Trusteer Rapport

Discussion in 'other anti-malware software' started by PC__Gamer, Jun 17, 2011.

Thread Status:
Not open for further replies.
  1. PC__Gamer

    PC__Gamer Registered Member

    Joined:
    Dec 26, 2009
    Posts:
    526
    Hey guys,

    My bank has just offered me this software for free.

    How has production of this software been in the past few years (since I originally heard about it) ?

    Does it operate similar to Prevx safe online?

    What are peoples experiences with the software like?

    It does say it blocks viruses to.

    Rapport’s unique technology blocks advanced Trojans including Zeus, Silon, Torpig and Yaludle without the need to constantly update and chase the different variants of these Trojans.
     
  2. codylucas16

    codylucas16 Registered Member

    Joined:
    Nov 17, 2009
    Posts:
    267
    It works kind of like keyscrambler on sensitive web pages. It encrypts your keystrokes. It also intercepts screen captures while on sensitive pages.

    While on pages that they do not protect, it really doesn't do much.
     
  3. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,072
    It's not like keyscrambler at all, keyscrambler just encrypt the keys and does not protect against the modern banking malware.

    @PC__Gamer
    Trusteer Rapport offers more or less the same level of protection than Prevx safe online and both are much more advanced than keyscrambler. What I dont like of it is eats a lot of RAM. But I like that it is more configurable than Prevx Safe Online

    You dont need your bank to give it to you, you can get it for free from here: http://www.trusteer.com/webform/download-rapport

    You can start to test it right now, install it and take a look to the rules so you will see that protects against more stuff that you can read here:

     Blocks Zeus, Torpig, Silent Banker and other Man-in-
    the-Browser attacks
     Blocks all malware attacks including Keyloggers and
    Pharming
     Enables phishing site detection and confirmation
     Delivers advanced reporting on current and new
    threats including zero-day attacks

    Trusteer Rapport differs from Anti-Virus and Firewalls
    because it:
    1. Locks down access to financial and private data
    instead of looking for malware signatures
    2. Communicates with your online banking website to
    provide feedback on security level and report
    unauthorized access attempts
    3. Enables you to take immediate action against
    changes in threat

    http://www.trusteer.com/presentation-how-it-works
     
  4. tgell

    tgell Registered Member

    Joined:
    Nov 12, 2004
    Posts:
    1,075
  5. sbcc

    sbcc Guest

    I've only run into Rapport once that I can remember, but my experience with it may be relevant. This was perhaps a year ago on a customer's computer. XP MCE, IE8 and a gig of RAM on a Centrino laptop, IIRC.

    I cannot speak to its effectiveness, but I can confirm lordraiden's observation that it does (or did) use a lot of RAM. It also slowed browsing considerably and some websites would not load completely. We decided to remove it. That was not easy, there were stubborn leftovers. To the best of my recollection, I had to manually remove a service and a browser add-in. After removal, browsing returned to normal.

    Customer was using Avira Personal, so the antivirus was not contributing to the slow browsing - no web guard in AntiVir at that time.

    It's certainly possible that these issues have been addressed in the latest version, but I'd do a system image before installing it. It is tenacious. :)

    sbcc
     
  6. Nekromantik

    Nekromantik Registered Member

    Joined:
    Dec 8, 2010
    Posts:
    107
    I had this installed few days ago and on my Laptop it did eat RAM while it was installed with OA Free and Panda Cloud AV.

    So I went back to Prevx SO.
     
  7. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,767
    Location:
    Outer space
    Indeed, Trusteer is quite like Prevx SOL, but unfortunately uses quite some memory and apart from some pre-configured protected sites you have to enter each site you want to protect manually.(With SOL you can add also set protection level for all HTTP and HTTPS sites.)

    I'm not sure about Quaresso, haven't tried it myself and the site doesn't go in much detail. It doesn't seem to protect against form grabbing.
     
  8. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,121
    Location:
    USA
    True, but it seems to have maximum value if it supports your bank directly. Here's a statement from the Trusteer CEO during an interview:

    Our software integrates into the bank’s site and communicates with the [Rapport] software installed on customer machines, and the two of them can work together so that the bank can effectively measure what the software does on the customer’s desktop. Whenever the customer logs into the bank’s site, the bank knows whether Rapport is there, whether it’s up to date, whether its been attacked or compromised.

    I installed it on one of my Windows 7 systems with 3 gigs of ram. Since ram is as cheap as dirt (well, maybe not dirt) why worry about ram usage? I just checked and its currently using 30 megs. I don't notice any slowdown when browsing with IE 9.
     
  9. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,767
    Location:
    Outer space
    I've found a video explaining Quaresso, it's quite different from SOL and Trusteer:
    http://www.quaresso.com/flash/POQue/POQue.html
    It works on demand, it is not even installed permanently. It is launched through the browser using Java or ActiveX(meh) and then launches a new protected browser window until the secure session is over.
     
