29
Apr 10

A Closer Look at Rapport from Trusteer

A number of readers recently have written in to say their banks  have urged customers to install a security program called Rapport as a way to protect their online bank accounts from fraud. The readers who pinged me all said they didn’t know much about this product, and did I recommend installing it? Since it has been almost two years since I last reviewed the software, I thought it might be useful to touch base with its creators to see how this program has kept pace with the latest threats.

The basics elements of Rapport – designed by a company called Trusteer — haven’t changed much. As I wrote in May 2008, the software works by assuming control over the application programming interfaces or APIs in Windows, the set of tools which allow software developers to create programs that interact with key Windows functionalities.

From that 2008 piece:

“Some of today’s nastiest data-stealing malware works by hijacking these Windows APIs. For example, keyloggers simply hijack or ‘hook’ the Windows API that handles the transmission of data from user interfaces, such as the keyboard and mouse. A more advanced type of malware – known as a ‘form grabber’ – hijacks the ‘WinInet‘ API – which sets up the SSL (think https://) transaction between the user’s browser and the encrypted Web site. By hijacking this API, a form grabber can rip out usernames and passwords even when the user is submitting them into a site that encrypts the data during transmission because it grabs that information at the lower level of the operating system, before it is encrypted.

Trusteer’s software examines these and other vital Windows APIs to see if any other process is trying to intercept sensitive data. It then blocks those that do.”

I spoke last week with Trusteer CEO Mickey Boodaei about his company’s software, how it has changed over the years, and what’s new about it.

BK: A lot of customers are being asked to download the software and don’t know much about Trusteer or Rapport. One customer wrote in banked at BBVA, and another was with Fifth Third. Both banks very recently had multiple customers lose hundreds of thousands of dollars to the sort of online banking fraud I’ve been writing about lately.

MB: Well, the more press coverage we get, the more it will help build familiarity with our brand among consumers.

BK: Since we last talked, you were working with just a handful of banks — such as ING. Can you talk about how the business has grown and who you’re partnering with now?

MB: Over the last year in the U.S., we’ve been seeing a significant change in the amount of interest we’re getting from banks, especially around business banking. It looks like banks are getting really worried about it, as many have seen fairly significant fraud losses. Right now in North America we have around 50 banks using our technology, and few others in the United Kingdom.

Read on after the jump for my thoughts on this software, and a discussion of some of the malware that specifically targets Rapport.

BK: So in a nutshell, what does your company do for the banks you work with?

MB: Each bank we sign, we’re analyzing older fraud incidents and finding which malware variants are attacking them and their customers. We then make sure we have multi-layers of protection on the server side that can address these threats.

BK: Are you working with any banks that are making your software mandatory as a prerequisite for online banking?

MB: We do have a couple of banks that have recently signed and plan to make it mandatory for business banking.

BK: Can you say which ones?

MB: Not right now. They’re not big banks, each has about 5,000 to 10,000 business customers. So we’ll kind of experiment with that. But currently we’re not recommending our customers to make it mandatory.

BK: Why not?

MB: Well based on how it goes with these two banks, we may change our approach. The main reason is that we don’t want this to be perceived as something that is being forced on customers. That generates a negative vibe with customers and we really don’t want that. We want to push banks to educate their customers about the problem.

BK: I noticed there were several recent malware samples that attack or disable Rapport. Did you think your software would become a target at some point?

MB: Definitely, that was one of the key assumptions we had: That if we are successful from blocking malware from committing fraud, we’ll become a serious target for criminals. We are seeing targeted attacks coming from serious organized crime that are trying very hard to find ways around our solution.

BK: If I install Rapport and bank at an institution that also uses it on their end, what can I expect?

MB: Our software integrates into the bank’s site and communicates with the [Rapport] software installed on customer machines, and the two of them can work together so that the bank can effectively measure what the software does on the customer’s desktop. Whenever the customer logs into the bank’s site, the bank knows whether Rapport is there, whether it’s up to date, whether its been attacked or compromised.

BK: So your software ships updates, sort of like an anti-virus solution?

MB: We’re basically pushing updates almost on a weekly basis. These are not signature updates, but updates to our security mechanisms to the way the product works.

BK: So you’re fairly confident your software can detect and block most of the attacks we’re seeing from things like the ZeuS Trojan and other sophisticated threats?

MB: With ZeuS we have multiple layers of protection. Obviously, the core technology is to prevent ZeuS from entering the browser in the first place. On top of that, we’ve added a few layers of protection in the last couple of years, so that we prevent ZeuS from being downloaded to the customers’ machines, and we prevent the installation of ZeuS.

But take a look at the main solutions out there to combat these threats — anti-virus software. The detection for things like [the latest, most advanced versions] of ZeuS by anti-virus software dropped from like 50 percent to close to zero, because the [ZeuS author] changed everything so that even after it’s installed, it looks completely different from one computer to another.

