Using Trusteer to enhance online-banking security

Topic

New Reply

	BRADLEY ON SECURITY Using Trusteer to enhance online-banking security
	By Susan Bradley With online-banking fraud on the rise, small businesses like mine need additional protection options. Trusteer Rapport software is one such option I’ve looked at recently, and it earns a thumbs-up.

---

The full text of this column is posted at windowssecrets.com/bradley-on-security/using-trusteer-to-enhance-online-banking-security/ (opens in a new window/tab).

Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.[/td]

[/tr][/tbl]

Reply | Quote

Replies

Is Trusteer any more effective than Keyscrambler? See http://www.qfxsoftware.com/ . Free version works with all major browsers, paid version works with most applications.

Reply | Quote

From Wikipedia [http://en.wikipedia.org/wiki/Trusteer%5D:

“In a presentation given at 44con in September 2011, bypassing Trusteer Rapport’s keylogger protection was shown to be relatively trivial.”

Reply | Quote

From Wikipedia [http://en.wikipedia.org/wiki/Trusteer%5D:

“In a presentation given at 44con in September 2011, bypassing Trusteer Rapport’s keylogger protection was shown to be relatively trivial.”

First off that is old smoldering news and – things change rapidly in the security sector of INFOSEC. I use Trusteer in my honeypot lab, and I don’t exactly call malware attempts to circumvent it trivial! Trusteer automatically updates to version that harden against attack; this is a kernel based solution, so malware will not have a trivial time circumventing it – especially if you use a good blended defense. Trusteer is only one aspect in a triad of good tools of security; you can not rely on one leg of any defensive plan.

I guarantee you will notice when Rapport is under attack. If you don’t – that is your fault not Trusteer’s. Also for those that complain Trusteer causes system instability – it has been my experience that if Rapport is unstable it is because MS updates are improperly installed – my position on this is that is MS’s fault. .NET is a mess, and constantly fails correct installation if one is not observant. Download Microsoft’s Security Analyzer to check if your updates are correctly installed.

Even better, simply contact Trusteer, and I guarantee you – you will see technicians way beyond the competency of those that work for Redmond, help you solve the problems. I have never had as good as service as I have had from Trusteer. It is free, because the banks and merchants pay for this great service. I prefer the free Ebay version of Rapport, because it seems to be the most trouble free, and has the full suit of protections. It protects you whether the bank or other site provides full service from the server side, or not. It is definitely better than nothing. I use the weekly console reports to check how well my defenses are protecting the browser from attack or just bad practices by web masters. I notice as I lock the system down with a good blended defense, the less attack notices I get from the Rapport console.

Reply | Quote

Is Trusteer any more effective than Keyscrambler? See http://www.qfxsoftware.com/ . Free version works with all major browsers, paid version works with most applications.

Have you ever had an answer to this ? Can not find it here in this thread ?

Reply | Quote

Keyscrambler is relatively weak in comparison to Trusteer’s Rapport; but they are working together now, and you might notice that when an SSL session is active, Keyscrambler is not responding, even though the systray icon is green. Win7 users mileage may vary. I”m using it on Vista x64. Trusteer can pass all the AKLT tests I’ve done using Rapport; Keyscrambler flunked the screen capture test and the video capture test, but did a good job over all, when non SSL sessions are in force. You need protection outside the SSL world too, so I recommend Keyscrambler in preventing leakage of your critical user IDs or other passwords done outside a secure socket layer environment. It is not uncommon to use passwords other than the internet access boundaries, and these are important too. Especially when you are entering your LastPass console password when not in such a session. This may apply to other password managers too!

Always assume you are compromised at all times; anti-virus/malware can only do so much. Buy the way – when installing Keyscrambler with Rapport on the machine, it will automatically detect this and pass security off onto Rapport, when it counts the most.

