tag:blogger.com,1999:blog-519657500829397637.post3884636602490824622..comments2024-03-28T02:37:14.675+00:00Comments on cyberici: Trusteer or no trust 'ere...Luke Hebbeshttp://www.blogger.com/profile/15100190691403603777noreply@blogger.comBlogger13125tag:blogger.com,1999:blog-519657500829397637.post-29170135966132808002012-05-09T08:18:08.811+01:002012-05-09T08:18:08.811+01:00I think you'll find that most AV products will...I think you'll find that most AV products will flag other security products as malware. AVG will certainly flag Microsoft Security Essentials, Panda Cloud AV and Avast as malware. It doesn't make it right; it's more about how the software works and how it hooks into the OS. Most security software assumes that it is the only product you will install.Luke Hebbeshttps://www.blogger.com/profile/15100190691403603777noreply@blogger.comtag:blogger.com,1999:blog-519657500829397637.post-71467774039855653802012-05-01T14:42:01.030+01:002012-05-01T14:42:01.030+01:00Can you say rootkit?After removal of rapport run a...Can you say rootkit?<br><br>After removal of rapport run any anti root kit software. I used the one in free avg and it will find 21 rootkits. enough fo me to avoid it like the plauge!Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-519657500829397637.post-7682290204458695082010-08-06T07:18:26.837+01:002010-08-06T07:18:26.837+01:00Hi guys...I recommend you look into TrustDefender ...Hi guys...<br><br>I recommend you look into TrustDefender as an alternative to both Rapport and SafeCentral. <br><br>TrustDefender also locks down banking sessions, suspends malware (trojans, keyloggers, spyware etc), verifies authenticity of banking site etc, but is browser-agnostic meaning I can use ANY browser (Rapport is a plugin and only supports 4 browsers? SafeCentral is yet another browser I have to use instead of my favorite Opera browser). <br><br>Also, TrustDefender doesn't learn or store passwords at all, so there is no risk associated with your credentials ending up in the wrong hands.<br><br>Oh, and it is so simple to use. 2MB installer and then the TrustDefender agent automatically starts and protects you BEFORE you even enter you username, password or authentication token etc.<br><br><br>For more info<br><br>help(at)trustdefender(dot)comAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-519657500829397637.post-75257317257247018872010-06-03T16:51:29.574+01:002010-06-03T16:51:29.574+01:00Hello. Thanks for a good post and to those who cam...Hello. Thanks for a good post and to those who came back to review and comment. I have also been advised by my bank and IT to switch to Trusteer but I have been running Authentiums SafeCentral which is a similar product with a slightly different strategy. I have done all the reading I could before forking out the money for it and checked if a key logger could get info etc. I can say that I am so far impressed but after reading this artical I wonder if I am living with another false sense of security. I would love it if you did a post on SafeCentral or at least took a look at it from a security pro's opinion.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-519657500829397637.post-21843899350874822482010-04-09T20:41:26.271+01:002010-04-09T20:41:26.271+01:00Zeus has a VNC module available that allows an att...Zeus has a VNC module available that allows an attacker to remote control an infected machine. If Zeus' poly morphic encryption was able to hide it from Rapport and that attacker used the VNC module to remote control the machine, this could potentially expose the key strokes as in your scenario above.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-519657500829397637.post-67755104739560187662010-02-17T09:22:40.608+00:002010-02-17T09:22:40.608+00:00@reviewmylife Interesting post.@reviewmylife Interesting post.Luke Hebbeshttps://www.blogger.com/profile/15100190691403603777noreply@blogger.comtag:blogger.com,1999:blog-519657500829397637.post-26322062781881711662010-02-17T07:46:20.966+00:002010-02-17T07:46:20.966+00:00I've found your various posts on Rapport very ...I've found your various posts on Rapport very interesting. On the whole I think it is worth having Rapport on my computer, but they do need to work on some of the concerns. I've found an additional problem to do with password leakage - I've put a post up about it here - http://www.reviewmylife.co.uk/blog/trusteer-rapport-password-leakage-problem/reviewmylifehttp://www.reviewmylife.co.uk/blog/noreply@blogger.comtag:blogger.com,1999:blog-519657500829397637.post-61465843264762677962010-02-09T13:55:21.953+00:002010-02-09T13:55:21.953+00:00@Support at Trusteer.com: Thanks for supplying thi...