Online Banking Security Software

In light of my experience as provided below, I would strongly advise anyone to be very cautious about installing the additional security software Trusteer Rapport as provided free and encouraged by many different online banking organisations.

Additionally, if you have already installed this and you computer system is acting strange consider this as a possible cause.

My experience:
I would like to start by thanking all on here that provided suggestions on fixing my problem with “Printing Problems using IE7 with XP Pro”. (13 October 2009). Unfortunately, none of those worked.

Without listing a long list of what was done in attempting to rectify the problem, suffice to say that a very experienced professional computer repairer spent over two days attempting to repair it. Ultimately even after having completely removed IE and installed Firefox as the web browser, with the fault still remaining, it seemed to indicate an Operating System issue. All attempts at repairing this still drew a blank. The only remaining suggestion was a complete Hard Disk format and a complete re-installation of all the software etc. Prior to doing this he suggested communicating with Microsoft in case they were able to provide any suggestions.

I have to say that surprisingly Microsoft were absolutely excellent. For about a week I was provided each day with a particular aspect to attempt and report back, all by email. This still did not fix the problem. Microsoft then escalated this to their Microsoft Research department. They were able to link directly to my computer. For some four full afternoon/evening periods they were still unable to find the problem.

I then remembered that when connecting for online banking, I was always hit with ‘nag’ screens about installing some additional security software called Trusteer Rapport. As I wished to know something about this prior to installing it I always declined. However, one time I inadvertently had selected the incorrect option and this software was automatically installed. Immediately post this there was problems and in attempting to rectify these it wanted me to significantly alter the settings on my main internet security system, Kaspersky. I did not wish to do this. I therefore removed the Trusteer Rapport by use of the Add/Remove facility. My system then appeared to operate normally. I believed that this program had been removed.

I then considered if this could be an issue with my system. When looking at it in detail it did appear to have been totally removed, however there were a few possible anomalies that I felt needed investigating.

I contacted Trusteer and they were very unhelpful but persistence drew from them that aspects of their program are not always actually removed. For security reasons they were not prepared to tell me more, however they provided me with a Removal Tool Application.

This was used and my computer was finally returned to normal functionality.

I advised the professional computer repairer of the eventual cause. He was very interested and asked if he could have a copy of this removal tool. He has since advised me that he has gone back to the last three cases he has been working on that he has had problems resolving. All three provided very different symptoms, however all three had installed, through their different banks, this additional security program. Removal of Trusteer Rapport returned all three computers back to normal functionality. In fact one of these due to the persisting problem had actually reached the stage were a complete Hard Disk format had been done and a total fresh software installation had taken place. This system only stayed correctly running for two days before it starting responding in the same way as it had previously done. He was beginning to suspect a possible hardware issue. It did however transpire that this customer had gone to do online banking and this software had been installed again. Removal of it returned that system back to normal functionality.

Microsoft Research was also very interested in this and did say that there appears to be growing issues with this software.

Many different banks are advising installation of this software. With my experience I would most definitely advise caution. Once installed, if subsequently your system starts doing strange things consider that the cause may possibly be Trusteer Rapport.
BV

strange story there. what are those 'Many' banks?

The problems will arise when the banks start to say look we've got this wonderful piece of security software, download it or we wont reimburse you if your account gets hacked and emptied.

Quote by C-N:
strange story there. What are those many banks?

See The Banks We Work With | Trusteer (http://www.trusteer.com/solutions/home-users/banks-we-work)

Alliance & Leicester
Amegy Bank
Carolina First Bank
Central Bank KY
CIBC
Coutts
Coventry Building Society
Huntington National Bank
ING DIRECT Canada
ING DIRECT USA
iTransfer
Mercantile Bank
National Bank of Arizona
NatWest
Nevada State Bank
President’s Choice Financial
PSECU
The Royal Bank of Scotland
ShareBuilder
SiebertNet
Silicon Valley Bank
Somerset Hills Bank
Ulster Bank
Vectra Bank
Zions Bank

I am sorry that you find this strange. All I am advising is that in the light of my experience I am suggesting caution.

