29
Apr 10

A Closer Look at Rapport from Trusteer

facebooktwittergoogle_plusredditpinterestlinkedinmail

A number of readers recently have written in to say their banks  have urged customers to install a security program called Rapport as a way to protect their online bank accounts from fraud. The readers who pinged me all said they didn’t know much about this product, and did I recommend installing it? Since it has been almost two years since I last reviewed the software, I thought it might be useful to touch base with its creators to see how this program has kept pace with the latest threats.

The basics elements of Rapport – designed by a company called Trusteer — haven’t changed much. As I wrote in May 2008, the software works by assuming control over the application programming interfaces or APIs in Windows, the set of tools which allow software developers to create programs that interact with key Windows functionalities.

From that 2008 piece:

“Some of today’s nastiest data-stealing malware works by hijacking these Windows APIs. For example, keyloggers simply hijack or ‘hook’ the Windows API that handles the transmission of data from user interfaces, such as the keyboard and mouse. A more advanced type of malware – known as a ‘form grabber’ – hijacks the ‘WinInet‘ API – which sets up the SSL (think https://) transaction between the user’s browser and the encrypted Web site. By hijacking this API, a form grabber can rip out usernames and passwords even when the user is submitting them into a site that encrypts the data during transmission because it grabs that information at the lower level of the operating system, before it is encrypted.

Trusteer’s software examines these and other vital Windows APIs to see if any other process is trying to intercept sensitive data. It then blocks those that do.”

I spoke last week with Trusteer CEO Mickey Boodaei about his company’s software, how it has changed over the years, and what’s new about it.

BK: A lot of customers are being asked to download the software and don’t know much about Trusteer or Rapport. One customer wrote in banked at BBVA, and another was with Fifth Third. Both banks very recently had multiple customers lose hundreds of thousands of dollars to the sort of online banking fraud I’ve been writing about lately.

MB: Well, the more press coverage we get, the more it will help build familiarity with our brand among consumers.

BK: Since we last talked, you were working with just a handful of banks — such as ING. Can you talk about how the business has grown and who you’re partnering with now?

MB: Over the last year in the U.S., we’ve been seeing a significant change in the amount of interest we’re getting from banks, especially around business banking. It looks like banks are getting really worried about it, as many have seen fairly significant fraud losses. Right now in North America we have around 50 banks using our technology, and few others in the United Kingdom.

Read on after the jump for my thoughts on this software, and a discussion of some of the malware that specifically targets Rapport.

BK: So in a nutshell, what does your company do for the banks you work with?

MB: Each bank we sign, we’re analyzing older fraud incidents and finding which malware variants are attacking them and their customers. We then make sure we have multi-layers of protection on the server side that can address these threats.

BK: Are you working with any banks that are making your software mandatory as a prerequisite for online banking?

MB: We do have a couple of banks that have recently signed and plan to make it mandatory for business banking.

BK: Can you say which ones?

MB: Not right now. They’re not big banks, each has about 5,000 to 10,000 business customers. So we’ll kind of experiment with that. But currently we’re not recommending our customers to make it mandatory.

BK: Why not?

MB: Well based on how it goes with these two banks, we may change our approach. The main reason is that we don’t want this to be perceived as something that is being forced on customers. That generates a negative vibe with customers and we really don’t want that. We want to push banks to educate their customers about the problem.

BK: I noticed there were several recent malware samples that attack or disable Rapport. Did you think your software would become a target at some point?

MB: Definitely, that was one of the key assumptions we had: That if we are successful from blocking malware from committing fraud, we’ll become a serious target for criminals. We are seeing targeted attacks coming from serious organized crime that are trying very hard to find ways around our solution.

BK: If I install Rapport and bank at an institution that also uses it on their end, what can I expect?

MB: Our software integrates into the bank’s site and communicates with the [Rapport] software installed on customer machines, and the two of them can work together so that the bank can effectively measure what the software does on the customer’s desktop. Whenever the customer logs into the bank’s site, the bank knows whether Rapport is there, whether it’s up to date, whether its been attacked or compromised.

BK: So your software ships updates, sort of like an anti-virus solution?

MB: We’re basically pushing updates almost on a weekly basis. These are not signature updates, but updates to our security mechanisms to the way the product works.

BK: So you’re fairly confident your software can detect and block most of the attacks we’re seeing from things like the ZeuS Trojan and other sophisticated threats?

