Discussion in 'other anti-malware software' started by CloneRanger, Dec 9, 2011.
w32h4x0r has more info etc !
Video here -http://vimeo.com/33341011
Nice find. Was it x64 platform or 32-bit?
What are the banks going to do now?
Sue Trusteer and partner with Webroot?
Thats why a layered defense is the best defense.
Relying on one solution in todays world is to risky, if it's bypassed it's game over.
Trouble is only a handful of people use a layered defense. The masses expect Trusteer to deliver just as they expect an AV to deliver etc. And they dont have the time. SET & FORGET is what's demanded.
If Trusteer was breached then what about the Internet Security Suites. Many boast safe-on-line banking. I'll bet they haven't made as much effort as Trusteer.
Sometime ago I came with the perfect solution to defeat keyloggers running in user land, under Windows Vista/7.
Keyloggers were completely blind to the browsers.
Obviously, it was just a test. But, I've set the browser with an explicit high integrity level, and I've applied the flags NoReadUp, NoWriteUp and no NoExecuteUp.
I think NoReadUp would suffice, though. I need to verify it.
I ran the browser as administrator, because you can only run High integrity level objects and containers as administrator.
But, by allowing communications to happen only with the bank's IP(s), then what harm can happen? That would mean intruders were already inside the bank's servers, wouldn't it?
Anything like that in XP?
So does this leave Prevx safeonline as the only free alternative?
Microsoft only implemented integrity levels in Windows Vista+. Windows XP users have no luck.
The only alternative would be to run the browser in a secure desktop. avast! paid products offer this functionality.
There's at least one more application (free; I think the code is available as well), that would allow people to do that as well (to run applications in a secure desktop). I don't recall the name. I'll have to look it up.
Programs running in the secure desktop vs. keyloggers, screen loggers, etc.
Is Rapport hacker-proof?
Unfortunately, no security solution is. Rapport adds a very important and unique security layer that allows your bank to better protect your sensitive information and promptly react to threats aimed directly at you. With Rapport you are more secure and your bank has better mechanisms to protect your money. However, security is a constant battle and Rapport, as your antivirus solution or any other security product you use, makes it harder for criminals to commit crime.
It's really amusing to see "it's the end of Trusteer!" reactions just because of the typical "see how I bypassed X" video. What security app is immune to this? None.
That's it! Thanks!
I don't see any "it's the end of Trusteer!" reactions ? only justified concerns !
How do you know that ?
Over on KM w32h4x0r has asked for other Apps to test it against, so hopefully we''ll see how they shape up, or not
Now, if you tell me that they are just jocking around, that's another thing.
That no app is immune and everyone can be bypassed one way or another by a hacker operating with admin privileges in front of a computer? I don't know, crazy ideas. For example, Safe Online, that has been quoted here as an alternative to the the now 'flawed' trusteer, is bypassed east, west, north and south by the MRG's simulators and their real world malware tests daily.
I obviously cannot answer for the others, but I fail to see how my comment fits on your description, "it's the end of Trusteer!"?
Now, if you don't know whether or not someone is joking, perhaps you should ask the person directly.
Nice explanation of Rapport and its functions, regarding this video by Chris over at MRG.
"Yeah, we saw this. The fact of the matter is you can design a POC tool to bypass ANY specific security application."
A very interesting post, including the last paragraph.
This is not true with the updated version of WSA in 8.0.1.x, and we will be offering a free version similar to SafeOnline in the coming weeks
I suppose it's always good to have one more coming to the fight - in the freeware world.
I don't mean to hijack this thread, so you can answer in Prevx forum or PM, but will it come as a Xmas present?
What's new with the new version of WSA that it won't be bypassed by MRG's tests?
I don't want to derail the thread but we made several improvements about a month ago which closed off any known vulnerabilities from malware or other testing.
Looks like you've been beat again. Or does this not count? http://malwareresearchgroup.com/
And the cat/mouse game continues
As always is the case between vendor & malware authors/researchers.