Reply | Quote

Thank you JCitizen , I will say you have really answered my ? and some others also . I agree on the Updates from Microsoft causing a lot of problems as usual and another thing I must say I don’t think myself there is enough interaction between Companies when it comes to supplying updates for each others programs and when code is wrong it is wrong . If Companies had some way of maintaining a closer relation in the engineering of all this mess it would be better for all . :rolleyes:

Keyscrambler may be week but it is at least better than none at all . I know there are several others out there but I can not see paying for something that should be provided for free as we all are consumers and this should be provided for our ongoing endeavor’s in helping the internet stay alive . More safety more happy users more cruising . 😎

Reply | Quote

Thank you JCitizen , I will say you have really answered my ? and some others also . I agree on the Updates from Microsoft causing a lot of problems as usual and another thing I must say I don’t think myself there is enough interaction between Companies when it comes to supplying updates for each others programs and when code is wrong it is wrong . If Companies had some way of maintaining a closer relation in the engineering of all this mess it would be better for all . :rolleyes:

Keyscrambler may be week but it is at least better than none at all . I know there are several others out there but I can not see paying for something that should be provided for free as we all are consumers and this should be provided for our ongoing endeavor’s in helping the internet stay alive . More safety more happy users more cruising . 😎

I agree that Keyscrambler is a good solution, as long as it is combined with a good blended defense. I also use Winpatrol as a HIPS to let me know if any new startup attempts by malware, like Zeus Trojans and trying to inject into the startup folder. CCleaner will also clean the startup environment and should be run as bare minimum before log off, restart, or shutdown. One thing I like about keyscrambler – it even obfuscates my keystrokes when I’m trying to do remote sessions with my clients. I actually like this because it makes it very difficult for a crook trying to take control of browser sessions or other nefarious deeds, in a remote attack. I have to have the client enter the information for me, or turn Keyscrambler off while I work. It may be harder to monitor Keyscrambler in Win7 or 8, but in XP and Vista, all you have to do is keep an eye on the systray icon, and make sure it is visible and in green condition when in a secure mode. Always keep aware of where and when the indicator window is at, and active while typing/entering information. IF malware are trying to attack Keyscrambler, this will be a tip off, as well as other noticeable side effects. Keyscrambler is now also a kernel based solution, so it will be noticed if malware are trying to defeat it.

Bear in mind that when Rapport takes over, you will not see the activity window to Keyscrambler, but the icon will be green – this is not an attack but just QFX handing off control to Rapport.

Reply | Quote

Having been sceptical of TR’s ability to block key loggers, I was interested in Miss Bradley’s test of its capabilities in this regard. Perhaps it has been updated recently as I had to remove it due to problems in this area.

Most evenings I log in to my bank to see if there have been any transactions, but this became increasingly difficult with TR. I would open FF, start the log in process, then wait and wait until the ‘Not Responding’ screen. It would take many attempts with Task Manager to close it down, and if I tried again there was always a message that FF was already open. I would then try I.E. with the same result, and finally installed Chrome, again with no luck. Rebooting normally produced a ‘FF already open’ response. I blamed all of this on Firefox.

Every Monday morning, soon after starting the PC there would be a weekly report from TR, which I rarely looked at that was not a good time for non essential tasks. But some weeks ago I had tried to access the bank Sunday evening, then again Monday w/o success, and decided to look at the report. There was the answer, a list of attempts to access Santander Bank blogged due to wrong URL. My bank is an online subsidiary of Santander, and clearly the URL has changed without TR being aware of it. Once TR was closed there were no further problems accessing the bank.

Perhaps I will give it another try, to see if matters have improved.

Also, it seems that the UK and US versions of Trusteer Rapport differ, as Miss Bradley states there is a list 200+ banks which work with Trusteer and I have never seen such a list, and I used it not only with the bank but also other finance related sites, such as stock-broker, spread betting firm, credit card company, etc.

Reply | Quote

Could it be you have a trojan attempting to modify your browser? Forgive me if I misunderstand your review of the logs.