MB: With ZeuS we have multiple layers of protection. Obviously, the core technology is to prevent ZeuS from entering the browser in the first place. On top of that, we’ve added a few layers of protection in the last couple of years, so that we prevent ZeuS from being downloaded to the customers’ machines, and we prevent the installation of ZeuS.

But take a look at the main solutions out there to combat these threats — anti-virus software. The detection for things like [the latest, most advanced versions] of ZeuS by anti-virus software dropped from like 50 percent to close to zero, because the [ZeuS author] changed everything so that even after it’s installed, it looks completely different from one computer to another.

That said, our software is not a silver bullet to anything. It’s not going to solve all the problems that the banks and industry have. But we do believe that it adds real value, especially when integrated into a bank’s bigger fraud detection mechanisms.

ANALYSIS

Trusteer’s product certainly raises the bar for malware writers, and forces them to deploy Rapport-specific attacks to plant malicious software on a user’s PC. Spanish security firm S21sec said recently it had confirmed in lab tests “that ZeuS cannot grab any data in a machine where this software is installed. Unfortunately, the ZeuS guys haven’t just been lazing around; in one of the latest samples of of the Trojan, we have seen how ZeuS, right after infecting a computer, downloads and executes a second file whose purpose is to render useless this software.”

Nevertheless, I think Rapport would be a decent, low-impact addition to the security of any PC user banking online with Windows. But I’m a bit on the fence about recommending this for businesses, mainly because companies that lose money due to stolen online banking credentials are almost always on the hook for those losses. Increasingly, though, victimized businesses end up suing their banks to recover some of the losses, usually arguing that their banks should have done more to detect the fraud.

In these cases, a critical legal question that often arises is whether the thieves compromised the customer’s system or that of the bank’s. I mention this because Trusteer recently built a new component into Rapport called Flashlight, which tries to give partner banks the ability to remotely check to see if their customers’ systems are infected with malicious software. Whether the banks will proactively use that feature to stop online banking fraud is unclear, but such a feature would make it tougher for small and mid-sized businesses that lose money to online bank fraud to claim that their computers weren’t the sole cause of the loss.

Small to mid-sized businesses probably would do better to rely on a Live CD approach on PCs used for online banking. More information on this method is available here and here.

Tags: , , ,

121 comments

  1. BOA suggested I download this, I checked it out and then gave it a try. I have both IE and Firefox4 on my PC (only because the wife likes IE, don’t know why). Rapport worked OK with IE but not with FF. Returned to site and found a download just for FF4. Downloaded and everything was fine for a time, then browser crashed, OS crashed, other programs were slow or didn’t open, nothing but problems. Uninstalled and all problems disappeared. Emailed BOA to complain. This software is not ready for the big time, IMHO, unless you are running IE perhaps.

    BTW other blog sites have had people log on that have been accused of working for Trusteer and I think this may be true of one of the above posters.

    • Not me Onsale241;

      I’m independent and not holding allegiance to anyone. I just hate web-criminals, and will do or say anything to thwart their mission.

      You will also see me on CNET and other forums doing the same thing. I camp on user reviews for good freeware, and try to help folks who have trouble with their software, it has been my experience by and large that people always try these kind of security solutions AFTER they are already pwned. You cannot expect anything to work on a PC that is already compromised. I am not suggesting you PC is – BTW

      I don’t have anyone using Rapport on Win7, so for all I know, it could have real problems on that OS. Recent history shows that many of my clients have hosed their brand new machines just updating to SP1; so my next statement would be, ” how would one know for sure what caused my PC to crash?” Any number of things in the last month could have caused the problem. This is why I see so many folks reinstalling Vista and Win7 to solve problems. It seems neither of them can work for long without total reinstall because of sloppy work from Redmond. I got IE 9 tonight – for Vista – and now my update explorer box crashes every time I start it. IE9 is running fine, but the updater is hosed.

      I’m not ready to blame anything on the security software, because I’ve seen too many system units get hosed by Windows Update with NO security on the machine, and these were all fresh PCs that had just gone on the web. They could not have received malware in the conventional manner, they hadn’t even gone online with their browser yet.

      It is pretty hard for me to blame anything on Rapport at this point because of super sloppy work from Redmond. I’m not a MS hater, I’m just a realist. I cannot do the things I do without Microsoft, I’ve checked. Nobody else has the multiple capabilities that modern 64bit operating systems from Microsoft bring to the table.