That said, our software is not a silver bullet to anything. It’s not going to solve all the problems that the banks and industry have. But we do believe that it adds real value, especially when integrated into a bank’s bigger fraud detection mechanisms.

ANALYSIS

Trusteer’s product certainly raises the bar for malware writers, and forces them to deploy Rapport-specific attacks to plant malicious software on a user’s PC. Spanish security firm S21sec said recently it had confirmed in lab tests “that ZeuS cannot grab any data in a machine where this software is installed. Unfortunately, the ZeuS guys haven’t just been lazing around; in one of the latest samples of of the Trojan, we have seen how ZeuS, right after infecting a computer, downloads and executes a second file whose purpose is to render useless this software.”

Nevertheless, I think Rapport would be a decent, low-impact addition to the security of any PC user banking online with Windows. But I’m a bit on the fence about recommending this for businesses, mainly because companies that lose money due to stolen online banking credentials are almost always on the hook for those losses. Increasingly, though, victimized businesses end up suing their banks to recover some of the losses, usually arguing that their banks should have done more to detect the fraud.

In these cases, a critical legal question that often arises is whether the thieves compromised the customer’s system or that of the bank’s. I mention this because Trusteer recently built a new component into Rapport called Flashlight, which tries to give partner banks the ability to remotely check to see if their customers’ systems are infected with malicious software. Whether the banks will proactively use that feature to stop online banking fraud is unclear, but such a feature would make it tougher for small and mid-sized businesses that lose money to online bank fraud to claim that their computers weren’t the sole cause of the loss.

Small to mid-sized businesses probably would do better to rely on a Live CD approach on PCs used for online banking. More information on this method is available here and here.

Tags: , , ,

121 comments

  1. As an account holder of a bank that recently recommended the installation of Rapport, my biggest frustration was that all of the links offered to provide more information were very simple marketing speak. They offered little information of what the program is, does, what it affects on the system, if it has any compatibility issues, or how it functions. Even a pharmacist will describe core benefits and side effects to watch for with a prescribed medicine.

    I was asked on faith to install this program, and I couldn’t based on the information provided.

    So the bigger question is, do we need to be persuaded, informed, or mandated to use these programs? How long until the equivalent of a DAT file issue or do-good-rootkit -gone-wrong results from ill-informed software installations? If Krebs is on the fence, am I over-thinking this, or do we need to masses to just follow along?

  2. Carl "SAI" Mitchell

    Making it mandatory seems a very bad idea; what does a customer using a Mac do to use online banking? How about an iPad, a BSD box, Linux box, etc?

    • I agree. The liveCD is a much more convenient and inexpensive option than a separate Windows computer. I would definitely have to leave any bank that decided to dictate my OS.

      It’s nice to hear that some banks are looking at online banking security more seriously, but I won’t celebrate until they leave behind the webmail-level security. The dropdown list of public-record “security questions” is a dealbreaker for me.

      • since you installed this – has your computer started to go off line by itself randomly and has to be re-started jsut to get back online?

        • @lori;

          If Rapport is giving you trouble, the support people over there are fantastic. Their is no charge for their services, as they make their money from the banking and merchant industry.

    • There is a Mac version of Rapport and my bank (HSBC in the UK) strongly recommend it. From memory, the download link did detect that I was on a Mac and gave me the Mac version which I was pleasantly surprised by.

      There is no Linux version or any other version at all.

  3. I used Rapport for a little while but I found the large advertising icon in the Firefox menu bar annoyed me.

    • I accidentally checked dislike while I was trying to check Like.

    • What are you talking about emv x man? The only icon I see is next to the address bar, and it is necessary to see if Rapport is activated and protecting the site I’m on.

      I think you are confused with some other program, or worse, a malware poser program!

  4. Don’t want another piece of software attempting to interject itself into Windows functionality in order to monitor for possible malware. That’s what Antivirus is supposed to do and it’s NOT very good at it (reason why it should NEVER be used as a primary defense).

    I try to LIMIT the software installed on my systems to reduce their attack surface while implementing a defense in depth strategy. Even with those defenses, the biggest one is sitting behind the keyboard.

    Also, the frequent program updates raise some concern. Do they require admin to install? Does the program itself require admin to run?

    This is a slippery slope for banks. I don’t want them dictating to me what software I need on my computers in order to use their online banking. If so, I’ll take my business elsewhere or stop online banking all together.

    It is my responsibility to secure my end. I take that very seriously! Others would be wise to follow suit. It will only benefit them. Don’t rely on someone else to protect you.