Different banks order different features with Rapport when they deploy it to their customers. Anytime I have had a client with a problem on their bank site with the version of Rapport that was given them by that bank; I have generally solved the problem by calling their bank and inquiring if there are any issues present in the deployment. Once again, Trusteer’s troubleshooting teams are very competent at solving issues like these.

Most of my clients use Ebay’s version of Rapport downloaded from Ebay’s security division; they rarely have issues so far. I had trouble with Rapport when I first installed it on Vista x64, and although I didn’t ask Trusteer how they solved this, I assumed a lot of the problems were from 64 bit technology and the new NT standards of security on modern Windows versions. I never see slow downs using XP, so I have to wonder what is causing this for some of the posters here. I think some of my early problems were because I bought a custom CTO desktop cable ready media center computer. At that time MPAA was requiring that a lot of legal spyware be hard wired into such OEM products, and only a few OEMs were offering Vista x64 versions. These PCs have software and hardware DRM built into them from the Bios to the back-plane, and they can be very invasive even in the browser. So I am not surprised at all that I had early problems.

I haven’t had a problem for years now, and am a happy camper with my Rapport installation, and would feel naked without it. The only substitute for using Rapport in my best estimation, would be to use something like steady state(XP), or better on the hard drive to totally negate an infection on reboot. Using LiveCDs with something like puppy Linux is another good solution. I’ll stick with Rapport, though, thanks for your participation in the discussion! 🙂

Reply | Quote

Could it be you have a trojan attempting to modify your browser? Forgive me if I misunderstand your review of the logs.D

It could be, I suppose, but nothing but Trusteer appears to be affected. Also it does not happen every time I attempt to access the bank, perhaps 90%.

Last night I reactivated TR and it failed with all three browsers. After closing it down access to the bank was back to normal. I would remove it and reinstall, which often works when applications are misbehaving, except there is no way to uninstall.

Even closing it requires patience. There is a code one has to enter, but whichever key one enters something else appears on the screen, i.e. the first letter was N, but each time it came up as H. It was only after selecting 3 or 4 different codes – and I believe trying lower case rather than the correct upper case – that it worked. I recall having the same problem on the previous occasion that I closed it.

I have considered phoning the bank, but one has to wait ages to get through, and since the Spanish took over their level of competence has declined enormously, so there is little expectation of success.

As TR’s support has been commended in the responses to the original article, I may give it a try and hope for more success than experienced with other companies.

Reply | Quote

I agree that Keyscrambler is a good solution, as long as it is combined with a good blended defense. I also use Winpatrol as a HIPS to let me know if any new startup attempts by malware, like Zeus Trojans and trying to inject into the startup folder. CCleaner will also clean the startup environment and should be run as bare minimum before log off, restart, or shutdown. One thing I like about keyscrambler – it even obfuscates my keystrokes when I’m trying to do remote sessions with my clients. I actually like this because it makes it very difficult for a crook trying to take control of browser sessions or other nefarious deeds, in a remote attack. I have to have the client enter the information for me, or turn Keyscrambler off while I work. It may be harder to monitor Keyscrambler in Win7 or 8, but in XP and Vista, all you have to do is keep an eye on the systray icon, and make sure it is visible and in green condition when in a secure mode. Always keep aware of where and when the indicator window is at, and active while typing/entering information. IF malware are trying to attack Keyscrambler, this will be a tip off, as well as other noticeable side effects. Keyscrambler is now also a kernel based solution, so it will be noticed if malware are trying to defeat it.

Bear in mind that when Rapport takes over, you will not see the activity window to Keyscrambler, but the icon will be green – this is not an attack but just QFX handing off control to Rapport.

Man we are on the same page here . Use all the above plus many more not that I’m over secure or insecure or paranoid ! I do have an older system though , built it back in ’87 .