As many on here had helped me trying to resolve my issues, I only thought it appropriate to advise firstly as to how my problem was finally resolved with what was causing it, and secondly to forearm others in case they start having strange problems.

BV

Scary!


Did Microsoft offer any suggestions - like, use Trusteer but load this or that app alongside it?

Did Trusteer acknowledge that there is a problem with their software?

Keef in answer to your questions………

What I was told by Microsoft Research was that they are formally aware that there is a definite conflict between Rapport and Internet Explorer 8. (anyone with IE7 and then upgrades to IE8 will have a problem). How much other information has been passed between Trusteer and Microsoft, I do not know. I certainly do get the impression that there is not much. Even Microsoft asked me for a copy of the Trusteer Rapport Removal Tool. This I sent to them.

Certainly there was a very distinct reluctance on the part of Trusteer to discuss anything with me, which considering it is a Security program is understandable. It was just that there was absolutely no discussion on their part. All that I was told was that should I require any assistance, I had to go through some convoluted method of extracting some encrypted ‘log files’ still remaining on my computer (even after using the Add/Remove Program utility from Control Panel had been used to remove the program). If I sent these to them they would advise me as to what changes I needed to make to my computer to ensure that their program worked. In other words, I had to change my computer to work their program, not that they should have a program that should work with most computers. In my opinion, a definite case of the ‘tail wagging the dog’.

In a similar manner, there is a known conflict between Rapport and Kaspersky. (The Internet Security program that I use). The solution provided by Trusteer is as follows:
Kaspersky IS2009 will detect Rapport as a keylogger, and we provide these instructions on how to configure Kaspersky IS2009 for use with Rapport:- Kaspersky IS 2009 | Trusteer (http://consumers.trusteer.com/kaspersky-IS-2009)
This ends with the following statement:
“Now you can try clicking the last check box. If this does not stop the messages, you can disable the "Keylogger Detection". This will completely disable Kaspersky's keylogger detection. However, please remember that Rapport protects you from keyloggers on protected web sites.”

Remember that these protected web sites being the list of sites that you have to manually provide and if you go to any other site that you have not provided you are therefore unprotected. Not a very good security function in my opinion.

What I was able to find out about Rapport was the following:
Rapport uses three layers to create the secure pipe inside the user’s desktop computer:
* The API Blocking Layer controls hundreds of operating system API calls and prevents malware from using these calls to access or tamper with the communication.
* The Data Encryption Layer encrypts sensitive information from the keyboard all the way to the network, and hides it from malware.
* The Delivery Confirmation Layer strongly identifies the Website that the user currently interacts with, and prevents the submission of sensitive information to fraudulent Websites.

It was for these reasons I did not complete the initial installation of Trusteer Rapport on my computer in the first instance. Personally I think that I will carry on just using Kaspersky, to disable keylogger detection, I do not know Trusteer enough to go for it. I read a report that casts a bad light on banks confusing customers with security products. If Kaspersky is offered by some banks that is really good enough to use as an argument. The potential conflicts with this software I think far outway its usefulness. Kaspersky has good detection ratings and a product that points the blame at other software (as Rapport does) as causing it to slow your PC makes me somewhat wary. I would say make your own decision, just remember there is no such thing as a magic bullet in the security world, and this is probably the case here as well.

VB

Hmmm. It sounds to me like they expect you to have a computer dedicated only to online banking. That'll kill the concept soon enough.

Volant Brique,

Many thanks for the information, your comprehensive posts are very useful.