    • I disagree. Signature based security is no security at all now. Those technologies are rapidly becoming obsolete! Todays security software needs to function even if you are infected, to defeat the purpose of the malware – not to destroy it, but to block it, at a minimum!

      Many of the experts I see on forums, agree that you need to combine this program with Keyscrambler to get as full a coverage as possible. Keyscramber is also designed to work with LastPass. In my testing so far, my keylogger/screen shot software cannot get past Keyscrambler in all six tests that I use. Prevx flunked all six of them, so it is useless as an anti-spy blocker. Both Rapport and Keyscrambler are free.

      If you are interested in trying this test yourself Google aklt.exe for a good testing tool. Be careful where you get it, as malware developers use the same thing for attacking your PC!

  5. On a windows os modern malware does not require an entry in the process execution table to run. In a similar vein they also do not need to invoke platform services through the api; they just need to locate the base address of the relevant loaded module (not hard even with ADSR) and execute microcode at a pre-known offset.

    The net-net of this is that any protection software that *attempts* to intercept modern malware through api hooking or pet monitoring is entirely blind to what’s actually going on although it will help against vintage threats.

    Wrt

    • We were discussing this fact with one of the developers of Keyscrambler who has a more intimate knowledge of how Rapport works. Needless to say, they don’t want to get into too much detail, to give away secrets to the black hat community. But he claims the new version not only surpasses this technology but also watches the memory areas that Carberp uses to take over the startup folder. This unless I misunderstand the process.

      The new version of Prevx has been designed now to work with Rapport, provided it is installed after Prevx v. 3.0. Perhaps this can add another layer of process security here. I’ve tested it with Vista x64 and they do co-exist, but I’m concerned about process overlap, so I think I will run with Rapport, Keyscramber, and LastPass, instead. Maybe later after we get some feedback on malware attacks, we can make better decisions on the final outcome.

      Malware are now attacking many good utilities like CCleaner and SuperAnti-Spyware, because of their successes, NOT their failures. These new companies are just going to have to be combat hardened; and learn from the ongoing war with the criminals.

  6. When I first looked into this project it looked great.

    In practice I don’t really see this as a viable long term solution. Its subject to almost the same issues that AV faces, with a few benefits. It also effectively trains your users to install unknown software from their banking website. I can’t say I care for the delivery mechanism, it creates a precedent of customers installing “security” software that they have little to no knowledge about.

    That being said I like the idea that companies are beginning to assume the client is compromised and building their security around that staple. They have the right idea, and they are a company I will watch, but I am not sure this specific implementation is one I would purchase…

  7. The thing that scares me about this is what this type of thing will do for application compatibility. I have seen numerous instances where some third party thing like this hooks into various executables, and breaks our software. Then we have to waste time debugging the thing and figuring out which 3rd party piece of crap is responsible, and then have our customer uninstall the thing.

    • Am not a PC geek but looked for reviews on Rapport as one of my banks offers it. Found gripes on difficulty in uninstalling Rapport. Uninstall is not described on trusteer.com. I’ve passed on it so far.

      • Hi Michael,

        You do right to ignore it, I didn’t, and it brought my system to a complete standstill. It wouldn’t allow me to switch it off or uninstall it.

        The so-called help desk didn’t, and asked me to download log files of my banking transactions!!!

        It took a total system rebuild to get rid of the garbage

        Lots of others have experienced the same problems so steer clear of it at all costs

        Mike

        • Thanks for the feedback Mike;

          I had some issues with un-installation that were my fault; but the technicians at Rapport were very courteous and used Logmein Rescue into my PC to cleanup the registry and allow me to get the latest version of Rapport from my merchant site. This new version had much greater performance, and I had little problems with browser hangs and crashes. It is not only the banks that are pushing Rapport. Many online merchants are now quietly providing it also! They are not forcing anyone, but being very mum about it, for understandable reasons.

          Right now my browser performance is actually better than it was before I switched to Rapport – however, this might be because Prevx was the actual cause of any problems on IE8 or FF.

          Vista x64 has always had some surfing problems every other patch Tuesday, no matter what add-ons or security solutions, or the lack thereof, I use!

  8. I don’t see why we should place much trust in the Rapport software. There are few technical details on how it works; mostly marketing-speak. There is no independent security evaluation by a technical security expert. What little information that is available sounds like Rapport is likely to offer rather weak security. Moreover, there are fundamental reasons to believe that this is, in the end run, a losing approach to the malware problem. Surely this can’t be the best advice we can offer to people doing online banking!

    P.S. I would take the banks seriously if they started to offer to indemnify customers who used Rapport and got hacked, or if Trusteer offered to indemnify people who used their software. But obviously nobody is offering to do that; we’re supposed to take their word on it that it will help, but who knows? The incentives are not aligned here.

