dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
2962

StyxKee
join:2001-07-05
GTA, Canada

StyxKee

Member

Trusteer Rapport is now available for Firefox 4.0

Trusteer has recently updated their security software Trusteer Rapport. Rapport is now compatible with Firefox 4.0.

Trusteer Rapport URL: »www.trusteer.com/product ··· -rapport

Download: Download from your bank, or go here: »www.trusteer.com/webform ··· -rapport
quote:
Rapport is a lightweight security software solution that protects web communication between enterprises, such as banks, and their customers and employees.

Rapport implements a completely new approach to protecting customers and employees. By locking down customer browsers and creating a tunnel for safe communication with the online website, Rapport prevents Man-in-the-Browser malware and Man-in-the-Middle attacks. Rapport also prevents phishing via website authentication to ensure that account credentials are passed to genuine sources only.

tempnexus
Premium Member
join:1999-08-11
Boston, MA

tempnexus

Premium Member

Is it trustworthy?
I mean ok it will prevent blah blah blah but are we routing our traffic through them? If so then are they trustworthy? I mean is it free? And if free then how do they get their revenue? They still have to eat so what might persuade them to one day go rouge?

rcdailey
Dragoonfly
Premium Member
join:2005-03-29
Rialto, CA

1 edit

rcdailey

Premium Member

I checked and my bank is one that is listed as a user of Trusteer Rapport, so I logged into my banking site and found a link to download it. It turns out that I was just redirected to the Trusteer site, but I did go through my banking site to do it, so I guess I have their blessing (for whatever that's worth). It seems to me that Trusteer must be getting money from the banks they do business with, but the software does not cost anything to the end user according to the bank. Considering how many fees banks charge for this that and the other, does that really make a difference?

Added: There seems to be some problem with Trusteer Rapport and Firefox 4.0, at least for me. The icon that is supposed to display in the address bar does not display in Firefox 4.0 on my system. It does display if I run IE8 or Google Chrome. I sent feedback to Trusteer and may get an answer. The fact that it works with the other browsers suggests it's a Firefox 4.0 specific problem and not an installation issue.

Snowy
Lock him up!!!
Premium Member
join:2003-04-05
Kailua, HI

Snowy to tempnexus

Premium Member

to tempnexus

fig 1.
Click for full size
fig 2.
said by tempnexus:

Is it trustworthy?

I wouldn't have any issues with trusting them if the software was effective.
The anti-key logging capability that it touts is not effective in my opinion.
My conclusion is based on the data they supplied in this PDF
»www.trusteer.com/sites/d ··· v1.0.pdf

The first glaring issue is the extremely limited selection of key logging products they tested the anti-key logger against.
(fig 1.)
Of the 4 commercially available keyloggers I use on a daily basis, they somehow managed to not include any of them in their tests.
That could be coincidence or luck of the draw but the second issue is undeniably an effort to stack the deck in favor of the anti-keylogger. This was accomplished by testing the selected key logging products using the default configuration.
To understand the significance of this it helps to understand the relationship between The FTC & commercial keylogging software vendors. The relationship is often hostile with both sides having valid points of contention.
Since one point of contention that The FTC has with keyloggers is they can be very indiscriminate about what they capture, capturing way too much data, beyond the scope of the install many times.
A concession that a keylogger vendor may offer to avoid litigation over that is to tone down the default configuration, basically neutering the advanced features.
The 3rd issue is about the quirky way it handles some data as noted in fig 2. This is not a small consideration, it shouldn't have blown off as casually as it was.
Bottom Line: testing such a limited selection using the defaults is not credible testing IMO
said by tempnexus:

I mean is it free? And if free then how do they get their revenue?

The financial institutions cover the cost but even that needs some context for understanding it.
Whether it's stressed out, under staffed large bank security or small regionals that outsource, they have been largely ineffective so offering something like this gives them something to do & talk about via the 'reports' generated by the product.
Bottom Line: They need to at least look like their doing something effective.
btw did I mention this is all my personal opinion & doesn't reflect anything about anything

martg
join:2005-11-19
South UK

martg to rcdailey

Member

to rcdailey
I have Trusteer Rapport installed at present. The icon shows up in Firefox 4.0 in the space between the Address bar and Search Bar. It shows up in Google Chrome 10 too. The icon changes colour when I go to monitored sites, so presumably the program is working in these browsers.

It's possible to add sites to the ones monitored by default. It doesn't work if the browser is run within Sandboxie though. It hasn't slowed the computer down as far as is discernible. Not sure if I'll keep it yet.

rcdailey
Dragoonfly
Premium Member
join:2005-03-29
Rialto, CA

4 edits

rcdailey

Premium Member

Yes, after I reported the issue I was having to support at Trusteer, they responded immediately and suggested I download again and install it again. I did so and it is working correctly with Firefox 4 now. I think I may have interrupted the compatibility test with Firefox when I initially installed it. I had already added several sites using Chrome and did not want to lose those, so I selected to update rather than fix the previous installation.

I can't say how effective it may be, especially considering SnowyOne's comments about key loggers. Rapport shows two password keystroke protection events in the Weekly Activity Report section. That relates to the entry of user and password here at dslreports.com, the only place I've entered a password since reinstalling the software. I don't have any key logging software installed.

Added: I just noticed an interesting phenomenon. I logged into my bank site selected the user and entered the password. Rapport popped up and asked whether I would like to protect the password. I opted to do so. After I logged off, I logged in using a different user ID for an account at the same bank that is NOT my personal account, but one I have signature authority for. Rapport did NOT ask me whether I wanted to protect this different password for this different account. I may want to report that to Trusteer.

Added more: Although I reported this phenomenon to Trusteer, it may be that the application is working exactly as it should. According to the FAQ it will ask the question about access only once for a site, so that suggests that however many user IDs you might have for a site, you are asked only one time about the password. Maybe they will clarify that for me when I get a reply to my query.

In their reply, they said that all credentials submitted at the site would be protected from the time the initial password was protected. Okay, I guess. The advanced settings let you see how each rule is implemented. To access that you have to enter the string shown in a captcha.

jmorlan
Hmm... That's funny.
MVM
join:2001-02-05
Pacifica, CA

jmorlan to StyxKee

MVM

to StyxKee
One of my credit cards just offered this software which I downloaded but have not installed.

Is there a consensus on its value? Are passwords being diverted through its proxy? How secure it is? Can it be easily removed if I don't like it?

aussiedog
join:2007-01-10
Mesilla Park, NM

aussiedog

Member

said by jmorlan:

Can it be easily removed if I don't like it?

I installed this software and found it dramatically slowed my system and browser load (Win7, 8 Gb RAM, i5.) Uninstallation had some glitches and left files and reg entries. Worst of all it neutralized my Firefox personalization to a fresh install state. The good thing is that passwords and bookmarks remain. It had no effect on IE9 or Chrome. That's my experience anyway.