DFI Lanparty UT nf4 SLI-DR Venus*51*
BIOS 4/06/2006
AMD FX60 Toledo 1GHz HT 2x1MB L2 Cache
ZALMAN CNPS9700 110mm
7 Seagate ST3250410AS 250GB 16MB
1 Seagate ST3500620AS 500GB 16MB
1 Seagate ST305004FPA1E2-RK 500GB 16MB BKUP
G.SKILL 4GB(4x1GB)184-Pin DDR SDRAM DDR400(PC3200)
ABS TaganBZ900 ATX12V/ EPS12v 900WMod
SATA/ASUS 20X DVD+/-R Burner DRW-2014L1
Sony Model MPF920 Black Floppy
Thermaltake Super Tower (Armor) VA8000BWS
2-EVGA 320-P2-N811-AR GeForce 8800GTS 320MB GDDR3/SLI
Vista Ultimate 32 bit/Windows XP Pro 64/32 bit /Windows 7 64 bit/Windows 8 64 bit

Reply | Quote

Seems like Susan Bradley is not aware of the general user opinion that Trusteer Rapport causes more problems than it purports to solve, clogging up your PC worse than Norton and McAfee used to do several years ago. The general recommendation among (former) users whose opinions that I’ve read is – avoid.

BATcher

Plethora means a lot to me.

Reply | Quote

I have been using Trusteer for some time. Lately logging on to any HTTPS site became very slow (both FF and IE9) would just freeze up for 30 seconds. In some cases it froze completely and after that the only remedy was to reboot the machine 🙁

An Internet search suggested that the problem could be Trusteer and that it should be uninstalled, the latest version downloaded and installed again. That solved the problems completely.

Reply | Quote

Usually uninstall-reinstall does solve the problem. We release updates on a weekly basis for new browser versions and malwares and sometimes the automatic update is not quick enough.

Reply | Quote

Hi all,

Bundaburra- here is a bit info about our protection mechanisms- http://www.trusteer.com/support/how-exactly-does-rapport-protect-me

melvynm- the specific bypass described in the video is no longer possible, Rapport’s new version does not allow it.
Trusteer and the banks we work with are constantly testing Rapport against financial malware to make sure it provides the most effective protection possible. We strongly encourage members of the security community to test Trusteer Rapport against financial malware.
The strength of Trusteer Rapport is in its ability to detect, block, and remove financial malware as demonstrated by this report: http://www.trusteer.com/sites/default/files/Mandiant.pdf.
The Register had a piece about it as well- http://www.theregister.co.uk/2011/10/11/trusteer_rapport_security_bypass/
If you can find financial malware that successfully operate on a Rapport protected machine please let us know – publicly or privately. We offer money rewards for anyone who can provide us with a sample of a live financial malware “in the wild” that successfully operates on a Rapport protected machine.
If you wish to continue this discussion- here or privately, we would be happy to do so.

BATcher- Rapport should not cause problems (and more than 99% of users don’t experience them) but when it does our 24/7 support center is happy to help.

getrritvn- usually uninstall-reinstall does solve the problem. We release updates on a weekly basis for new browser versions and malwares but sometimes the automatic update is not quick enough.

For more info or support feel free to contact our support- https://www.trusteer.com/support/report-problem

Regards,
Alex Man
Trusteer Technical Support

Reply | Quote

The Register had a piece about it as well- http://www.theregister.co.uk/2011/10/11/trusteer_rapport_security_bypass/

Yes, it did – but did you read the later comments that were left at the end of the article?

BATcher

Plethora means a lot to me.

Reply | Quote

Thanks for this useful article and the various responses. I agree that Rapport is good in principle. But it’s also true that it poses some problems for Windows users, though not the kind of resource-hogging older anti-virus packages used to cause.
* On two occasions, months apart, it caused various blue screens on my PC. Each time the cause was chased to Rapport and I followed their advice to disable ‘Cerberus’, one of the Rapport components. Some days later they updated the program and I could fully re-enable it.
* On several occasions it conflicts with or fails to work correctly with new versions of Firefox
* On several occasions it runs but does not correctly protect the bank websites I use (and which are listed as protected by Rapport): the Rapport icon does not turn green when I access the sites and it reports that it is not actively protecting them.

