Whats the diff between SafeOnline vs Trusteer Rapport?

Discussion in 'Prevx Releases' started by Sceptre89, May 31, 2010.

Thread Status:
Not open for further replies.
  1. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    830
    Oh, I see.

    You have a possible new client here, look:

    Aren't you interested?. Or you have already made so much money with this that you prefer to spend your time uploading videos to Youtube?.
     
  2. 9501frank

    9501frank Registered Member

    Joined:
    May 31, 2010
    Posts:
    10
    I don't want to get into too many details as Prevx are obviously not comfortable with it.

    Generally speaking - every "hooked API" can be unhooked even if you try to protect it from being unhooked. There is a lot of technical information about it and this is what bad guys do best. I wouldn't rely on this type of protection.

    As for classifying malware programs - also generally speaking, if you're polymorphic enough you will avoid it.
     
  3. Uli9000

    Uli9000 Registered Member

    Joined:
    Sep 29, 2009
    Posts:
    85
    Location:
    Edinburgh
    To 9501 Frank

    Prevx has said that no single malware protection software is flawless. In finding a flaw in prevx you are proving what is already known. Any motives to bring something to the attention of prevx users seem therefore suspect.

    Prevxhelp has offered to to use your findings to strengthen the protection of prevx. Have you offered your help?

    Uli
     
  4. 9501frank

    9501frank Registered Member

    Joined:
    May 31, 2010
    Posts:
    10
    I will share my findings with prevx once I complete the report. I understand the sensitivity of people on this forum to such information.
     
  5. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,741
    Location:
    UK
    It's not just about the "sensitivity of people on this forum" or any other security fora for that matter. It's about ethics.

    If you have found flaws in the product, I would say it's advisable to discuss it with the developers directly and help them to improve it. If I was so inclined to do research in the same manner, I wouldn't be bringing up my findings in this or any other forum; I would be contacting the company direct and having dialogue with them about such findings in order to learn about and improve the program.

    This is the problem with such disclosures. They often take place before any real changes can be made if indeed any need to be actioned. Being open like this isn't always the best way. It's like when people complain about product X doesn't detect certain malware; rather than moan about it, they should be contacting the vendor. That way, things can get resolved in a timely and discreet manner. :)
     
  6. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    you are probably right in so many ways, yet it would have to be Prevx specifically open to such discussion (which at least is offered in this thread), else history in recent years shown that a lot developers just did not care about fixing bugs/flaws and the lot and kept ignoring such until they were forced to do so by public disclosure.
     
  7. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    We are always open for fixing issues. As I mentioned earlier, we have multiple third party companies hired on a continuing basis for finding specifically this - we are proactive with identifying issues which is why there have never been any exploits against Prevx :)

    EDIT: We've officially released the changed version which protects against additional screen grabbing attacks: https://www.wilderssecurity.com/showthread.php?t=274000 - we'll be looking into the IE AsteriskWin issue but note that this only affected Internet Explorer - all other browsers are immune.
     
    Last edited: Jun 2, 2010
  8. silverfox99

    silverfox99 Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    204
    Am I wasting memory by running Prevx alongside NIS2010, if the above is true and Prevx 'disables' some of the NIS browser protection? Would it make any difference if I uninstall NIS and just run Prevx?
     
  9. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Please do not read into his FUD. Prevx unhooks malicious hooks in the browser but has exceptions in place for AV vendors that have legitimate hooks. We've spent considerable effort ensuring that AV products are fully supported in the browser and the value of removing information stealing banking trojans from the browser that would have already bypassed the existing AV far exceeds the few cosmetic hooks that some AVs place.

    If you are concerned, you can lower SafeOnline's protection to Medium to prevent this protection but it will degrade the protection against unknown threats.
     
  10. silverfox99

    silverfox99 Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    204
    Thanks PrevxHelp for the clarification. Both NIS2010 and Prevx remain installed on my laptop.
     
  11. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    9501Frank,

    You seem to be combative about this. The answers I've seen from Prevx in this have never been evasive, but you insist on believing there are holes in it, rather than understanding the imperfection of written language, inability to automatically question something to clarify (which is possible in verbal communication), and withheld your hand on co-operating with Prevx, as you claim to want to help them...which should have gone immediately to PM once they offered the choice. After PM'ing, you could always have come back and let us know what you thought of your interactions with them. You did sound so genuine at the start...and maybe you are.

    And before you think I work for Prevx, see my join date, which predates Prevx's tenure here by quite some time, or you're also welcome to search my posts.
     