  9. Michael McDonald

    My comment pertains to the last sentence of today’s article. I really enjoyed Brian’s tutorial on creating a LiveCD for Internet Banking. This past week, I have been working on creating a LiveCD that anyone can use without the fear of installing Linux on their Windows PC by mistake.

    My opinion is that the LiveCD distro http://webconverger.org/ is the best LiveCD for Internet Banking. It worked better for Internet Banking than the other Linux LiveCDs that I tried.

    I had no trouble going to my Internet Banking sites. I love that Flash is preloaded. It is so easy to use that my Mom could use it. To shut off Webconverger, I just had to press the power button. I love the fact that there is no way that a user could inadvertantly install Linux on their hard drive (Ubuntu, PCLinux and others with “install” options).

    Other features of webconverger include a pdf viewer and shortcut keys: CTRL-+ and CTRL– for controlling the font size, CTRL-T and CTRL-W for creating and closing tabs, and CTRL-K to get to the search form, and CTRL-L for moving to the address bar.

    There are many LiveCDs available but for one reason or another I could not recommend these LiveCDs. Ubuntu and PCLinux LiveCDs worked fine but I found the install options too risky. My attempt to customize my Ubuntu LiveCD wasn’t successful (I am still trying). Knoppix is a good LiveCD but it wasn’t as well suited for Internet Banking as webconverger. This LiveCD contained many tools that make it more complicated to use than Webconverger.

    I am going to send a webconverger LiveCD to a few friends that use Internet Banking for their small businesses. I recommend that Brian’s readers check it out.

    • Looks nice! I tried using it from VMWare Player (used EasyVMX.com to make the VMX file) and it was very fast to launch. Maybe a good way to avoid man-in-the-(Windows-based)browser risks.

    • What is the size of the download? We have a medium speed Internet connection in a rural area, perhaps only 5-10 times faster than dial-up.

      Thanks

      • Yes, I’ve the same download-speed issue so I went and looked and if I remember right, webconverger is ~227 MB while puppylinux is ~105 MB so I’m sticking with puppy. 2 puppy problems I ran into are Toshiba sound-chip softmodems won’t work with linux and couldn’t multi-session on a CD but have yet to try a DVD. A bit frustrating at times but I learnt a few things along the way and well worth the effort now that it’s working! I’ve also tried BitDefender’s Rescue Disk (~250 MB, think knoppix); it took a long time to boot and eventually hung up with a black screen so I gave up. It ain’t all roses. Bon chance!

    • The “best” anything is often fairly subjective. Personally, I prefer Puppy Linux, and have described how to set it up in:
      http://www.ciphersbyritter.com/COMPSEC/PCSECBAN.HTM

      Some of the cited webconverger advantages come with the Firefox browser which I also add to Puppy. Installing a range of add-ons can be helpful. For example, the “NoSquint” add-on will adjust both page and font size for each site, and use that when the site loads again. The security add-on “Safe” paints a colored border around a site display when SSL security has been established. “NoScript” provides multiple forms of JavaScript protection. And add-ons like “Certificate Patrol” and “Perspectives” actually support detection of man-in-the-middle attacks on SSL.

      It is certainly true that Puppy Linux can be installed on a hard drive (although no hard drive is necessary) or flash drive, and both options would be wrong in a security context. But the Webconverger site says: “It is best to use Webconverger from an inexpensive USB stick…,” which is also wrong for security.

      The big advantage that Puppy brings is the ability to write changed files to a new DVD “session,” and then load those files with the next boot. This update process allows Firefox, the add-ons, and everything else to be updated for improved security. Saving the new stuff is under control of the operator. We can prevent all unexpected DVD writes simply by removing the DVD immediately after boot. Puppy resides in RAM and does not access the DVD in use.

      The deeper one gets into any of these packages, the more issues one finds. The Puppy I describe has many irritating problems. Just enough works to support a secure on-line environment, but that is all it takes. Actually using a system which does not allow updates seems almost unacceptable.

      • Thanks Terry;

        I’d always wondered how Puppy would handle the RW side of updating! That sounds like a real winner there!

    • Thank you Michael! Very interesting!

      For those of you who are concerned about downloads, and maybe passing the hash test. I can recommend On-disk.com – as I have ordered their very reasonably priced discs for nominal S&H handling – mostly.

      The quality of their products are very high – and I’ve never had a bad read from any of their open source DVD/CDs.

  10. I heard that the major *real* value of this software was the ability to have screen capture calls reported so the banks could react on customers sessions that had some screen area captured by other software.

    I hate to ask, but given the recent tacky advert addition, was this a sponsored post Brian?

    • Paul — To answer your question, no, I didn’t get paid for this. I don’t do pay-to-play, and I don’t do sponsorships, unlike many other tech pubs that play in this beat.