To their great credit, the Rapport tech support people are very diligent and patient, on one occasion spending well over an hour online to make changes to the Rapport setup on my PC (which they can control remotely via LogMeIn –a process I find slightly scary), and eventually the problems are sorted out.

However, I think using Rapport is a bit of a mixed blessing and certainly it would help if they could update the product more regularly to cope with browser changes and updates.

Reply | Quote

Alright- I read the article….went to the website and can find no place to DL or evaluate this product….I am not a neophyte but lost in this case.

Al

Reply | Quote

Alright- I read the article….went to the website and can find no place to DL or evaluate this product….I am not a neophyte but lost in this case.

Although there’s no apparent download link from the Rapport product page, and their “Site Map” is totally useless, clicking “BANK CUSTOMERS CLICK HERE” at the top goes to;

http://www.trusteer.com/download-trusteer-rapport

(It used to be the case that you could only download it from your bank.)

Bruce

Reply | Quote

@ TrusteerSupport — It’s great to see a response from a representative of Trusteer itself. This was useful in answering technical and end-user types of questions. So now we have the answers directly from the source. It’s not often in these forums that the Company itself will directly respond to our concerns. Many thanks for this!

-- rc primak

Reply | Quote

To BATcher – read the stories of the fraudulent activity going on in online banking. I too heard all of the stories of the issues, but that was then and I gave it a good workout now. I went in as a total doubting Thomas and skeptic. I came out giving it a fresh look which is what this review is all about. I have it running without issues on several machines.

Reply | Quote

From what I’ve seen and read, you are very fortunate! Chacun à son goût…

BATcher

Plethora means a lot to me.

Reply | Quote

I previously used Trusteer Rapport on Windows 7. Today I decided to give it a try on Windows 8.

I was about to post that perhaps more recent versions were more reliable, so I tried to open Rapport Console to check the version number. All I got was an icon on the task bar and no window would appear whatever I did; the application task could not be killed with task manager no matter how many times I tried. So I’m stuck with a useless icon on the task bar until I reboot or log off/on, which is a first for me on Windows 8.

So perhaps recent versions are not more reliable? (I’d already noticed a problem where Rapport’s “check protection” window was displayed partly off the side of the screen.)

Bruce

Reply | Quote

I’ve serviced a few business computers which were using Trusteer. These systems were what we’d all consider underpowered…XP with 1GB and loads of apps installed…and Trusteer was a big resource consumer. (how’s that for being politically correct? lol)

Can’t blame Trusteer for that, but convincing a small business to join the current decade with a standard Win 7 system is often tough.

Reply | Quote

I have used Trusteer and worked fine most of the time but sometimes played around with my keyboard entries with different keyed in entries other than what was typed so have uninstalled for now but I’m not really sure if it was my installation of the software as I did install and reinstalled several times worked for a while then would revert right back to invalid keyed in entries but there again too I also use another installed Key logging software called Key Scrambler and have used it for several yrs now and seems to work great but unsure if I am being totally protected on web sites as I have not downloaded and installed the Spector software as I have no need to shell out $100.00 for a test of my key stroke activity but maybe I should . At times I have the same problems with the Key Scrambler software also with the invalid keyed in entries so I may have a key board problem and that is something else I should probably check out .

Reply | Quote

The AKLT test software is industry wide accepted as a good test medium for anti-keylogger software; but understandably, your anti-virus/malware may pop an alert to try blocking it when you install. It is an open source freeware, but beware where you get it, of course.

Needless to say, I would not keep AKLT on your computer any longer than you need to test with it. After all, the criminals can use it to further their own dastardly deeds as well.