      I’ve reinstalled my OS four times, and that is enough! I made Microsoft spend 7 hours fixing the last crappy update, and now I’m going to contact them again. I think it is time Microsoft spent some of their blood and treasure for wasting my time!

  2. I installed Rapport from bofa.com site, and later all Adobe Shockwave are crashed with errors from my Chrome browser. This is NOT a fully tested security software!!! Now, I have removed.

    • Dear Philip;

      Did you even bother to allow Adobe Shockwave in your Rapport console? Of course I assume bofa.com is a legit banking or merchant site.

      I must admit, I haven’t needed Shockwave since the turn of the century.

      If it were me, I’d figure Rapport is more important, or at least I’d stop using the PC for banking and shopping.

  3. My Canadian bank is inviting me to install Trusteer’s RAPPORT but, having read all of the above, I’m now reluctant to do so. Recently, I bought a new HP computer with Windows 7 and Office 2010 and I use IE8 and MS Security Essentials which I manually update first thing each morning. When I go to my bank’s site to sign on the URL address line acquires a pale green background and a second side box appears, also in pale green with a padlock, from ENTRUST which assures me that I have connected with the bank’s authentic site. What else, if anything, it does, I do not know. And I do not know how ENTRUST came to be there. Did it come with MS Security Essentials? Obviously it did NOT come from my bank. I don’t know what to do. Leave well enough alone, on the assumption that ENTRUST is enough or replace it with Trusteer’s RAPPORT. At times like this (and at many other times), I wish I had bought an Apple computer.

  4. This last comment from rd3 prompted me to ask about macs, and in particular, about smartphone banking apps, such as on an iPhone. Is the cell network any different than internet connection? I would imagine the smartphone apps are just as vulnerable as browsers are. Any thoughts?

    • All smartphone OS have been cracked in at least the last year. The bad part of this, is that it is extending the popularity of those platforms into PC operating systems that traditionally had few enemies. Because of this you got to ask yourself – Do I really want to connect my smartphone to my Unix based system?

      I say Unix because this covers a LOT of ground; OSX is based on its Unix 3 standard, Linux uses Unix as a base code, I wonder when someone is going to come out with a BSD based smart phone? I really don’t know. Probably licensing difficulties there.

  5. rd3: Entrust is a company that provides 3rd party digital certificates. The green padlock with Entrust’s name means that the browser has verified that the certificate that your bank is presenting is legitimate as verified by the third party (Entrust.)

    I think the point of this software is that there are ways around the usual SSL security (i.e. the padlock / green bar / whatever) that this is supposed to protect against. Whether it does or not is the point of debate.

  6. Avoid Rapport at all costs.
    We bought our PC brand new at the end of ’09 and had absolutely no issues whatsoever until we downloaded Rapport. Everything went haywire – non-Microsoft programs as well as Windows. We could barely get to the uninstall menu. All was fine again once it was finally removed.
    This program was launched was too early. They may have beat several competitors to the market who had a similar idea, but they nullified their efforts by doing it with a completely inferior product.

    • I don’t doubt your word Adam – many have reported problems on Brian’s discussions. I can only tell you that on my Vista x64 installation, the only problems I’ve had were either my fault or Rapport broke because of a Microsoft update.

      Uninstalling Rapport with their cleanup tool and re-installing from a clean boot fixed that problem for me. Everything has also worked smoothly for my clients on Win7 and XP so far.

      • Looking at feedback on various sites across the net, it’s clear that your positive experience with Rapport is quite an anomaly.

        • I think it is well known that the squeaky wheel is always most heard. I see the same thing on Amazon and CNET user reviews; there will always be a lot of down rating by the complainers, but the 100,000 users that don’t have a problem never bother to post a review.

          I think we all know that. This can be true with good software as well as powerful revolutionary products. If you mishandle a bazooka, you might get burnt. As far as that goes, how do I know if criminals aren’t the ones posting the negative information in a large number of those reviews; we have all seen that too.

