Possibly two two sets of competing vested interests for whatever reason.

Now my question:

Do we need the likes of Trusteer Rapport & SafeOnline?

I ask this because Sandboxie can be set up to deny anything to be run in the Sandbox EXCEPT the relevant browser. So in theory no keyloggers, trojans etc can run their dangerous payload.

So what about some comments about the Sandboxie alternative?

Is it viable? Does it make Trusteer & Safeonline redundant? If not why not?

Thanks

Terry

 

If you run your browser in a sandbox, a "trojan" could still run outside it that can take a screenshot of your screen or log key presses. It doesn't need to run inside the sandbox to do these things.

So no, SafeOnline and Rapport are not really redundant. As far as I know all the sandbox does is block infections coming in through the browser. True, this will prevent a lot of trojans, but they can still get in by other means.

Last time I ran rapport, it didn't offer screen capture protection. So that's one difference.

 

This is exactly correct - Sandboxes are great for blocking specific actions but at some point users need to install software or perform an update on the physical PC. Even if they use full system virtualization programs, information stealing trojans can peacefully coexist with virtualization programs. Sandboxes also fall victim to the same issue - if a threat is running within the sandbox, it can view all of the information stored in the sandbox as well so while the user's PC will be safe from an infection, their data is still at risk.

This also negates the potential for a threat to be pre-existing on the user's PC which is the bulk of the problem today, and then the other side of the issue which stems from a threat coming from a non-sandboxed location or exploiting the sandbox in some way. The outside operating system can still view all of the data within the sandbox and in many cases, a sandboxed program can view data from the system (as some sandboxes only block write access rather than read access).

SafeOnline is definitely a valuable additional layer irrespective of what other security you have installed Please let me know if you have any questions!


(And to 9501frank, we've fixed the AsteriskWin issue, due out in the next beta build but I can provide a pre-release version to you if wanted)

 

Hi All

Thanks for your replies.

As a non techie I have to accept what you say, although there are other courts of opinion which "might disagree" in part wth the comments from PrevXhelp and pling_man.

I would also repeat the point that I made in my post that Sandboxie can be set up to deny anything running in the Sandbox other than ones browser.

In the reply from PrevxHelp he appears to ignore this precondition (of denying anything to run) and talks about:

"if a threat is running within the sandbox, it can view all of the information stored in the sandbox as well so while the user's PC will be safe from an infection, their data is still at risk."

This may be true but it does not deal with the specifics of my post in which I explicitly stated that Sandboxie could be set up to deny this.

So if it is correct that Sandboxie can deny threats running in the Sandbox as I have stated, then the only issue remaining is whether a threat outside the sandbox can read files passwords etc irrespective of whether it is residual on the system or just downloaded.

If the latter is correct then indeed Trusteer/PrevxSafeonline would have a role in a balanced security setup.

Two further points. 1) I have no axe to grind. I seek not to defend or propose Sandboxie as a "fanboy", neither do I seek to diminish or discount PrevxSafeOnline/Trusteer. I just want to get the best independent advice that I can for me.

2) It is a little disappointing that no comment was made on my observation that Sandboxie can be setup to deny execution of everything in the Sandbox except the browser. It was ignored and PrevXHelp' response was to talk about threats running in the Sandbox.

It just gives a slight impression of bias in the reply. The best replies are the ones that unambiguously recognizes a competitors strengths but then go on to unambiguously talk about the added value of ones own product.

I am going to seek further information from other sources because I want to be sure of the "added value" I would be receiving from the purchase of PrevxSafeOnline. So I may well return to this thread.

To all who contributed thank you very much.

Terry

 

Terry, I can confirm from my own use of Sandboxie and testing of Malware that you are correct that Sandboxie can be set up to deny anything from starting or running in the sandbox except the browser. It can also be set up to allow anything to start up and/or run in a Sandboxie but not to be able to connect out. I have run Malware in a testing Sandbox and as soon as it has tried to connect out or start a browser it has been denied and shut down.
It can also be set up to deny anything in the Sandbox from reading from or writing to the real system.
The real problem is that many people who dismiss Sandboxie have never really probed very deep into its 'workings'. With just a little time and patience spent learning it really is very easy to use. No, its not the silver bullet but in my experience it comes very close to it.
I will be very interested to see what the 'advanced sandbox' in Prevx 4.0 brings to the table.

 

TerryWood

You can always checkout the free facebook offer of safeonline!!

 

This wasn't intentional - the other aspect of issues here is that data can be injected from the outside operating system into the browser and if one wanted to be completely secure, they would have to sandbox every application which would eventually include malware which would likely still execute.

Not sure if that clarifies anything or if I'm missing the point here but let me know if I'm misunderstanding!

 

Hi tobacco

Thanks for your reply. I have a copy of the facebook Safeonline. That is why I made my post because although I am a user of Sandboxie I am trying to establish what will be the most robust solution.

Some very knowledgeable Wilders posters rate Safeonline (kees195 to name one, as do others rate Sandboxie. Some even rate both.

However, the two won't work together so I have to make a choice. PreveXhelp's reply reflected vested interest or lack of knowledge of Sandboxie, this is why I am chipping away at getting info from various sources plus my own pot of knowledge

Terry

 

Sandboxie will not give you the sort of protection that SOL offers. Equally SOL won't do what Prevx does. They are complementary solutions, which is why I run my my main browser (Opera) always under SBIE and any secure sessions are run outside of SBIE using IE protected by SOL. This provides a 'best of both worlds' solution.
Think of it this way - if you're running SBIE you're unlikely to get infected through normal activities. Your most likely route to infection is going to be either user error which SBIE didn't protect or through installation of software which should have been safe and trusted (and perhaps even went through Virustotal ok) but wasn't. Result: you're infected and you probably may not even know it. That is where SOL kicks in. Malware can have pretty much everything on my PC, but I do not want my security credentials stolen.

So it's not a choice between the two, but rather the question over whether you want a last line of defense with SOL, when also using SBIE. If you're absolutely 100% certain that you will never ever make a mistake with your computer out side of SBIE or fall foul of a zero day unrelated to the sandboxed applications then you don't need SOL. If you're not 100% certain then you should weigh up the implications of your usernames/passwords being stolen versus the cost of SOL and make a judgement.

 

Sandboxie's creator (tzuk) has pointed out that SafeOnline works with Sandboxie if you check the Accessibility option under Applications in the sandbox settings. However, this slightly weakens the sandbox.

Personally, I use SafeOnline to protect unsandboxed browser sessions for online banking and use Sandboxie (set up to be as restrictive as possible) for general web surfing, where SafeOnline's protection isn't so important.

 

I think that is a very wise way of going about it.

 

why need safeonline. no need. just use browser that auto delete. so when open browser and close it alway auto delete. when want do banking very simple. Just open browser ok? Since auto deleted browser will be clean. Then go surf your bank site. Simple. Why need safeonline.

 

You don't even know what you are talking about go play where you are wanted or go back to your planet! All you do on Wilders Security Forums is argue with everyone and no one wants to listen to you!

TH

 

i think you no understand what i saying. Very sad. And I no argue. Just say opinion. Ok? You very insult. I give opinion and also I say why. I no just say safeonline useless. Ok? If want use it then ok. I just say why no need it. Ok?