      Interesting that you thought this was a paid post somehow. I thought it was pretty fair. The truth is that the effectiveness of this tool likely depends on how much the banks pay attention to the information they’re getting from customers who are using it.

  11. The lack of details provided for this product do seem at odds with the request to download it and use it for such a sensitive purpose. However, it seemed worth a try.

    After playing with it a bit I see that I am able to protect any site by simply clicking on the Rapport arrow next to my address line. Wow! just like magic, I click on the arrow, it turns green and says I am now protected. It certainly has some marketing appeal.

    While this tool may be a good layer banks should still assume that there customers are entering from malware infected machines and architect their applications accordingly. This type of requirement should find it’s way into every single RFP that banks send out for online banking applications.

  12. If malware can walk in through the front door and hook into system APIs (that should be protected but of course are not – this is Windows) then it won’t take them long to figure out how to disable Rapport as well. More snake oil?

  13. One of our banks in ZA recently pushed this software out. It is a seriously invasive program. The brief analysis I did of it on my Mac showed it deploying a keylogged and communicating back. My biggest worry was related to privacy. Given the software sends (for e.g.) lists of phishing sites visited back to the bank (via Rapport) how are they anonymizing non-sec related traffic?

    • Privacy issue distrust is very understandable, even though they assure they are only collecting data necessary for protecting customers. The thing I never hear from folks who complain is, how much privacy do you thing you get from the malware on your PC?!

  14. I installed this when recommended by my bank. It appears to function as advertised but its too invasive in my opinion. It started telling me that my password program (password manager xp) is malware, then my antivirus program complained about it, its footprint is not small 43,000 k or more at times and the number of files / folders it creates in temp directory is not pretty. The interface if reasonably intuitive and I was able to make it work nicely with everything. But I decided to remove it watching its memory usage creep and seeing the reports when I realize its interaction with pretty well EVERYTHING I do. I don’t like the infringement in my privacy. Not easy to install either … you have to do it in safemode as the documented procedure through add remove programs did nothing.

    • Shoudl say UNINSTALL 😉 … which I have done.

      re:
      Not easy to install either … you have to do it in safemode as the documented procedure through add remove programs did nothing

    • Just because the file says it is a safemode uninstaller does not mean you need to be in safemode. A simple reboot will take care of it.

  15. I installed Rapport on my computer and the next time I turned it on it wouldn’t work. It started up and let me log in, but as soon as Windows was completely open, it would say there was a problem with Windows (XP) and it had to close. I was unable to reinstall Windows and have taken it to a computer repair shop. Installing Rapport was the only change I made to my system prior to having this problem.

  16. I lost money (cleaned out) after clicking on the Trusteer link on Standard Bank’s Login site. It seems that Trusteer was hijacked and used to perpetrate this crime.
    I will never use it again!
    Oh, and no feedback or contact from Standard Bank!!

    • I think you should pretty much put any good security utility on a clean machine; you can’t expect ANY software to install correctly while you are infected, let alone security software!

  17. I have a new Mac. I was told by Apple that I didn’t need anti virus software but I would like to install one that will be compatable with Mac and the Trusteer my bank asked me to download. My bank will not recommend any AV software, has anyone found a good one to work with Mac and trusteer?

    • Dear Jimmy:

      The apple site has at least two anti-malware removal tools, and I think they link to a version of Avast that works with Macs. However, this AV is primarily to keep the Windows variety of malware off the Mac. Also however – with the type of attacks many iPhone users are suffering, this should help scan your iPhone for that variety of malware too.

      Many Mac lovers have run ClamXAV for years to help keep their Windows email buddies clean. I would trust Avast before I would any other company. Free is good too!

  18. I don’t know why the banks don’t simply recognize only a designated computer, and no other, for transactions.

    • “I don’t know why the banks don’t simply recognize only a designated computer, and no other, for transactions.”

      The problem is a bot in the customer computer sitting in the communication path between the user and the bank. Any authentication needed to access an account is provided by the user, who sends it through the bot, thus giving the bot full access.

      Often it is the bot, not the user, which actually communicates with the bank. If the bank says: “Is that you, customer?”, the bot replies “Yes.” If the bank asks for authentication, the bot asks the user, the user provides it, then the bot sends that to the bank. No form of authentication can possibly solve the bot problem.

      The fact that a simple reset does not remove a bot is a hardware and software design flaw in our current systems. Software patches alone cannot solve it. Virtualization cannot solve it. Our options are few.

      I would like to see the FCC require Microsoft to provide a LiveCD to certify any Windows hard-drive installation as uninfected and thus suitable for online banking. Microsoft also might provide an easy and safe tool for users to re-install Windows, and thus kill any bot infection. Or, Microsoft could bring out their own LiveCD specifically for online banking.