@Support at Trusteer.com: Thanks for supplying this feedback and information. I'm glad to see that you are using standards such as SHA-256. I have also noted above that you have changed a lot of the wording on your website to be much more realistic and that some of the problems stem from your customers' sites and not yours. <br><br>I have always said that what you are trying to do is worthy and I have no problems with that. It was mainly the over-selling and lack of user education that I had a problem with. All products have flaws; there is no such thing as absolute security and any security professional that says otherwise is a fool. So, I don't expect your product to be perfect and that's fine, as you seem to be committed to improving it. I will let you know of any findings we come up with.Luke Hebbeshttps://www.blogger.com/profile/15100190691403603777noreply@blogger.comtag:blogger.com,1999:blog-519657500829397637.post-75078839738648053112010-02-07T18:03:57.545+00:002010-02-07T18:03:57.545+00:00Hello,We would like to address some of the questio...Hello,<br><br>We would like to address some of the questions raised in this blog post and subsequent comments.<br><br>First of all, we are more than happy to work with any security researcher who has any questions or comments about Rapport. We have never turned down any request for additional information and constantly look for ways to improve and evolve Rapport.<br><br>We are doing everything possible to ensure that this is a best-of-breed product and are always mindful of the responsibility that we have for protecting people’s online banking sessions.<br><br>We do not claim that Rapport is a silver bullet. On the contrary, we emphasize that whilst we believe that Rapport is an important additional security layer it is by no means a hack proof solution or a cure for all security problems. While other vendors may make these claims, we at Trusteer do not believe that it is appropriate.<br><br>The hash function in use with Rapport is "SHA-256". Rapport asks for the user’s permission before storing the hash and users can disable this feature entirely, if they wish. Based on experience we know that this provides an important layer of defence for the many users who are likely to fall for a phishing attack.<br><br>Regarding our DNS server. Rapport consults with an additional DNS server based on the bank’s policy, unless the the IP is already known to it.<br><br>Regarding your link to “a proof ... that Rapport can be bypassed or cracked” - we’ve made endless attempts to contact whoever is behind this and get to the root of the problem, assuming this demo has any validity. If there is a bug, flaw, or vulnerability we’re keen to learn about it and fix it. Unfortunately while people have linked to this and even founded their opinion of Rapport based on it, no one has yet been able to provide any actual technical information.<br><br>We actively encourage security researches to turn to us with any findings as at the end of the day we’re all trying to make the internet a safer place.<br><br>Warm regards<br>Support at Trusteer.comTrusteerhttp://www.trusteer.comnoreply@blogger.comtag:blogger.com,1999:blog-519657500829397637.post-53238561913062892702010-02-05T18:00:49.323+00:002010-02-05T18:00:49.323+00:00Nice review. I read my online banking inbox which ...Nice review. I read my online banking inbox which said to install this in the near future. I have zone alarm and avira running and don't intend on touching this.Adi Dalzellnoreply@blogger.comtag:blogger.com,1999:blog-519657500829397637.post-83823684000240455802010-02-03T13:03:29.912+00:002010-02-03T13:03:29.912+00:00Thanks Luke. All my instincts scream "do not...Thanks Luke. All my instincts scream "do not deploy"Tim Trenthttps://www.blogger.com/profile/00698536468287397610noreply@blogger.comtag:blogger.com,1999:blog-519657500829397637.post-78473955219958031512010-02-03T11:33:51.333+00:002010-02-03T11:33:51.333+00:00@Tim: Yes, I have had another look at this and the...@Tim: Yes, I have had another look at this and they have made some changes to both their marketing hype and the product (it now works in different browsers and on MacOS). I'm currently doing some more tests on it and will soon publish some answers to the most common questions I get asked about it.Luke Hebbeshttps://www.blogger.com/profile/15100190691403603777noreply@blogger.comtag:blogger.com,1999:blog-519657500829397637.post-21978123221772236952010-02-01T00:22:44.332+00:002010-02-01T00:22:44.332+00:00Have you had further thoughts on this topic? My ba...Have you had further thoughts on this topic? My bank is just about to "ask" me to deploy this plugin on my client to use their service and it makes me nervous.Tim Trenthttps://www.blogger.com/profile/00698536468287397610noreply@blogger.com