Trusteer Rapport

Discussion in 'other anti-malware software' started by Frank the Perv, Feb 22, 2015.

  1. Frank the Perv

    Frank the Perv Banned

    Joined:
    Dec 16, 2005
    Posts:
    882
    Location:
    Virginia, USA
    So this is what IBM's Trusteer Rapport says it is:

    You Don’t Have Enough Online Security, But You Should.
    Malware and phishing allow cyber criminals to access your computer, account numbers, and personal information. It can take days or weeks for antivirus solutions to detect it, but by then, it’s too late.

    Your antivirus isn’t protecting you against fraud.
    Financial malware is constantly evolving to continuously evade antivirus solutions. In fact, antivirus software detects only about 25% of the most popular malware currently being emailed to people. Trusteer Rapport stops all financial malware to protect you and your account from any fraudulent activity.

    Easy to Use. Won’t Slow You Down.
    Trusteer Rapport takes just minutes to download and install. It runs in the background so your computer tasks continue completely uninterrupted. Once installed, a small Trusteer Rapport icon will appear next to your browser’s address bar, changing color to let you know when it’s working.

    Trusteer Rapport prevents phishing and Man-in-the-Browser (MitB) malware attacks. Using a network of more than 30 million endpoints across the globe, Trusteer collects intelligence on active phishing and malware attacks against organizations worldwide. Trusteer Rapport applies behavioral algorithms to block phishing attacks and to prevent the installation and the operation of MitB malware strains in the wild (such as Zeus, Bugat, Tinba, Torpig, Spyeye, Ramnit, Gozi and various regional malware variants). Trusteer Rapport can be installed on any end user platform including Windows, Mac OS and Virtual Desktops.
    And it is FREE.


    This is where Trusteer came from and that IBM paid $1 Billion for the company in 2014:
    http://www.zdnet.com/article/opening-new-doors-why-ibm-spent-1bn-on-security-firm-trusteer/


    Many large banks (USAA, Bank of America...) recommend Trusteer Rapport:
    https://communities.usaa.com/t5/USA...oftware-available-for-USAA-members/ba-p/34074
    https://www.bankofamerica.com/privacy/online-mobile-banking-privacy/trusteer-rapport.go
    http://www.tdbank.com/bank/trusteer.html
    http://www.scotiabank.com/ca/en/0,,3282,00.html

    Here are 2013 MRG tests showing Trusteer with 100% detection in limited testing:
    http://media.kaspersky.com/pdf/mrg-effitas-online-banking-security-assessment-q2-2013.pdf
    http://techtipy.com/mrg-effitas-online-banking-browser-security-test-result/

    Anybody know of any other testing of Trusteer?


    Here are IBM Trusteer Websites:

    https://www.trusteer.com/ProtectYourMoney

    http://www-03.ibm.com/software/products/en/trusteer-rapport

    ===================

    I don't use the product, nor have I tried it. But I'm thinking about it.

    Much of the information about Trusteer on the web and in this forum is years old. Probably information 2014 or later (since IBM
    acquired it) is most useful.

    So... any current/recent users of this product?


    -Frank
     
    Last edited: Feb 22, 2015
  2. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    7,293
    Location:
    England
    Frank I have never used Trusteer myself.

    However I have removed it from a couple of machines where there seemed to be a strong software conflict which went away after Trusteer was uninstalled.

    Now in order to get the Trusteer uninstall tool (if problems with removing via Programs and Features) you have to apply for it.

    http://www.trusteer.com/support/uninstall-troubleshooting

    Some faq's here

    http://www.trusteer.com/support/rapport-faqs

    (note under item 8 about uninstalling, the link is broken)
     
  3. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    HMP.A and my link scanners + script blockers are good enough for me.
     
  4. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,081
    Location:
    Netherlands
    I tried it in the past. Offers a nice set of protection with some tweaking (you have to manually set some protections from the protected banks to ALL websites), but it delayed the startup of the browser to much for me.
     