      It is possible for current computer users to get out of the malware line of fire simply by avoiding Microsoft Windows (and, now, Java) when banking online:

      * The “easy and expensive” approach might be to get a Mac, which will avoid almost all current problems. However, any current computer which boots from a hard-drive can get infected. Presumably, even tablets with a flash memory boot someday also can get infected.

      * The “not-quite-so-easy but free” approach is to learn and use a Linux LiveCD for online banking. With a LiveCD every restart produces a clean, bot-free system.

      We all wish there were better alternatives.

  19. annabelle lenderink

    I never installed this program, but while looking to delete another found it and then googled to see what it was and found your article. It was installed less than 2 months ago, but not by me, did my bank do this?

    • Better call your bank. If they didn’t do it, an online merchant could have, but I’d be alarmed if I were you; malware like to use poser code to mask the fact that they have pwned your machine!

      Don’t assume this is a condition that can be taken lightly!

      • Today I noticed this program on my computer and spent the afternoon in a chat with a Norton rep to remove it with no luck at all. I do some limited consulting in the identity theft area and have never heard of this product. After reading your article, at first I was encouraged, but the stilled annoyed that this got through without Norton catching. Now in reading this response you think it may be a fictious pretender so to speak? If it is, how do I get rid of it. Norton tried twice and it is still here.

        • Norton will not alert you on legitimate programs, at least it never did for me. If you couldn’t find it on the Programs applet in Windows, then it was a poser. Posers have always ended up being malware for me, your mileage may vary.

          If it was the legitimate program and Norton did not use the regular Windows installer/uninstaller to remove it, then they did you a great disservice, because they might have damaged it beyond Trusteer’s ability to fix it completely – without going through the registry to delete every key that belonged to the application.

          Trusteer has a cleanup tool that can be used to satisfy bad installations or uninstalls; I think I posted a link to it later in this discussion.

          I’ve never tried Revo Uninstaller for Rapport, but it should work for poser malware, providing it can see it. If not you can use “hunter mode” and kill it that way.

  20. Rapport has been recently deployed by a French online bank. I have tried to install the software but surprizingly I discovered that Rapport does not work when your compruter host a combination of Avast and Zone alarm.

    http://consumers.trusteer.com/za-avast

    • I use Avast and Comodo firewall; and am having no problems. I consider the software version of ZoneAlarm as substandard, sorry.

      Not so on the ZoneAlarm Z100G. I hope you have no trouble with that one, because all of my clients are going to it for a hardware gateway solution. I have not tested Rapport on those streaming services as of yet.

      If trouble appears on that firewall, I will go out of my way to either configure an exception, or get CheckPoint to clear it. I have no problems on CheckPoint’s other high end devices, however.

  21. I am surprised nobody has mentioned IronKey’s Trusted Access product. It is by far the best product, at least of the solutions I have tested. And certainly much butter than Trusteer. When we tried Trusteer we could barely get our adoption rate into the double digits.

    • I not aware that IronKey can thwart a session riding attack by some of the Zues variants we are discussing. Perhaps I didn’t understand its capabilities. I know many IT pros really like it. I would go to it if I were traveling and using other strange computers as part of my job; but I don’t.

      If they could provide an instant browser bubble to cover this aspect, this would be fantastic. Almost all of my clients are cash strapped and can’t afford many of the best solutions out there.

  22. My current bank has a second password and asks for a different 3 random letters from it each time. That simple mechanism is the only good defence from a keylogger I have seen. A big chain of software sits between your button press and the network connection and injecting more software will just make it harder to find the leaks.

    • Dear Tony;

      If I understand correctly; that is still considered single factor authentication. You really need at least two factor authentication, to start calling it close to best practices.

      However, using a good password vault, Rapport, and maybe keyscrambler could make all the difference.

      I’ve posted elsewhere here about testing KeyScrambler and it passed all six of the toughest test for reading the keyboard AND video screen. Both of those are important.

      Trusteer is supposed to block all keyboard reads, but since I know Keyscramber works, and Rapport is designed to work closely with Keyscrambler; I’d just as soon work with something that is tried and true, and can pass all of the AKLT Tests.

      I haven’t tested Rapport for that, so if someone wants to; be my guest, and please contribute the results here for the benefit of everyone.

      I have tested Rapport’s browser bubble, and the offending process can’t even see that a browser is open; so I call that a success in and of itself!

  23. How do you uninstall this piece of shit!

  24. Help! I have Norton 360 v 4.0 installed. It’s working fine.
    If I also install Rapport, would it conflict with Norton360 ?

    • Dan,

      Norton 360 is on Trusteer’s compatibility list. Google is your friend!

      • Thanks JCitizen. Appreciate your rapid response. For years, I’ve used Norton 360 and editions before 360 without problems. Believe I’ll skip the Rapport installation, as Bank of America requested.