  12. TerryWood

    TerryWood Registered Member

    Joined:
    Jan 14, 2006
    Posts:
    945
    Hi All

    Not sure whether this post is allowable as opposed to creating a new thread. I am sure the MODS will straighten me out if I am in contravention.

    I have been very interested in this thread simply because like many others I am interested in protecting all my online activities including and specifically banking.

    I am not sure where this thread has actually got to in terms of a full understanding of the differences. What we do have however is a standoff between Prevx and someone who claims to have considerable knowledge about claimed flaws in SafeOnline. Possibly two two sets of competing vested interests for whatever reason.

    Now my question:

    Do we need the likes of Trusteer Rapport & SafeOnline?

    I ask this because Sandboxie can be set up to deny anything to be run in the Sandbox EXCEPT the relevant browser. So in theory no keyloggers, trojans etc can run their dangerous payload.

    So what about some comments about the Sandboxie alternative?

    Is it viable? Does it make Trusteer & Safeonline redundant? If not why not?

    Thanks

    Terry
     
  13. pling_man

    pling_man Registered Member

    Joined:
    Feb 11, 2010
    Posts:
    599
    Location:
    UK
    If you run your browser in a sandbox, a "trojan" could still run outside it that can take a screenshot of your screen or log key presses. It doesn't need to run inside the sandbox to do these things.

    So no, SafeOnline and Rapport are not really redundant. As far as I know all the sandbox does is block infections coming in through the browser. True, this will prevent a lot of trojans, but they can still get in by other means.

    Last time I ran rapport, it didn't offer screen capture protection. So that's one difference.
     
  14. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    This is exactly correct - Sandboxes are great for blocking specific actions but at some point users need to install software or perform an update on the physical PC. Even if they use full system virtualization programs, information stealing trojans can peacefully coexist with virtualization programs. Sandboxes also fall victim to the same issue - if a threat is running within the sandbox, it can view all of the information stored in the sandbox as well so while the user's PC will be safe from an infection, their data is still at risk.

    This also negates the potential for a threat to be pre-existing on the user's PC which is the bulk of the problem today, and then the other side of the issue which stems from a threat coming from a non-sandboxed location or exploiting the sandbox in some way. The outside operating system can still view all of the data within the sandbox and in many cases, a sandboxed program can view data from the system (as some sandboxes only block write access rather than read access).

    SafeOnline is definitely a valuable additional layer irrespective of what other security you have installed :) Please let me know if you have any questions!


    (And to 9501frank, we've fixed the AsteriskWin issue, due out in the next beta build but I can provide a pre-release version to you if wanted)
     
  15. TerryWood

    TerryWood Registered Member

    Joined:
    Jan 14, 2006
    Posts:
    945
    Hi All

    Thanks for your replies.

    As a non techie I have to accept what you say, although there are other courts of opinion which "might disagree" in part wth the comments from PrevXhelp and pling_man.

    I would also repeat the point that I made in my post that Sandboxie can be set up to deny anything running in the Sandbox other than ones browser.

    In the reply from PrevxHelp he appears to ignore this precondition (of denying anything to run) and talks about:

    "if a threat is running within the sandbox, it can view all of the information stored in the sandbox as well so while the user's PC will be safe from an infection, their data is still at risk."

    This may be true but it does not deal with the specifics of my post in which I explicitly stated that Sandboxie could be set up to deny this.

    So if it is correct that Sandboxie can deny threats running in the Sandbox as I have stated, then the only issue remaining is whether a threat outside the sandbox can read files passwords etc irrespective of whether it is residual on the system or just downloaded.

    If the latter is correct then indeed Trusteer/PrevxSafeonline would have a role in a balanced security setup.

    Two further points. 1) I have no axe to grind. I seek not to defend or propose Sandboxie as a "fanboy", neither do I seek to diminish or discount PrevxSafeOnline/Trusteer. I just want to get the best independent advice that I can for me.

    2) It is a little disappointing that no comment was made on my observation that Sandboxie can be setup to deny execution of everything in the Sandbox except the browser. It was ignored and PrevXHelp' response was to talk about threats running in the Sandbox.

    It just gives a slight impression of bias in the reply. The best replies are the ones that unambiguously recognizes a competitors strengths but then go on to unambiguously talk about the added value of ones own product.

    I am going to seek further information from other sources because I want to be sure of the "added value" I would be receiving from the purchase of PrevxSafeOnline. So I may well return to this thread.

    To all who contributed thank you very much.