  7. Yet using Soluto with Rapport created a strange low booting time … is it soluto or Rapport i dunno but one thing is sure… With the high complexity of everything right now companies will have to put more time testing their software interaction with others softwares a little more…

    Hope they fix windows 7 sp1 64 bit and .net 1,2,3,4 etc.. sp1 installing mess. Fix the basic, put it ultra stable in one package that will reinstall over current win 7 configurations whitout loosing anything while scanning for rootkit, virus, trojan etc… and offer a new version of MSE that protect everything until somebody decide what product he would like to use for protecting kernel and files…

    • For sure Alex on the Win7 problems! I’ve seen brand new Dell computers completely hosed by the new updates. SP1 has been one big headache for both my HP and Dell clients.

      Oddly enough, by Vista x64 .NET problems didn’t go away until Secunia PSI noticed I didn’t have the latest update. So much for the vaunted Windows Update!!!!

      • I have seen my customers experience minor issues with Win 7 sp1, but nothing like the mess left behind by Rapport.
        I’m glad we all concur that these companies need to spend more time in beta before they go to launch.

  8. I am not sure if it is just a coincidence or not. I just downloaded the software when I log in my BOA account last night. This morning my email was attacked and the person sent a scheme email to all my contacts and asked for help. And also all my saved emails and contacts were deleted. Now I have empty email box.

    • Hi Susan,
      This is one of several issues that end users encounter after installing Rapport. Several other forums reporting identical issues reaffirm the validity of the experience you encountered.
      Uninstalling Rapport and running a sweep with your antivirus software should be sufficient.
      JCitizen knows the software and is a good resource as well for assistance with hacks related to Rapport installs.

    • Dear Susan;

      I have seen – but very rarely – retribution caused by criminals, that code their malware to be aware of any security installations, and induce worm like activity such as that described by you. On at least one occasion, the activity looked like a frustrated criminal that was previously using RDP to remote in and cause problems for the client.

      In each case they were new clients that didn’t have much defense on the machine and only downloaded Rapport because their bank or merchant recommended it. I feel many of the problems attributed to Rapport are because of malware already resident on the machine, or a new Microsoft Update that broke an unsupported version of Rapport. Trusteer tries to keep ahead of these update issues, but not all merchants offer fully supported versions of Rapport, so consequently they don’t get the automatic updates for Rapport, and disaster strikes during an operating system update.

      I get my version of Rapport from Ebay, and it stays very well updated, and so far – issue free.

  9. I had problems with Rapport a while ago but it now runs smoothly on Firefox 4. (I have had to disable Firefox 4 hardware acceleration but AFAIK this is unrelated to Rapport.)

    I found the information in the article here helpful – now I know what Rapport is doing I want to keep it!

    • Yes, right now Rapport is inoperative in Firefox 5.0.1, and Chrome, but working fine for IE9. This on Vista x64. With everything in flux right now, and no HTML5 standard, I imagine the developers everywhere got their work cutout for them!

  10. I’ve used report for a couple of years, have never had an issue resulting directly from Rapport. You select the sites it monitors and the sites it does not ~ it provides a detailed report of it’s activity. I only use it with sensitive password sites where there is risk if the information is stolen.
    Use it successfully with IE and FF. So, if someone were to ask me I would recommend the product.

  11. I recently installed this software on two machines and immediately my browser (IE9) started to crash. I did a quick lookup of the issue on Trusteer’s site and found a help document that explained my antivirus software (eEye Blink) was conflicting with Rapport. The solution they provided was to disable one of the security features of the Rapport software and my problems went away.

    I am very impressed with this solution so far.

    • Very interesting Gregg; Thanks for that post!

      If I may be so bold – AV Comparatives doesn’t even list eEye as a contender in their tests. I wonder if this software is too new? I seem to remember reading about it, perhaps even on this site, but I got to ask myself if it is a better – proven solution or not? I like Prevx, but it conflicts with Rapport, and I consider Rapport more important that Prevx, as I can use other AV solutions that a rated higher by many independent labs.

      Perhaps this is what one should be asking one’s self – which is more important, or has greater priority? I have to do this all the time in my personal test lab. The mix of solutions in an in-depth defense can make all the difference in the world.

  12. I came across your excellent web site after scouring forums regarding this software.

    I run my own computer repair and maintenance company and I get asked quite frequently about Rapport. My own personal take on this software is do not install it at any price!

    My first experience with this software was that it slowed a clients PC down to a crawl. When I tried to uninstall it I couldn’t. At that point, alarm bells definitely started ringing!

    There are a number of what I would class as serious issues surrounding this software as follows:

    This software radically slows down computers running less than 1GB of RAM. No bank appears to state this.