  25. imho – any software that doesnt install or uninstall properly is malware. Any company writing software that doesnt know how to uninstall there own software from any OS where it is installed shouldnt be in the business or writing software. Now take the same company and say trust me with your banking, ha..

    Your software is so good indemnify the user or go away.. Another possibility have a 100k prize like RSA and see if anyone can hack a users bank account with your software installed at the yearly security conference in San Francisico or Vegas

    Banks should be allowed to check every system connecting to them tosee if tghe AV is up to date, thats not intrusive and is common practice to access corporate VPNs.

    Does anyone remember TSR most of the really troublesome viruses I have everr had are terminate and stay resident.

    The Apple OS only accounts for about 6-7 percent of the total PC market, if you were writing software would this be your target?

    As MAC use grows (I wish they would allow there OS to be installed on any PC x86/x64 system) so will the number of applications written for the OS including viruses.

    However, Apple knows that if it were to open up the OS to run on any system they would have to write device drivers for each legacy device in existence or the OS would crash or the devices would.

    The issue is Device MFGs write drivers for new devices they typically do not go back and update drivers for new OSs, they dont make money supporting old devices on new OSs.

    Microsoft is the largest provider of software for the Apple OS. Avast, Symantec, Sophos all have AV that works on a MAC and we will see many more as long as Apple continues delievery quality products.

    Win7 has a an XP Mode that you can download with a pristine version of XP from Microsoft for application ciompatability , the point is its a clean installation you can run from Win7 http://www.microsoft.com/windows/virtual-pc/download.aspx

    -Ivan

    • In the past I would agree with you Ivan; however in the current threat scape; malware are undefinable until too late – many of my clients have had very good security programs uninstalled by simple .bat files, let alone more sophisticated attacks.

      Rapport installs the way it does, obviously to fight fire with fire. Any program easily thwarted is worse than worthless! I agree with Trusteers methods, until a better one can be found. LiveCDs are probably the best, but my clients refuse them. Microsoft’s free Steady State is tops, if they have XP onboard.

      Also for those worried about third party compatibility, I have not found an legitimate application that cannot be allowed in the Rapport console. This has worked seamlessly for I and my clients.

  26. Last comment two factor authentication like RSA or where Terrys bank has two passwords is the best protection. I would gladly install RSA two factor authentication the password changes every 60 seconds and togther with your regular password would grant you access.

    Also, people get malware by installing something from the internet. Microsoft provides UAC (User Account Control) so that you have to install apps with Admin Access, how many people turn it off? The bottom line is dont install something if you dont know what it is..

  27. When I logged into BofA Online to pay some bills a few days ago there was a recommendation that I download Trusteer’s Rapport Software. They gave a link for both Mac and Windows downloads and it was promised that it would aid in preventing fraudulent use of passwords and other sensitive information. I looked briefly online to read about it and it seemed like the thing to do. I have a iMac 24inch early 2009 model and am running the most current OSX 10.6.7 and using the most current version of Safari 5.0.4 as my browser. After downloading Trusteer’s Rapport Software, I suddenly started having problems with Safari closing and getting an error message saying “Safari unexpectedly quit”. I started searching for info online regarding that error message and quickly found out that others had the same problem after that installing Trusteer’s Rapport Software and it was recommended that I UNinstall it. I quickly did just that and the issues with Safari crashing disappeared (thank goodness)!! I have emailed BofA about the whole situation as I am really p!ssed off that they would advise their customers to install software that causes glitches like this or could potentially their harm computers. I mistakenly thought that if my bank (a BIG bank at that) recommended something like this it would work without issue, but I was WRONG. Please beware and don’t download things like this, even from trusted sources, without doing a little more careful research than I did.

    • rxcats,

      I had a similar experience. Same bank, same message to install the program. After doing so, Safari was definitely acting up and freezing or crashing.

      I have uninstalled and as you report, so far so good.

    • Rxcats – Thanks very much for the feedback. I’m sure everyone here appreciates it. I would imagine, though, that probably the real target audience for this tool is Windows users, since that’s what 99 percent of the financial malware is attacking.

      • From what I understand from statements by the developers, and people way more experienced than me ; if your bank uses Mozilla or Chrome; you have the same problem with session threats that you do on Windows.

        I’ve also asked Linux developers posting on ZDNet if they feel most distros are vulnerable to surveillance and manipulation to the current session. The answer was a probable yes. I really wouldn’t know myself.

        • @JCitizen: “if your bank uses Mozilla or Chrome; you have the same problem with session threats that you do on Windows.”

          Well, if someone already has a bot, no browser is going to solve that problem. And there is no tool which will guarantee to find the bot.

          In terms of stopping malware, Firefox add-ons provide a range of security features not available in Explorer and Chrome.