  5. ghodgson

    ghodgson Registered Member

    Joined:
    Dec 20, 2003
    Posts:
    784
    Location:
    UK
    I installed it once and then uninstalled it not long afterwards as I found it did slow things down.
    I didn't like it at all.

    Gordon
     
  6. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,048
    Also I think it conflicts with Sandboxie, which is a deal killer for me.
     
  7. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    580
  8. Robin A.

    Robin A. Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    2,282
    And what about this, from Wikipedia:

    "The EULA (Paragraph #2) allows IBM to take files from the machine that it is installed on. You authorize personnel of IBM, as Your Sponsoring Enterprise's data processor, to use the Program remotely to collect any files or other information from your computer ... Some consider this a violation of security and privacy."
     
  9. emmjay

    emmjay Registered Member

    Joined:
    Jan 26, 2010
    Posts:
    883
    Location:
    Triassic
    I use it on one browser only (IE) where I access my financial websites , and nothing else, so as to isolate them from any contamination. I used it before IBM bought it and uninstalled it several times because it slowed the browser down and it did not play nice with SBIE.

    CONS:
    It is a heavy downloader of definitions per day/month (at least twice an AV). Does not work with SBIE. Privacy T+C a bit invasive. The program installs an icon on every browser you have installed and it is impossible to remove it from the browsers that you do not want to use it on (I tried to get it off Chrome, but it is somehow hidden).

    PROS:
    I have a Lenovo laptop and Lenovo desktop, so in retrospect I am happy that it is installed. Further investigations of Superfish, from the links here on Wilders and blogs elsewhere indicate that Lenovo is not alone in using this type of revenue tool. MiTM attacks happen without you knowing about them until it is too late. The latest release is not heavy on the system and I have found that my browser loads very quickly now. The GUI is good and you can edit, re: preferences to the degree of lockdown you want.

    Second thoughts: I am going to use it on all my browsers until this current problem with hijacked root certificates is solved. Any website that I access and interact with will now be under the protection of Trusteer. I can no longer trust https alone.

    FYI: It is called Trusteer Endpoint Protection.
     
    Last edited: Feb 23, 2015
  10. 800ster

    800ster Registered Member

    Joined:
    Dec 1, 2006
    Posts:
    203
    I like it. Most of the hate you find for it is based on reviews & experiences from several years ago. I find the recent versions light and unobtrusive. The EULA has scared some of the tin-foil hat brigade but I read it just saying that they will collect any file that is required for investigating malware.
     
  11. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    I have tried it at least twice in the past on my WIN 7 SP1 x64 PC that has plenty of horsepower. It slow IE to a crawl.

    If you intend to use it, do an image backup first since uninstalling Rapport is a nightmare.

    Also the software was developed by an Israeli company and I believe IBM bought the company but primary development is still being done by the original company.

    Finally, Trusteer is only a very secure solution if your banking establishment also has the server side software installed.
     
  12. Frank the Perv

    Frank the Perv Banned

    Joined:
    Dec 16, 2005
    Posts:
    882
    Location:
    Virginia, USA
    This is what makes Wilders great. Lots of good responses, and I now have a better 'flavor' for Trusteer than I previously did.

    Thanks Stapp. I need to look into that more. Why would one have to apply for an uninstall tool... that part does not sound good.


    From you Kees, that is significant. It's all about the protection.


    Mental note: Must finally try Sandboxie one of these days.


    Thanks emmjay. Current user input is exactly what I was looking for.


    The uninstall piece is important. I'll go to IBM directly to find out more about that... before I try. Thanks.


    From talking to two IT reps at banks, this was my guess as to the current state of the product. Thanks.


    LOL..




    -Frank
     
  13. emmjay

    emmjay Registered Member

    Joined:
    Jan 26, 2010
    Posts:
    883
    Location:
    Triassic
    There is a list of all the financial institutions that have the server side software installed (open the GUI, see trusted sites). If you add a site of your own it is listed under 'your added sites' and you can remove them if you change your mind. If you read the recommendations set out in the Trusteer install , they suggest that you add shopping, mail and social networking sites. It is a mystery to me how it works with these sites as I assume they do not have the server side software installed .... if you find out, let me know.
     