    Terry
     
  16. Dark Star 72

    Dark Star 72 Registered Member

    Joined:
    May 27, 2007
    Posts:
    771
    Terry, I can confirm from my own use of Sandboxie and testing of Malware that you are correct that Sandboxie can be set up to deny anything from starting or running in the sandbox except the browser. It can also be set up to allow anything to start up and/or run in a Sandboxie but not to be able to connect out. I have run Malware in a testing Sandbox and as soon as it has tried to connect out or start a browser it has been denied and shut down.
    It can also be set up to deny anything in the Sandbox from reading from or writing to the real system.
    The real problem is that many people who dismiss Sandboxie have never really probed very deep into its 'workings'. With just a little time and patience spent learning it really is very easy to use. No, its not the silver bullet but in my experience it comes very close to it.
    I will be very interested to see what the 'advanced sandbox' in Prevx 4.0 brings to the table.
     
  17. tobacco

    tobacco Frequent Poster

    Joined:
    Nov 7, 2005
    Posts:
    1,531
    Location:
    British Columbia
    TerryWood

    You can always checkout the free facebook offer of safeonline!!
     
  18. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    This wasn't intentional - the other aspect of issues here is that data can be injected from the outside operating system into the browser and if one wanted to be completely secure, they would have to sandbox every application which would eventually include malware which would likely still execute.

    Not sure if that clarifies anything or if I'm missing the point here but let me know if I'm misunderstanding!
     
  19. TerryWood

    TerryWood Registered Member

    Joined:
    Jan 14, 2006
    Posts:
    945
    Hi tobacco

    Thanks for your reply. I have a copy of the facebook Safeonline. That is why I made my post because although I am a user of Sandboxie I am trying to establish what will be the most robust solution.

    Some very knowledgeable Wilders posters rate Safeonline (kees195:cool: to name one, as do others rate Sandboxie. Some even rate both.

    However, the two won't work together so I have to make a choice. PreveXhelp's reply reflected vested interest or lack of knowledge of Sandboxie, this is why I am chipping away at getting info from various sources plus my own pot of knowledge

    Terry
     
  20. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,113
    Location:
    Sofa (left side)
    Sandboxie will not give you the sort of protection that SOL offers. Equally SOL won't do what Prevx does. They are complementary solutions, which is why I run my my main browser (Opera) always under SBIE and any secure sessions are run outside of SBIE using IE protected by SOL. This provides a 'best of both worlds' solution.
    Think of it this way - if you're running SBIE you're unlikely to get infected through normal activities. Your most likely route to infection is going to be either user error which SBIE didn't protect or through installation of software which should have been safe and trusted (and perhaps even went through Virustotal ok) but wasn't. Result: you're infected and you probably may not even know it. That is where SOL kicks in. Malware can have pretty much everything on my PC, but I do not want my security credentials stolen.

    So it's not a choice between the two, but rather the question over whether you want a last line of defense with SOL, when also using SBIE. If you're absolutely 100% certain that you will never ever make a mistake with your computer out side of SBIE or fall foul of a zero day unrelated to the sandboxed applications then you don't need SOL. If you're not 100% certain then you should weigh up the implications of your usernames/passwords being stolen versus the cost of SOL and make a judgement.
     
  21. MaxEntropy

    MaxEntropy Registered Member

    Joined:
    May 21, 2009
    Posts:
    101
    Location:
    UK
    Sandboxie's creator (tzuk) has pointed out that SafeOnline works with Sandboxie if you check the Accessibility option under Applications in the sandbox settings. However, this slightly weakens the sandbox.

    Personally, I use SafeOnline to protect unsandboxed browser sessions for online banking and use Sandboxie (set up to be as restrictive as possible) for general web surfing, where SafeOnline's protection isn't so important.
     
  22. tobacco

    tobacco Frequent Poster

    Joined:
    Nov 7, 2005
    Posts:
    1,531
    Location:
    British Columbia
    I think that is a very wise way of going about it.
     
  23. timestand

    timestand Former Poster

    Joined:
    May 7, 2010
    Posts:
    172
    why need safeonline. no need. just use browser that auto delete. so when open browser and close it alway auto delete. when want do banking very simple. Just open browser ok? Since auto deleted browser will be clean. Then go surf your bank site. Simple. Why need safeonline.
     
  24. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,029
    Location:
    Ontario, Canada
    You don't even know what you are talking about :rolleyes: go play where you are wanted or go back to your planet! All you do on Wilders Security Forums is argue with everyone and no one wants to listen to you!

    TH
     
    Last edited: Jun 6, 2010
  25. timestand

    timestand Former Poster

    Joined:
    May 7, 2010
    Posts:
    172
    i think you no understand what i saying. Very sad. And I no argue. Just say opinion. Ok? You very insult. I give opinion and also I say why. I no just say safeonline useless. Ok? If want use it then ok. I just say why no need it. Ok?
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.