You know, that's what a lot of HIPS are lacking. They don't have the ability to block malware from getting access to login credentials, cookies, and auto-fill data stored by the browser. Outpost did have such a feature, what a shame.
I believe Webroot's identity shield tries to protect your data from this kind of malware. https://community.webroot.com/t5/Tech-Talk/Identity-Shield-Deep-Dive/td-p/46422 "Alerts you if a malicious program attempts to gather personal data from cookies installed on your computer."
https://www.proofpoint.com/us/threat-insight/post/thief-night-new-nocturnal-stealer-grabs-data-cheap You prevent crap like this by prior to perform any web sensitive financial activity: 1. Clearing all browser temp files, cookies, etc. 2. Doing the same after the activities have been completed and then immediately exit the browser - preferred - or immediately after exiting the browser. 3. Setting browser settings to do the same as done manually in no. 2. On the other hand if the malware is constantly running in the background, little can be done except to restrict read access to browser temp files, cookies, etc. which is much easier said than done. -EDIT- One of the above "etc." I forgot to mention is your browser AutoComplete settings. As shown in the below IE11 screen shot, I have none enabled:
Good point, totally forgot about Webroot, which is pretty good in this area. For example, a tool like SpyShelter doesn't offer this at all. It shouldn't be this hard to do, HIPS should block access to certain files on disk, and should also block access to browser memory. I believe that's exactly what tools like Webroot and Trusteer do.
AV products that have a dedicated banking and payment protection option will prevent this activity. Like Trusteer, they will launch a "hardened" browser to prevent such activity including keylogger monitoring by scrambling entered keystokes. If your bank web site employs corresponding Trusteer software on their servers, this will give you the maximum protection available since a secure tunnel will be established between your PC and the bank's web server. Of note is that Trusteer is not compatible with a lot of security software.
Yes, "safe browsers" are quite secure, but tools like Trusteer and Webroot allow you to use your own browser. But then we are talking mostly about protection against banking trojans, while Nocturnal Stealer is a data-stealer which searches for password files that are stored on disk. This is what a lot of HIPS don't protect against.
Well, Eset's Banking and Payment Protection works with IE, Chrome, and Firefox. It opens a hardened ver. of each.
To add to this. You can have as many secure browsers as you want with Webroot. It doesn't work with just one exclusively like ESET.
Didn't know about that, I always assumed AV's offered a special browser modified for safe banking. However, Webroot also doesn't seem to protect against Nocturnal and Pony Stealer, at least not via HIPS. https://blog.avast.com/2014/08/19/reveton-ransomware-has-dangerously-evolved/
I was just on my bank's web site and they offered a "security checklist." A bit bogus but of note is: So it appears there have been some changes to it.
I believe that Firefox may be the only browser that has the Rapport Extension, otherwise browser support seems to cover most browsers http://www.trusteer.com/support/supported-platforms
I believe what the bank is stating is their Trusteer server software will only directly interface with Firefox. Anyone can install the client version of Trusteer and as you noted, most browsers are compatible with it. However, no secure tunnel connection between the endpoint and the bank server will be established unless Trusteer is installed on the bank servers. The tunnel connection is what makes Trusteer unique from other secured browser solutions.
