Trusteer Rapport

Discussion in 'other anti-malware software' started by JerryM, Oct 4, 2012.

Thread Status:
Not open for further replies.
  1. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    Essentially not at all. As you can see by the PDFs they're against specific tools/ tests or real world malware.

    As Trusteer has said, against malware out in the wild they do fine. They protect against what's out there - it's just that the con demonstrated that bypassing it would be trivial.

    Take that as you will.
     
  2. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,217
    Location:
    USA
    Thanks for clarifying.
     
  3. sbcc

    sbcc Guest

  4. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,113
    Location:
    Sofa (left side)
    Another indication that tools such as Trusteer have made a real-world difference has been the decline in reported losses from online banking fraud over the past few years. However, within the UK at least, that trend is now reversing as fraudsters find other ways:

    It does also indicate that Trusteer perhaps has some work to do in better preventing against phishing, assuming of course that some of the phished victims are already using Rapport.
     
  5. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    830
    No, I guess my attitude is interesting only because I disagree with you. And you? Do you speak for that defunct blog that only wrote about an obscure Rapport vulneravility and then died?

    And I call it obscure because it only affected Mac users who had changed one of their OS's default settings. Mac users are not known for being great tweakers, don't you think so?
     
    Last edited: Nov 6, 2012
  6. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    830
    How? Isn't every piece of software susceptible to be bypassed? You seem to be locked in your rant.

    And if you are talking about that specific flaw concerning self-protection on Mac computers that had admin privileges or access for assistive devices enabled, Trusteer said that it was solved and the guys that discovered the issue never talked about it again. Maybe not a proof but significant, at least for me.
     
  7. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    830
    This is the way I take it: Trusteer if useful and free. If someday it is bypassed by real malware I still have NoScript, My HIPS, my anti virus, my on-demand scanners and my bank's multi-factor authentication scheme to rely on. Layered approach, Wilders' mantra.

    As a bit of information, I have noted that Rapport has changed its way of protecting the keystrokes. They are no longer replaced, now they are hidden. It still passes Zemana test and AntiTest.
     
  8. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,217
    Location:
    USA
    No I don't speak for the blog or the people who made the video. I'm just an end user who considers it a red flag when security software vendors obfuscate in response to unfavorable reviews. Even if the discovered vulnerability is not significant, as you seem to think, (and I'm not at all sure it's not) Trusteer's less than transparent reaction is. As an end user why would you defend that behavior?
     
    Last edited: Nov 6, 2012
  9. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,217
    Location:
    USA
    Yes, of course every piece of software is susceptible to being bypassed. I should have said I would like Trusteer to demonstrate that it's no longer possible to bypass Rapport in the manner that was demonstrated in the video. You're quite right that Trusteer just saying they solved it is not proof. I understand that their word is good enough for you, but I don't think that users should be expected to trust security companies because "they say so".
     
    Last edited: Nov 7, 2012
  10. guest

    guest Guest

    Could you tell us which other security software do what you are demanding?
    Any AV or security product?
     
  11. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    For example, WSA. Providing more solid hooking into the system + authentication (with its keylogging/screen capture protection features). Nothing wrong with Trusteer, the point that was made, and this seems not yet openly addressed (because they cant), is the basic design of the application that is prone to be bypassed/killed. Its the same principle that applies to other applications of this kind like keyscrambler. :)
     
  12. guest

    guest Guest

    I was not talking about that. I have never seen a report/video from WSA demonstrating that they have fixed a single bypass, this is what he is requesting. A changelog seems not to be enough

     
  13. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    They have fixed several bypass in the past and posted it openly. This was at the time prevx and its weak self protection mechanism. Also more recently they fixed a bug related to the MRG simulator. A good reading of prevx forum will make this emerging easily. Of course no images and videos but confirmation from the source (the ones that exposed them. EP_X0FF and Sveta) that those problems were fixed. :)
     
  14. guest

    guest Guest

    What means posted it openly? a changelog? or we have fix this, try it if you want?... the same thing is done by any other vendor.

    Not good enough
     
  15. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    Please read more carefully my post. The source confirmed that the issue were solved! I.e. EP_X0FF and Sveta. Ask them again if you want! For this specific case you don't have this confirmation from the source that exposed them as the design of Trusteer was not changed. ;)
     
  16. guest

    guest Guest

    Good for you and WSA but sorry your example is still no valid, since trusteer or any other company can not demand to the source of the bypass report to update it or re-test it. Of course WSA pays Sveta/MRG to do this kind of things but this is not always an option, and WSA has never done in house reports to proof that a bypass has been fixed.

    They say that can be bypassed by design... what that means? their single bypass doesn't proof their affirmation, can you proof or them that trusteer can be bypassed with the same method in spite of what trusteer rapport says?
     
  17. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    They cannot ask for a re-test since they cannot (or willing to) change how the software has been designed. I am afraid you are fighting a lost battle. The source have clearly claimed there is a basic design flaw of the software (see their blog) and the answer given by manufacturer did not convince them. You can turn it around as you want but the story does not change.

    You are happy that current Trusteer is not by-bassed by any known malware? Good for you. Others are staying away from it because they don't trust its design. A position that you should at least understand and respect! :)
     
  18. guest

    guest Guest

    First, is a notice of 1 year old.
    Second that is a bad excuse, if they did it once, they can do it again, but if they don't want...
    Can they prove (they haven't prove it) that the only way to avoid the bypass is completely redesign on how trusteer rapport is written? can you prove it to me?

    The thing is that neither trusteer or Digit has spend a second to proof the half of the statements that they say. And Digit after all the bla bla bla in their post (the same ~ Snipped as per TOS ~ that they criticize about truster) have not spend time to test it again. BTW Digit blog, news.... seems that the website is abandoned.

    By the way despite of you may think all this has nothing to do with what I asked.
     
    Last edited by a moderator: Nov 7, 2012
  19. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    ... I guess you need to read more carefully the blog post at: http://www.digit-security.com/blog/ and decide to whom to believe.

    And below just an extract on a key issue.... the way encryption is designed into Trusteer.

     
    Last edited: Nov 7, 2012
  20. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,217
    Location:
    USA
    Kindly link to an official changelog from Trusteer stating specifically that the vulnerability - the one regarding encryption - demonstrated in the 44con 2011 video has been fixed. If that exists I will take it seriously, but to my knowledge it does not.
     
  21. guest

    guest Guest

    So what? that means that can't be fixed?

    Suddenly you are going to believe them because the put it in a changelog...?
    That has the same value if you ask them about this specific issue.
    http://www.trusteer.com/support/submit-ticket
     
  22. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,217
    Location:
    USA
    I didn't say I would believe it, I said I would take it seriously if Trusteer was on the record saying the issue around keystroke encryption was fixed. I would consider a statement in a publicly posted changelog as "on the record". By taking it seriously I mean I would respect that they actually made a statement and had stopped obfuscating, which would give them some credibility. Has that happened?
     
    Last edited: Nov 8, 2012
  23. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,306
    Is anyone using Trusteer with Norton IS?
    Thanks,
    Jerry
     
  24. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,591
    Location:
    U.S.A.
  25. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,306
    Thanks, itman.
    I used it for a time with Avast, and KIS. While I would not swear in a court that it was the culprit, I have not had any lock-ups since I removed it.

    I like the idea, and the simplicity of use, but don't want to go through the trouble to work with my computer if it does not work smoothly. I guess I'll pass/
    Regards,
    Jerry
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.