Secure Banking - a little german Software

What is the difference btw Secure Banking v1.4.6 and Secure Banking v1.5.1??

http://translate.google.com/transla...out=2&eotf=1&u=http://www.secure-banking.net/

 

Yes it will be translated!

Basically GData's BankGuard uses the same method to detect this kind of trojans. So the detection ratio might be the same.
As far as I can judge it (I never tested GData's BankGuard), Secure Banking offers more functions/protection, because it also supports Google Chrome and offers an additional Anti-Rootkit Guard.
I don't know which programm needs more cpu/ram resources. I can only speak for my application, which apprx. needs 4MB of RAM and CPU-Usage is between 0%-1%.

Well, as already mentioned, Secure Banking might have the same detection ratio.
Referring to internal tests, Secure Banking detected all (banking)trojans, which I installed on my virtual machine.

Alot of bug fixes, faster, more efficient app (cpu + ram), recoded core, Trojan Cridex & TinyBanker removal added and of course the new Anti-Rootkit Guard.

 

Thanks for the information, Niklas and a warm welcome to Wilders.

 

When it will be ready the translation? It can't take a long time, all the text in the interface isn't longer than 5 lines...
I have applied to become a betatester.

Does your software protects against all this threads?
https://www.owasp.org/index.php/OWA...Banking_Malware_Families_.28Active_in_2012.29
https://www.owasp.org/index.php/OWA...Banking_Malware_Families_.28Active_in_2012.29

4.1 Spyeye
4.2 Zeus
4.2.1 Zeus Mitmo
4.3 Carberp
4.4 Clampi
4.5 Tatanga
4.6 Urlzone
4.7 Gozi
4.8 Shylock
4.9 Sunspot
4.10 Oddjob
4.11 Ramnit
4.12 Cridex
4.13 Tinba
4.14 Gataka

 

Thanks man, I'm delighted to be cordially welcomed to this forum.

Haha...well it might look so, but it is far more work. There are alot of strings which are not visible in normal mode. E.g. error/warning/debug strings, which also need to be translated and of course all the images need to be edited. (Well, it still sounds as not so much work, but I've sooo much work to do)

But luckily some english users applied for beta testing, so I'll offer an english version very soon.

Since they are all using MitB attacks, yes.
But not all of them are listed in my online database.
Following malware is listed in my online database:
-Zeus (and all modified variants of it, IceIX, Gameover, Citadel,...)
-SpyEye
-Carberp
-Cridex
-TiBa (Tiny Banker)
-Torpig

All other threads are not listed, which means they will be detected and blocked as unknown malware.
If someone sends me samples of this unlisted trojans, I can add them within a 1min to the online database.
I'm using a special method to identify the trojan-family, which means, I only need one entry in my database to cover the whole trojan-family.
E.g. one entry of Zeus is enough, to identify all (99%) distributed (crypted, etc.) samples. It is a kind of behavior based identification.

For clarification, all this online database stuff has nothing to do with the detection of malware, only with the identification.

 

I would help you to translate it but I have now clue of german

Regarding the malware basically you need this:
4.4 Clampi
4.5 Tatanga
4.6 Urlzone
4.7 Gozi
4.8 Shylock
4.9 Sunspot - Provided by fredvries
4.10 Oddjob
4.11 Ramnit - Provided by fredvries
4.14 Gataka - Provided by fredvries

I don't know how to get the samples but let's hope somebody here in wilders read this and help you.

Anybody knows any user in wilders able to get this samples?

 

Thats right.
It is also important that the samples are active, because some of this trojans are downloading the "attacking module" from the C&C server to prevent detection by anti-virus.

Thanks for your efforts.

 

The translated home page of Secure Banking

Secure Banking

Online Banking on the safe site/side

You don't want to have an unknown person get his hands on your bank account, views your Facebook photos or has a look at your e-mail account?

Secure Banking is an application that specifically protects you against such Trojans and can be installed in addition to your existing antivirus program.

How does Secure Banking work?
In any browser, there are only a handful of interfaces/functions that are responsible for sending/receiving data. Malware hooks itself onto these interfaces/functions and can capture all sensitive data (so-called "man-in-the-browser" attack).
Secure Banking checkes whether these interfaces/functions have been modified and can reliably determine whether your system is infected with a banking Trojan. If a manipulation has been discovered, Secure Banking will try to remedy these changes and thus block the malware.
This innovative technology ensures that Secure Banking is not dependent of virus signatures or constant updates, but is always protecting you from known but also from unknown banking Trojans. Secure Banking operates in combination with an online cloud database and can therefore, in contrast to behavioral scanners, also identify the threats by name.
The tool thus closes a significant security hole that no popular antivirus software addresses.

