We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
'Rapport' Security
Comments
-
I installed Rapport soon after it became available from my bank, it has worked fine, no problems at all.0
-
Scottish_Miser wrote: »Trusteer,
Does this work with Apple Imacs?
Regards,
SM.
Hello,
Yes we support [FONT="]OSX Tiger, Leopard, and Snow Leopard running either Firefox or Safari.
Thanks
Trusteer Support
[/FONT]0 -
I am running Rapport under Snow Leopard with no major problems. I've no plans to uninstall the software although I have recently had Safari 4.0.4 hang about 3 times and report a problem with Rapport, all details sent to Apple via their reporting process.
The comment about releasing the code before anyone trusts the vendor, is complete nonsense.0 -
I have so far avoided installing this - since in my experience its multiple occurances of security software that grinds yr PC to a halt
Already have windows security - defender; firewall etc
Avast virus protection
Norton anti Vius (Came pre installed but is nowswitched off as its a Killer as far as yr PC speed is concerned, IMHO)
Spybot -spyware locator
Do I really need this as well?0 -
I have been running Rapport with no problems for several months - only issue I have is the latest versions do not run inside Sandboxie.0
-
A new piece of information has come to light on Rapport - ironically from one of their own 'surveys'....See the following link
http://www.trusteer.com/sites/default/files/cross-logins-advisory.pdf
In essence the article warns that 73% of people share their online banking login passwords as passwords to other non financial sites. Given that the non-financial sites are likely to be much less secure than the banking ones this is a major risk. Fair point, and I cannot disagree with it and people should not do it.
But the really interesting point is how did they get these figures?
I quote from page 5 of the paper:
"Trusteer's research is based on statistics gathered over a 12 month
period from Rapport plug-ins running on more than 4 million
computers. Rapport protects online banking and shopping customers
from malware and phishing attacks."
and
"For the purpose of this research, Trusteer gathered usage statistics
from the above feature. Trusteer counted the number of customers who
actually shared their online banking login information with
nonfinancial websites."
So it seems to me that Rapport is collecting passwords used on banking sites, storing them and comparing them to passwords used on other sites and seeing how many of them are common
Oh dear me............................0 -
ChiefGrasscutter wrote: »So it seems to me that Rapport is collecting passwords used on banking sites, storing them and comparing them to passwords used on other sites and seeing how many of them are common Oh dear me............................
This is one of the features of Rapport. You could argue it is one of the most useful ones as it pops up messages at the user every time they use an protected password on a new site. It might actually discourage people from using the same password everywhere.
The EULA presumably allows the software to collect 'anonymous usage statistics' and transmit the data back to Trusteer's servers, hence the gathered statistics. To generate these statistics the information sent out would need only to be minimal, but Rapport users have to put their trust in Trusteer concerning exactly how much information is being collected and how it is being handled.
On the subject of the software not being open source, clearly Trusteer is running a business and has commercial reasons for keeping the software closed. Besides, open source software is only benefical (in terms of better security) if it attracts enough attention to be thoroughly scrutinised by a large body of experts. What works very well for something like Firefox, may not be so effective for Rapport. Only the minority of open source advocates are in a position to go through their code with a fine toothcomb themselves, so without a big enough buzz surrounding a piece of OSS's development it might as well be closed source.0 -
I take your point with interest - and I don't have Rapport so cannot comment on its functioning from personal experience: I'm just reading all the info about it from whatever source.
Indeed, as you say where do we stop.... We might equally not trust say for example Norton Internet Security not to be secretly caching passwords from each secure site we visit and quietly sending them on....etc etc..etc..
The other reason open source software is regarded by some as "more secure", particularly the encryption programs, is that commercial software sometimes has undocumentated and unknown "backdoors" into it.
Some time ago Quicken was discovered to have one such secret backdoor to enable then (for a fee no doubt) to unlock users files when the customer had forgotton the password.
Sometimes these backdoors are put in at the request of governments (and such suspicions were raised over the Quicken issue) hence users somewhat nervousness about relying on official/approved/recommended commercial programs where it is not clear what they exactly do or might do.
I can certainly tell you that when I wrote engineeering programs many years ago I always put secret backdoors into them for me to use - all undocumented of course.....0 -
................
The EULA presumably allows the software to collect 'anonymous usage statistics' and transmit the data back to Trusteer's servers, hence the gathered statistics. To generate these statistics the information sent out would need only to be minimal, but Rapport users have to put their trust in Trusteer concerning exactly how much information is being collected and how it is being handled...........
FAQs in Trusteer's website does mention that anonymous encrypted reports are sent to central server. It also mentions that his feature can be turned off.Trusteer_website wrote:Rapport creates an encrypted signature of your credentials on your computer. This information cannot be used to retrieve your credentials and is used by Rapport to identify any unauthorized leakage of your credentials. Rapport sends anonymous reports about security events and internal errors to a central server. This information is used to improve the product and the policy. You can specifically instruct Rapport not to send out any information0 -
Ended up here from google - since I did not get the hang of this 'security technology' as such reading First Direct's secure mail (which gets swiftly deleted when you blink !).
From the very brief reading/research I did, someone please clarify if I get it right or wrong from below:
* Rapport is a browser plug-in (a bunch of DLLs that gets installed and loaded when the browser starts)
* Rapport installs a windows service to 'monitor' its own file system integrity
* Instead of using public/ISP DNS, Rapport streamlines TCP/IP traffic via its own servers to their client's IP addresses that are exposed to public.
Now, I am struggling to understand where is "security guaranteed" in any of the above. ?
If the above is correct, in my view .....this is just another business at the end of day, giving no value to end-consumers.
Hey, feel free to bash my thoughts !!
HP0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350K Banking & Borrowing
- 252.7K Reduce Debt & Boost Income
- 453.1K Spending & Discounts
- 243K Work, Benefits & Business
- 619.9K Mortgages, Homes & Bills
- 176.5K Life & Family
- 256K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- Read-Only Boards