  14. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,257
    Tho off topic and I have no experience on Trusteer, actually this type of MITM is easy to detect if you always check certificate with your eyes. I do this, so I wouldn't be scared if I were Lenovo user.
    No intention to defame Trusteer Rapport.
     
  15. 800ster

    800ster Registered Member

    Joined:
    Dec 1, 2006
    Posts:
    203
    As I understand it there are effectively 2 parts to Trusteer:

    1. Works with server side at bank to ensure secure, validated communication.
    2. Provides other functions, common to many other security products, such as detection of keyloggers, MITM, MIB etc. that can work for any other manually added site.
     
  16. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,127
    Location:
    USA
    Sorry to bring up this blast from the past, but does anyone know if this was ever addressed?

    https://www.youtube.com/watch?v=EimZQgt7WPg

    There was a discussion here about it that included a Trusteer rep, and I found it disturbing that they refused to speak to this video demonstration of TR being bypassed. Basically their response was "TR hasn't been bypassed in the wild by banking trojans" (or words to that effect). I lose confidence in companies that won't acknowledge and fix problems (or effectively refute them).

    Apart from the above I have tried TR on a couple of my computers and also experience unacceptable browser slowdowns. That was some time ago though and perhaps performance is better now.
     
  17. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,730
    Location:
    localhost
  18. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,127
    Location:
    USA
  19. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,730
    Location:
    localhost
    Well, the answer basically is that TR protect the user from all know threads and they are not aware of any malware bypassing TR. Development keeps update TR to address any real bypass. The rest gets low priority in their agenda.

    You can question the approach but they follow a logic.
     
  20. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,038
    Location:
    The Netherlands
    I never used it because of bad reviews which mentioned slowing down the system, and privacy problems. BTW, seems like IBM have changed the look of the Trusteer site.
     
  21. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,081
    Location:
    Netherlands
    I installed it again, but one of its executable was not ASLR enabled, so removed it immediately again
     
  22. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    Or, use EMET's certificate pinning feature and automate the process.
     
  23. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,771
    Location:
    Outer space
    The question is also if Trusteer protects against stuff like Superfish, it doesn't perform MitB attacks.
     
  24. emmjay

    emmjay Registered Member

    Joined:
    Jan 26, 2010
    Posts:
    883
    Location:
    Triassic
    https://www.wilderssecurity.com/thre...talling-adware-on-new-computers.373547/page-4

    We searched the Decentralized SSL Observatory for examples of certificates that Komodia should have rejected, but which it ended up causing browsers to accept, and found over 1600 entries. Affected domains included sensitive websites like Google (including mail.google.com, accounts.google.com, and checkout.google.com), Yahoo (including login.yahoo.com), Bing, Windows Live Mail, Amazon, eBay (including checkout.payments.ebay.com), Twitter, Netflix, Mozilla’s Add-Ons website, www.gpg4win.org, several banking websites (including mint.com and domains from HSBC and Wells Fargo), several insurance websites, the Decentralized SSL Observatory itself, and even superfish.com.

    This post/thread has revealed more and more about what we needed to know. Trusteer is at least a good barrier to MiTM attacks for their partner websites. None of my root certificates for the sites I access have been hijacked. I have since added my mail and health insurance site ( they will at least have the login and passwords protected). I have two mail providers, gmail and windows live. They are both vulnerable to the current issue. On adding gmail it produced a handler request up in the address bar ... never seen that before. I left it as 'ignore'. Will be checking certificates over the next while to see if anything looks suspicious. I do not use social networking sites.
     
  25. Frank the Perv

    Frank the Perv Banned

    Joined:
    Dec 16, 2005
    Posts:
    882
    Location:
    Virginia, USA

    Good info to further evaluate the product.

    Thank you.