Reply | Quote

georgelee; I can see that you definitely have a problem with Rapport when you describe your effort to use the console password for uninstall and can’t complete it. It would probably be more successful to get direct help from Trusteer; but they will of course need some preliminary information, which you can provide on the form in the link I provide below.

http://www.trusteer.com/support/submit-ticket

There is a cleanup tool, but for obvious reasons, Trusteer will only provide that to you during a maintenance session. Search engines will point you to all kinds of ways to uninstall, disable, or delete files to Rapport, but I would not try any of these badly advised methods. I do know you need a clean machine to successfully install Rapport in the first place. No security solution can be expected to operate correctly if malware are manipulating the install process. I am not saying this is evident in your case, of course.

If you scroll down the page in the link I provided, you will see an entry form for the trouble ticket, and the information entered will help the team tremendously to come up with a plan of attack for the problem. I would watch your email closely after submitting this form, because they typically get back to you very quickly after submission.

Anyway – That was the experience I had after Trusteer went to a x64 bit version. This was some time ago, but I have no reason to suspect the service is not still very exemplary. Readers who post on Krebs on Security.com, still report good experience to Brian Krebs on the use and experience with Trusteer’s solution.

Reply | Quote

Readers who post on Krebs on Security.com, still report good experience to Brian Krebs on the use and experience with Trusteer’s solution.

I hope I’m not being cynical, but as far as I can tell Krebs’ last blog on the subject of Trusteer Rapport was nearly three years ago, and one of the readers who posts encouragingly and often appears to be a certain JCitizen. Could there be any connection? :o:

BATcher

Plethora means a lot to me.

Reply | Quote

@BATcher; Yes, you are correct – that is me, the same person. I was a victim of a cracker who bought command and control space at a criminal server site when a vendor of mine was compromised. I have been an advocate of IT security every since. I am not a paid shill of any company – in fact I am disabled and totally independent – but I hate online crime, and have dedicated my life to making their criminal pursuits as pointless and unprofitable as I can.

I have personally tested Rapport in a honey pot environment, and it is the only solution like it that stands up to my tests. It has become harder to find zero day threats to do my tests – though – but maintaining a junk spam email account has refreshed my supply of attack vectors. Things have been rather boring lately, though – my blended defense has become very difficult for typical malware to foil. I keep trying though.

I get my real enjoyment helping indigent clients with their computer security problems. I used to build old computers for folks who didn’t have a lot of money, so they could go online for their children’s education. Anymore – now days, these folks seem to be able to snag their own machines, that are more modern; so I now concentrate on INFOSEC. I take the same gamble on free ware that they do so I can trip the minefields for experience on what to do in a disaster recovery. It is very rewarding for me.

I think Brian has not followed up on anything about Trusteer for a while, because really nothing has radically changed in their business plan. Also, they advertise on his site, and he does not like appearing as a shill for Trusteer. He is always ready to simply advocate for LiveCDs and other best practices for online security. My clients refuse to do best practice however, so I continually try to find solutions that don’t require them to put out any huge effort, and I do the hard stuff for them, when necessary. Most of them have no problems and have become quite independent from my services. This is the ideal goal for me.

Reply | Quote

GREAT JOB ! I am always out for the good guy and will always be on your side as long as your out for banging bad guys .

Spent two tours in Nam, well on the other side of the river to be exact . Cambodia a place where we weren’t supposed to be. Managed to leave there with
all fingers and toes . Sorry to hear your disabled . I hope it’s not total .

SEMPIR-FI
USMC
1970-1974

Reply | Quote

Thank you for your service!! – I tried to volunteer for the Marines in Viet Nam but my parents would not let me go. I was big enough and tough enough, but I really regret missing that opportunity! I got out after Desert Storm; I’m pretty healthy for a cripple! HA! I love my work! 😀

Reply | Quote

Thanks JCitizen for all your kind words 🙂

Just to make that clear- Rapport can be uninstalled if it was installed properly on a clean machine, otherwise our uninstall tool will do the job. Our support center is working 24/7 and can handle chats, emails, phone calls (specific banks) and web sessions if needed. We try hard to reply fast and most of the time we succeed.