    It constantly runs in the background without the customers knowledge. Customers assume this product only runs when they are logged in to their bank account. No bank appears to state this or give a reason why it is necessary.

    This software cannot easily be removed through normal means, i.e. Add/Remove Programs or Progams & Features. The newer versions only allow you to “shut down” the software and remnants are left on the clients computer after removal. This suggests that the software is still present. No bank appears to state this.

    All of the above can be classed as VIRUS ACIVITY.

    What I find seriously disturbing :

    This company seem to have appeared from nowhere and most of the major banks are suddenly plugging it like it was the cure for cancer. In my opinion, anything that’s offered “free” from a bank should be treated with utmost caution.

    Talk of this software being mandatory is utter nonsense and the fact that it may be able to remotely search a clients PC for viruses is a total breach of privacy and possibly a criminal act if it is done without the customers consent or knowledge! Even if they give consent, this should ring those alarm bells very loudly with any sane, rational and intelligent human being!!

    I have suspected all along that this software may be used as a big stick to beat the banks customers with. In other words, if they did not download it then the onus of responsibilty would land with the customer thus exonerating the banks from having to pay out if any fraudulent activity was found on their account.

    Let’s not lose sight of what we are talking of here. A banks primary function is to offer a “safe house” for peoples money. Security is and always will be the responsibilty of the banks. As long as a customer can prove they are running legitimate anti-virus software, there should be no talk of mandatory usage, otherwise it’s like saying that any other a-v software is a waste of money and not up to the job!?

    With the publics attitude towards banks at an all time low and getting lower, I see this as just another nail in their proverbial coffins.

    I will continue to distrust Trusteer Rapport and recommend my clients not to install it on their PC’s unless Trusteer and the banks can provide a public written legal statement to say that none of the above will ever apply.

    Please let me know if you see one.

    • Good post Jonathan H;

      Good points of argument Jonathan; and arguments well taken. However, my clients are increasingly being pwned by malware that is unidentifiable. We reload the operating system, and the symptoms reappear within days. The clients are re-acquiring the malware despite being careful about where they go on the web, and removing java, and disabling flash. They refuse to use LiveCDs, despite my serious sales pitch.

      For some reason this has become common among clients with OEM computers. I am beginning to suspect some kind of factory built in malware, that lays dormant for a few days and then activates. I have had some of the best AV companies and Microsoft investigate, and they have all given up and Microsoft sends new operating system disks to the client, to circumvent the OEM recovery files. Some folks I’ve seen referenced on forums are actually receiving new hard drives from Microsoft!! MS may be willing to take the blame, but I still suspect a criminal influence inside the OEM vendor belt in the Asian Rim nations.

      One of my clients is using Darik’s Boot and Nuke; and is to receive a new disk from MS in the next few days. Now because of this disturbing trend among my new Windows 7 clients, I have to ask my self, “Who do you trust?” Fact is you can’t trust anybody now. So out of pure frustration, I’ve begun installing tools that work in an infected environment. Rapport is the only one of its kind, and if it had a true competitor, I would try it, I assure you. You have to trust somebody, because there is really no recourse.

      Why would you continue on any other course, if the client resists? I will admit, I’m a poor salesman, or I’d get more folks on LiveCDs; but I just have to operate within client permissions. All of my clients like Rapport, but then we install it on a fresh factory default installation. You cannot expect any solution to work on a previously infected environment. Even then, we do a clean boot before installation, and we use either the banks version, or a trusted merchant(trusted by client).

      You do not indicate whether you ever contacted Trusteer to alleviate the problems you were encountering. Giving up is not a solution to me, working with the Trusteer technicians is. In my experience the technicians at Trusteer are better than Level 3 support at Microsoft. This is all free to the client, so where’s the beef?

      My opinion is that a security minded technician has to have the attitude of a junk yard dog for his clients. I work doggedly for them, and don’t ever give up on finding and implementing the best solutions that can be found and offered. And remember, I have to work inside their parameters – Trusteer is still inside that fence for I and my clients.

      • You hit on several excellent points here, sir. Thank you for caring enough to take the time to not only post, but articulate those facts in clear and concise points that everyone should take an extremely close look at.
        Be suspect of a reply post from JCitizen. You could post that you installed it and your computer subsequently crashed and burned, and he’d come up with an elaborate explanation dismissing how it could possibly be an issue with Rapport.
        He defends Rapport to the death. Possibly working at Rapport in PR as an Evangelist (we had one at one of the dot commers I worked at).