  10. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,072
    I think that still there is no difference, the partners/banks are preconfigured in trusteer rapport so maybe this is what they want to mean.
    I would say that your bank will provide the same installation file but you will have access to direct support, and important security news of your bank using the interface.

    I agree with you, although I mentioned it the RAM is not an issue and I didn't notice any slowdown.

    I have never use quaresso probably because you can get the same benefits for free using Prevx SOL free or Trusteer Rapport.
     
  11. 1chaoticadult

    1chaoticadult Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    2,248
    Location:
    Chaotic Land
    Rapport only using around 30mb for me and I noticed no slowdown with websites at all.
     
  12. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    In my testing in the past with Rapport and AKLT, I noticed that Rappport scrambles keys in a regular, predictable way. Like if I write USER in password filed, it will always write ABLE( just an example). So I guess a keylogger will grab it and then the info can be de-coded to get aftual passord.

    Can anyone confirm this? Thanks
     
  13. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
  14. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,108
    Location:
    Sofa (left side)
    No, Rapport just outputs the same string in repetition. On my system whatever I type results in the keylogger test application (e.g. Spyshelters) seeing ABCDABCDABCD and so on.
     
  15. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Ah... ok. Same thing with me I guess. I just mis-understood it. Thanks

    BTW does any one know what are the limitations of free version?
     
  16. qakbot

    qakbot Registered Member

    Joined:
    Aug 25, 2010
    Posts:
    380
    All the anti-keylogging software are just marketing gimmicks. There is simply no way they can protect you from malware that is already running on the machine. I mean think about, they are hooking the keyboard device stack. Well.. ok, however low they hook, my kernel-mode malware can hook below them and still see the unencrypted keystrokes.

    If they patch a user-mode API to block certain calls to it, I can patch over them and see the API call before them.

    The guys that write Zeus and other such Trojans are not idiots.. they are far more sophisticated than the average malware writer.

    So its no wonder that these products are being given out for free since they dont really work.
     
  17. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    agree 100%:thumb: :thumb:
     
  18. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Don,t agree at all. MRG people,s tests showed that some of these are usefull. Rapport is one of them.
     
  19. qakbot

    qakbot Registered Member

    Joined:
    Aug 25, 2010
    Posts:
    380
    MRG like all the other reviewers are in this for money. They are not running a charity organization. So they will publish any review that someone will read and hopefully pay for.

    I challenge anyone from MRG to disagree with any of my comments.

    If you want to read about device stacks, see http://www.codeproject.com/KB/recipes/keystroke-hook.aspx?display=Mobile

    although all of this is second nature to anyone that writes Windows device drivers.
     
  20. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,108
    Location:
    Sofa (left side)
    No, they are not hooking the keyboard device stack.

    Strange then that these products, especially Rapport, are proving extremely effective in the fight against Zeus, Spyeye, Carberp et al. Either the authors of Zeus and Spyeye are stupid or these products don't work work how you think they do.

    So if they don't work, why are the banks seeing reduced losses and why do independent security firms confirm that Trusteer stops Zeus et al working? They're all being paid to post false analysis and reviews right?
     
  21. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Now all that need a practical proof that is not possible unless we do test all of it ourself.

    But i do believe that some products can deceive malware loggers and in the same way loggers can defeat security software, but it,s not a one way process.
     
  22. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,072

    "The guys that write Zeus and other such Trojans are not idiots..." no, but they are smarter than you think, they don't lose the time setting hooks on the keyboard.

    Sorry but you are completely wrong. First Zeus and his friends does nothing to do with hook the keyboard, or capture keystrokes.
    And trusteer rapport protects against Zeus and his friends even in a pre infected computer.

    And trusteer rapport is probably free for the users because their partners and important clients are the richest people in the world, the banks.

    http://www.secureworks.com/research/threats/zeus/

    And the user guide of Zeus: http://pastehtml.com/view/1ego60e.html
     
    Last edited: Jun 18, 2011
  23. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    830
    That's right. If I'm not mistaken, they wait until you make some transaction in your bank account and then modify it to their benefit. Keyloggers are good for hacking your sister's Facebook account and things like that.

    My bank, for instance, send me a one-time code via my mobile phone everytime that I try to log in, in addition to the regular password. So the keyloggers are useless for criminals when dealing with serious banks.
     
  24. markusg

    markusg Registered Member

    Joined:
    Jun 10, 2009
    Posts:
    248
    is it not better to use an cardreader, with own keyboard and display, its more secure as to use an keyboard or virtual keyboard...
     
  25. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,072
    Probably but at least in Spain I don't know any bank offering this option, but for example my bank send me a password to my mobile to use it on every operation and to login in the website. You can also request a personal coordinates card (TCC).
     
Thread Status:
Not open for further replies.