It’s good to hear you enjoy our product and it works fine for you. Great hobby you got there, playing around with malwares, that’s really cool. Well, for us it seems cool 🙂

Sometimes our anti key-logging feature gets a bit messed up and then what georgelee describes happens. In that case it’s better to contact us via chat.

Regards,
Alex Man
Trusteer Technical Support

Reply | Quote

Thanks Alex! And I appreciate the tips for using chat – I neglected to notice that last time I was on the site.:o I will encourage any clients who may inquire about that; but fortunately they have very little trouble with Trusteer’s venerable utility.

Reply | Quote

Recent word has it that Rapport itself is vulnerable to being turned off: http://www.theregister.co.uk/2013/08/06/trusteer_pushes_updates_after_cybercrook_brew_up_browser_lockdown_exploit/

Reply | Quote

Thanks for the heads up satrow. I must say that many of the comments on that Register article seem very ignorant on security issues, but then the Register readers are a very reactionary lot. I am in contact with Trusteer on the update issue with this “thugware”. I will try to return with their answer, I need to go to an appointment, and will revisit this issue.

Reply | Quote

This vulnerability was for a previous version and they are already at version 1208.44. Trusteer is constantly updating Rapport to attempt to keep up with or stay ahead of the criminals. As far as the original problem, this is the answer I got today.

“This vulnerability has no impact on Rapport’s ability to block financial malware like Zeus, KINS, Carberp, Gozi, Tilon and Citadel as Rapport uses additional mechanisms. Additionally, no action is required from any Rapport users.”

Since Rapport has passed every test I’ve given it in the lab, and my honeypot tests – I have to at least give Trusteer the benefit of the doubt. They are going at the vexing problem of zero day threats by developing technology that can operate in an infected environment. Since their solution is kernel based it is very difficult for criminal malware code to subvert their protections. I’m not saying that a trojan backdoor in your boot sector cannot make life pretty miserable for folks; but then that is what a blended defense if for. So far – no zero day threat has been able to break my defenses. It is actually getting hard to find these malcode samples. Right now we are having better luck getting them from junk email accounts with infected spam in them. Web-site threats have become very difficult to find for virulent attack samples. Even the IE-9 thru 10 browser defeats about 85% of the attack URLs that we pull from. The crooks seem to be switching to spam emails and/or spear fishing to gain targets now.

Reply | Quote

Yes, that ties in with the first part of the El Reg article, however it goes on to quote Komarov thus:

“It is still unpatched, we can create a similar video on the actual [current] version of Rapport, where the bypass will be still working,” he told El Reg. “Because of leakage of source codes of SpyEye and Carberp, there are already some recompiled copies which use this exploit to bypass its security.”

Any idea of what % of Trusteer users are using the latest, patched, version?

Reply | Quote

It auto updates with no user intervention, even if they are operating as a limited account. Any user who is connected to the internet, and the machine is on, will get the update, much like most anti-virus products do. The affected version, 1208.41, was several version numbers past; as I stated previously the new one is 1208.44.

Reply | Quote

That reads like a company answer, bypassing the actual question asked.

Reply | Quote

Sorry satrow – I don’t work for Trusteer, so wouldn’t have the data – Most of my clients are nearly indigent; but if Rapport is giving them fits, and they want rid of it – I advise them to stop doing online business; that way they have nothing to lose.

Brian Krebs said it best when he says that if you just have to do business on the web with your personal financial data, do it on a dedicated PC with a Linux LiveCD. I recommend the same thing if they will let me set it up for them – all but one has opted for Rapport. So far everyone of my SMB business clients has refused some very good protection offered by Microsoft’s Steady State, and even some very economical drive protection that is superior to that free option. It is really just a balancing act between how much you have to lose, and the opportunity costs that come with the alternatives. I’m not a very good salesman, so I just let them pick their druthers.

Reply | Quote

I too, recommend the Live CD method, it’s a shame that most users choose convenience over security. I was also unimpressed when MS pulled Steady State, instead offering a very long-winded and complex-looking ‘alternative’ to it that no regular user would be likely to entertain.

Reply | Quote