Trusteer Rapport (Some info & opinion)

‘The Register’ ran a couple of articles on Trusteer Rapport Trusteer scraps with analysts over 'bank security bypass' • The Register and Digit Security blogged about it’s presentation at the 2011 44CON security conference(Sept 2011). See the blog here for detailed presentation/alleged disclosure Digit Security » Blog Archive » 44Con and Trusteer Rapport

The gist of Digit-Security presentation alleged the the key-logging aspects of Trusteer’s Rapport can be ‘switched off’ or ‘Bypassed’ using Rapports own functionality. Digit-Security suggests this is not a bug but a design flaw and the flaw affects all versions up to and including Emerald Release 3.6.1105.54 (OS X). Trusteer rebuffs this as ‘Now Fixed’

I notice several posts regarding Rapport on the Comodo Forums about Rapport/instability . This is not my experience, but I note that ‘Trusteer’ is assigned Trusted Status by COMODO in my ‘Computer Security Policy\Trusted Software Vendors’ list. Hence, it would seem, that this is why Comodo doesn’t go nuts when Rapport apparently hooks into every API on the machine.

I like to think that I have my Comodo setup & router locked-down fairly tight, but usable. I don’t allow keyboard access (or very much else) to apps unless I feel confident they’re solid. I keep my data files away from the system and run the AV in stateful realtime mode & scans of the system & apps once a week in the middle of the night. I do backup(but not as often as I should), but most important - anything that has anything to do with passwords and secure access on-line is separated into password protected AES256 encrypted areas.

Of course this will not help secure the online week-point the browser, hence Trusteer Rapport, and scrubbing my browser cache with a good Eraser. Apparently some security companies are recommending that businesses (particularly big commercial enterprises) who regularly have to transact large transfers of funds, only do so from a purpose built ‘LiveCD’ OS (probably Linux).

I think I recall a time before I did all this stuff on-line and only had to avoid getting mugged at the ATM!