          “I’ve also asked Linux developers posting on ZDNet if they feel most distros are vulnerable to surveillance and manipulation to the current session.”

          Since the question is biased toward ANY Linux vulnerability and not in comparison to other OS’s, the answer is slanted: Yes, any large, complex system will have exploitable faults. That means every OS is “vulnerable,” including Microsoft Windows, Mac and, yes, every Linux distro as well.

          HOWEVER, for the banking issues we see on this blog:
          1) Raw measurements indicate that about 90 percent of browsing occurs in Microsoft Windows (which presumably is a reasonable estimate for banking).
          2) Any attack malware which is NOT designed for Windows, and which finds itself on a new system, thus has less than a 10 percent chance of working.
          3) As a result, ALMOST ALL malware (over 99.9 percent by count) is designed to run in Windows.
          4) Linux is not Windows: Simply using a Linux distro prevents ALMOST ALL malware from running.

          Yes, Linux is vulnerable, but 1000x less targeted than Microsoft Windows.

          • @Terry;

            More and more of the tools I’m using don’t look for bots; they are not scanners or standard anti-virus/malware. They do their job regardless of environment – infected or not.

            I cannot refute anything you said, I just want to clarify. I don’t want readers to come here and think that Linux or ANY OS is anymore safe in today’s environment. The popularity of iPhones, iPads, and Linux and Unix based phone and tablet computers, has become a fertile environment for malware written for Apple, Unix, and Android based systems. Since these system interact with non Windows systems also; I feel it is simply a matter of time before the session environment on the ANY PC system is also compromised. In fact I feel it has to be assumed already, regardless of operating system!

            If I’m not mistaken Rapport is one of those tools that is somewhat cross platform capable, although I can’t remember all the operating systems it works on. It does have an impressive list of compatible browsers. I swear that I recollect asking one of the developers if this means these same browsers on compatible operating systems, and I got a positive on that. It has been a while since I visited the Trusteer FAQ section.

          • @JCitizen:

            “I don’t want readers to come here and think that Linux or ANY OS is anymore safe in today’s environment.”

            I do. Linux IS “more safe.” Fewer directed attacks means less total risk.

            Yes, all OS’s are “vulnerable.” No, OS’s are not all attacked at the same rate.

            For example: Pretty much any person is vulnerable to being mugged. But some places are fairly safe, while others are not. If you are walking where many people are mugged, you are at far more risk, despite having ordinary vulnerability. Not every vulnerable thing is actually attacked, for a wide range of reasons.

          • I can only speak to my experience Terry;

            ALL of my clients have had a serious breach on their smartphone/tablet PC at least once; they run the full list of makers – Apple, BlackBerry, HTC, Zune, you name it.

            ALL of them have connected to their PC regularly; which also run the gamut of operating system, from OSX, Linux, to Windows. How can one reasonably say they have any measure of safety on any of these machines, after seeing their mobile products hosed, and their phone lists, and contacts all compromised?

            I guess I just don’t get it – maybe?

  28. When I logged into BofA Online to pay some bills yesterday morning there was a recommendation that I download Trusteer’s Rapport Software. They gave a link for both Mac and Windows downloads and it was promised that it would aid in preventing fraudulent use of passwords and other sensitive information. I thought that BofA would expect me to install it if I wanted to be secure with my banking, so I followed suite. I’m normally not a trusting person, but I would like to think that if a bank recommends it, then it is the best thing to do. Since then, I have received email warnings from several places, such as the following: (— values your trust and wants to make you aware of a recent incident. We learned from our email provider, (Epsilon), that limited information about you was accessed by an unauthorized individual or individuals. This information included your name and email address and did not include any financial or other sensitive information. We felt it was important to notify you of this incident as soon as possible.) Now I am really getting concerned. It is too noticable that within a day of installing the software that I started receiving these emails. Should I be concerned about installing/uninstalling this software? Should I be concerned about these warnings? Please advise.

  29. Patrick Riote

    Just installed it with a B of A session; afterwards IE9 was incredibly sluggish or totally non-responsive. Quickly dumped it… not ready for prime time.

    • I get the same fast performance on Chrome and Mozilla that I got before I installed Rapport. I have noticed that depending on Microsoft’s update cycle IE8 will suffer some performance degradation, but then I get an automatic update from Rapport, and everything is fine, until the next Redmond update.

      I was having the same problems with Internet Explorer before I used Rapport, but I don’t think anyone security minded wants to use Internet Explorer for banking and/or shopping anyway.

      You do have to examine the Rapport console for reports on errors or blocking. It is easy to check trusted add-ons for compatibility with Rapport. This is usually the problem with IE8 in my experience. Performance returns to normal after configuring the console to allow the trusted sources.