        • Dear Adam;

          I’m a totally disabled individual who is working without income to avoid violating my disability rights.

          I work for the poor, the indigent, and SMBs on a very strict budget. Out here in the dessert, folks can just barely get by. I do this without pay, because I hate criminal activity, and it keeps my skills sharp in the case that I may get a job through ticket-to-work. That is the stark truth of my world.

          Who do you work for?

          • I work in municipal services for the county of Santa Barbara.
            I had been in IT for several years and in different roles, but grew tired of being tied to my desk and needed to get out and enjoy the weather.
            Although your posts are suspect, I apologize for what I said if it is erroneous.
            Take care.

      • @JCitizen: “We reload the operating system, and the symptoms reappear within days. The clients are re-acquiring the malware despite being careful about where they go on the web, and removing java, and disabling flash.”

        That sounds a lot like what we would expect from hardware infection. By “hardware infection” I mean that malware code has somehow been installed into BIOS code which is executed as the hardware starts up. Typically the infection code would be in the motherboard BIOS, but other devices may also have a BIOS which are also executed at startup. When multiple BIOSes are infected all must be fixed simultaneously, since leaving even one infection running might cause immediate full re-infection.

        Now, different hardware will require different infection attacks, and specific ways of updating the BIOS flash. Some equipment will be hard to flash, some easy. It could be quite useful to become aware of exactly what motherboards (and what devices) are used in the problem machines.

        One might think to just re-flash the BIOS, but since modern BIOS chips do not have sockets, flashing actually happens on the infected machine and so may be falsified. One might try to look at the raw BIOS code, but usually we have to go through the infected machine to do that, and so the malware code may be hidden. Possibly some sort of FireWire direct bus access could expose hidden code under external analysis.

        With an established hardware infection, we are way, way beyond any protection from antivirus scanning. We are also beyond a full OS re-install, even on a new drive. Those things will not work because the problem is already operating before any of that stuff starts. However, even with an existing hardware infection, installing a different OS can be a significant advantage.

        Technically, a different OS could be in just as much trouble as the first. However, even a BIOS infection will still need computational help and so probably will rely on using the expected OS when that comes in. Having a different OS might well defeat the hardware infection.

        Trying to clean a hardware infection can be much, much more difficult than cleaning the typical malware infection. However, they both have the same fundamental problem: there exist no tools to guarantee that all infections have been eliminated. So there is no way to know when to stop, and anything less than absolute perfection may just lead back to the original situation.

        “I am beginning to suspect some kind of factory built in malware, that lays dormant for a few days and then activates.”

        While anything is possible, malware attacks on our insecure hardware seem more likely than factory sabotoge. The original and long-gone “dropper” malware (possibly downloaded by broadband from the botmaster) would have to know the re-flash process for the particular motherboard or manufacturer and have the correct malware-modified BIOS code. Since the BIOS comes up first, it should be much easier for hardware infections to hide than normal malware.

        “All of my clients like Rapport,”

        Desperate times may indeed call for desperate measures, but Rapport seems too much like a bot for my taste. Yes, it may be a “white hat” bot, but it seems like a bot nevertheless. A bot has full access to everything on the computer, all files, all email and everything else, and so is necessarily a major risk. Even a white-hat bot can be defeated, and then the bot-like actions we assume are from the good guys, are not.

        • Thanks Terry;

          On one machine, we tried removing all PCIe cards, flashing the bios from USB immediately before nuking the drive and immediately after. Also ran a firmware update from CD-ROM image for the hard drive, if that drive used firmware updates. I’m only having this problem on HP and Dell machines, built within the last year.

          I see many .NET and SP1 update problems with the same category of machines on many forums, and at CNET. My work load is up 1000% I’m starting to get burned out, and have been working until 4 a.m. locally, and all over the world – remotely. A very vexing problem!

  13. I found a link on this page and when I tried it, the link did not work. I followed the instructions on the error message page and got a reply saying the file is still available at . The change was due to a major restructuring project.