A small pictorial representation can be found at the end of this page.

 

If I am running KIS with "Safe Money" ( a protected browser) for online banking services, is Secure Banking of any benefit on my system?

 

Bank online from home only and make sure your network appliances and client machine are secured. Don't click on "banking" email links.

 

Well, as far as I read it on their homepage, it is still a "normal" webbrowser, which just checks if your connecting to the right online-banking website.
So it might be safer as usual, if malware is not targeting this special browser.
(Because Secure Banking does not support this browser.)

I guess that you are using a normal webbrowser (FF, IE or Chrome) to surf the web for checking emails, facebook, paypal, ebay, ... in this case Secure Banking also protects you, against stealing all this passwords.

So it does not only protects you during your online banking session, but also during your whole internet session. So its always clearly a benefit.

 

Is this software compatible with Sandboxie? It would be great SecureBanking will try and test it.

 

Can someone who is testing this software post some screenshots? TIA

 

Yes some screenshots would be nice.

 

A screenshot.

http://www.google.nl/imgres?q=secure+banking+1.5.1&um=1&hl=nl&biw=1280&bih=820&tbm=isch&tbnid=8PhAq2eFbce7EM:&imgrefurl=http://www.heise.de/download/secure-banking-120186018.html&docid=Lbu_Xzidj1MkKM&imgurl=http://www.heise.de/software/screenshots/104241.jpg&w=582&h=356&ei=q5JYUKnFA4bF0QXW84HgBg&zoom=1&iact=rc&dur=110&sig=112528310458579703465&page=1&tbnh=120&tbnw=196&start=0&ndsp=28&ved=1t:429,r:2,s:0,i:76&tx=75&ty=107

Translated items:
Status > Status
Ereignisse > Results
Deïnstalliere > Uninstall (not in the latest version)
Update > Update
Sliessen > Close

 

Process runs with High Integrity, so can't be touched by normal browser processes (medium level with FF, Low intergity with IE, Untrusted with Chrome).

Autostarts in HKCU\etc\RUN, can be un-done by medium integrity processes (only a achilles spot with FF, with IE and Chrome this is less likely). To provide FF user a lasting Safe-Banking experience, this autostart should me moved to HKLM\etc\RUN

 

http://www.chip.de/downloads/Secure-Banking_57481406.html

There you can find a screenshot from the latest version. (the one posted above is pretty old)

Can you please repost this sentence in other words, I can't get a sense out of there in german.

Why should a moved autostart registry key (to HKLM instead of HKCU) "only provide FF users a lasting safe banking experience"?

Secure Banking is currently installed only on the current user (HKCU). Which means if you log into another user account, Secure Banking is not installed there. So no browser is protected there.
I will add the choice to choose between installation in current user or all users on the next update.

 

Most internet facing applications have a parent (first instance) running medium level, so they can not intrude processes running with higher rights.

The renderer processes of Firefox run with medium integrity and any intrusion can revoke/delete the autostart entry of Secure Banking, meaning with next boot Secure Banking won't run automaticallly and protection is gone.

IE renderer processes run with low integrity and can change the HKCU autorun entry. Chrome renderer processes run with even less rights (untrusted). So in normal operation Secure Banking autorun can't be deleted by renderer processes of IE or Chrome. Hence the weakest browser Firefox is the one which benefits most of moving secure banking from user to all users autorun.

Your choice to install for current user only, will in practise be no problem for IE and Chrome, so this small point of critism is intended primarely to give FF users a lasting secure banking experieence (as explained FF malware can target Secure Banking indirecly).

Regards

 

Ah thanks, now I got it.

Well, with sufficient rights everyone/everything can delete autostart keys. I could implement a registry-watchdog, but that would only add unnecessary cpu usage.
The user notice it, if someone/something shoots up Secure Banking. (No tray symbol + no notification message when opening browser)

But I'll definitely add the opportunity to install it in HKLM.

 

no English version? i couldn't find one on the website.

 

This program is very easy to use. Don't need a translation on English.

ELWIS1

 

@guest

You can edit your list of malware SecureBanking still needs because I can probably 'donate'
4.9 SunSpot
4.11 Ramnit
4.14 Gataka

 

Ok, I'm going to edit it, thanks for your help

This is the list now

4.4 Clampi
4.5 Tatanga
4.6 Urlzone
4.7 Gozi
4.8 Shylock
4.10 Oddjob

 

I don't speak a word of German. Can anyone tell me the cost of the Secure Banking software??

 

@kdcdq

It's free.