  14. The URL was deleted from the text so I put it in the website field.

  15. I’m wondering if the problems re Rapport mentioned here would also apply to OS X

    Thanks in advance for any comments

    • @artzy;

      I should think OSX being a totally different operating system would have totally different problems on Safari 5. At least that is the browser that is supported. This assuming there are problems. None of my Apple clients have tried ANY security programs so far.

      • I have been using Rapport for about 9 months on OSX (i am running 10.6.6 currently). I just got an update notice; while running Firefox. I never use Safari since MacWorld cited security problems. I have not had any problems but after reading the blog, I am leary of the update. I would love for the company to address its stability on a Mac running Firefox. I, too, clicked on a link at the top of their web page; think it was “products” and it said the page was unavailable. For a company who specializes in web security, this spoke volumes to me, the lowly graphic designer! I would welcome comments from some Mac experts.

  16. My bank (RBS) recommended that I install Trusteer Rapport. I have used it on two different laptops and two different desktop PC’s, with Windows XP, Vista and Windows 7, with Firefox 3, 4 & 5 and IE 7, 8 & 9.

    So far (touch wood) I have not experienced any problems with it. My daughter, who also has an RBS account (I opened it for her when she was 16) also has Rapport installed and has had no issues with it.

    I think it’s true (as others have mentioned) that the people who don’t have a problem with a piece of software don’t usually bother posting to say so.

  17. Don’t install Rapport… It was ‘forced’ onto us by a US national bank (think directional instmts) that was bought out by a British bank (BB…). My great running new Dell E6300 (maxed out) laptop has had nothing but problems since. All of the scans pointed to Trusteer files (registry errors, file coruption, and also blocking the functions of other apps, both MS and others). I am uninstalling and also scanning for any files that contain either Rapport or Trusteer to remove today. Hopefully, that will resolve the problem. If not Dell Tech support here I come (glad I got full support)….

    • I’m running Trusteer on my Mac Mini and have had no problems. Funny how you can run software on Macs problem-free and watch as people on PCs have all sorts of problems

    • Sorry for your experience, PC Elliot:

      In the last month I’ve had at least three clients with brand new Dell computers – one was a laptop, and the other two were identical desktops – that were completely hosed by simply trying to update to SP1 for Win 7. The laptop was damaged so bad the tech trashed the motherboard; and one of the other two had to resort to using Microsoft supplied operating system discs with SP1 pre-installed.

      I don’t know what is going on with the OEMs, but my work load has gone up 1000% because of Windows update problems. I see many folks on the tech forums getting new hard drives from Microsoft!! All of them either Dells or HPs!

  18. Beware there are issues with Rapport and Win 7. It creates a directory in User/Default/AppData/Roaming called
    Trusteer/Rapport/user/store/user which has a file user_var_0.cfg.data.

    I do not know if this file was corruted or if they contolled it through the System, but when you go to create a new user it will not get a profile and you will be going through the old Vista error problems and not being able to log in the new user.

    Event errors show that the new user routine was not able to copy the file which left the routine in hung mode and didn’t finish.

    This will also show up when trying to use IIS www to bring up a htm. The service tries to create a pass through user using the application pool and it ends up with the same problem of not able to copy the file, except now it can’t delete the temp. user and you end up with a boat load of new users with each retry.

    Changing the rights in Safe Mode was not helpful, the only solution was to cut the file and move it somewhere else in Safe Mode.

    Until they fix their Win 7 problems I’m uninstalling.

    • I have many clients with many Win 7 file issues. It seems almost that it is a Windows 7 issue more than anything. Disappearing folders, files, and shortcuts. Then suddenly reappearing again!

      I don’t have the same problems on Vista x64, but perhaps one should not do banking on a Win7 PC anyway; if you are not going to use Rapport. I’m leaning heavily on ordering a Puppy Linux Live CD from On-Disc, and trying that for a while.

      I think readers should be aware, that there is a malware poser for Rapport, and the only way to superficially recognized it is by examining these icons I cobbed from an article by Michael Kassner on TechRepublic. You can view them here:

      http://i.techrepublic.com.com/blogs/zitmo2.png?tag=content;siu-container

      It seems Zeus has an interesting mobile phone variant called Zitmo that can defeat two factor SMS authentication. I always knew they’d find a way to break that anyway. I think readers here would be interested in that article too.


Read previous post:
Infamous Storm Worm Stages a Comeback

The "Storm Worm," a prolific strain of malicious software once responsible for blasting out 20 percent of spam sent worldwide...

Close