SD

Hello Volant Brique,

As head of Trusteer technical support I would like to address all the issues with Rapport (and the level of support) you've described here, including:
- Printing problems
- Kaspersky issues
- Uninstall sequence and removal tool
- Product being installed automatically/inadvertently
- Your dissatisfaction from my team's response

Of course I would prefer to do this via email and not this forum. The ticket ID opened when you first turned to us would be ideal for me to have, your email address also good, and you can also email our support again at [email protected] and reference this forum and my name so that the shift will be sure to escalate it to me.

Thank you,
Nitsan

And as you can imagine Volant Brique, we would all appreciate a report on the outcome of the response you obtain as a result of the above post.

P.P.

Indeed. Please do keep us informed.

As there has been a request placed on this forum that I keep this forum updated with any response that I may receive, this I am now doing.

After the posting on here by the head of Trusteer technical support for me to contact them, this I did providing both my full email details as well as telephone contact with the open offer to help them if they so wished.

The email response to this indicated to me that their intention was to address the issues with my computer interfacing with their program. Interestingly the series of questions put to me, were almost identical to the input I was trying to provide to their call centre operative when connected to it through my online banking organisation. I elaborated on this by explaining in detail to him that persistently throughout this conversation, their operative would not listen and kept on saying that the only thing to do was to send in the encrypted logs and await a reply. I kept on trying to fully explain all the problems that I had experienced and what course of actions I had taken to end up to this stage. To say this operative was totally uninterested would be an understatement. To say this operative was totally obstructive would be a better indication.

Within my initial offer of help, I had stated to them that I had not forwarded any logs as I would not be happy nor have any confidence in installing their program after my experience. As their response seemed to indicate that they now wished me to re-install their program and continue to use it, I therefore requested clarification about this with the question “is it that your expectation is for me to continue using your product? I do not wish to do so. If however, you would like to know my rationale in this decision I will clearly lay out my reasoning for this, should you so wish.”

This response was sent some 5 days ago and I was just beginning to suspect that I would receive no further response or communication from Trusteer. However, today I received an email from the Agent Team Lead at Trusteer stating that having reviewed my communication, that they would very much like to work with me. In the light of this I have responded to them with an offer to open a dialogue with them.

I will continue to keep this forum updated should you so wish.

VB

Thanks VB, we look forward to reading your subsequent posts on this matter.

P.P.

As this forum has specifically requested me to keep this forum updated, I am now doing this.

As I previously posted on here, I responded to the Agent Team Leader with the offer of opening a dialogue. They responded with an arranged time to have a telephone conversation. This has now taken place with the conversation lasting some 35 minutes.

Within this conversation I was able to explain fully as to how I had inadvertently corrupted my system by installing their program and then using the Windows Add/Remove facility to remove it. However, for whatever reason this had still continued to corrupt my system in certain unique operations. I have to say they were very receptive to hear what I had to say and I do believe that they fully appreciated my concerns. They have advised me that the program has been updated since I had installed it and they are now of the opinion that it should not happen again. They were also able to appreciate that I no longer wished to install it again after my experiences. I did make other suggestions to them that they will consider for future versions. The main one being for their program installation to review prior to installation the current software installed on the computer system and then advise the user that if the installation continues that they will have to make changes to their current system. Additionally, provide their own Removal Tool facility for their program.

I started this thread with the following opening paragraph:
“In light of my experience as provided below, I would strongly advise anyone to be very cautious about installing the additional security software Trusteer Rapport as provided free and encouraged by many different online banking organisations.”

I have to say that I still stand by this. I am NOT saying do NOT install this program. I just advice caution.

I would also highly recommend anyone considering installing this program, to research it first. It does not take much ‘googling’ to ascertain from many other professionals as well as many other different forum users that my problems are not that unique.

As a starting point, just review the Trusteer FAQs on their own website.

Examples:
Link: Frequently Asked Questions | Trusteer (http://www.trusteer.com/solutions/home-users/faq)

Does Rapport store or send any information about me?
Rapport creates an encrypted signature of your credentials on your computer. This information cannot be used to retrieve your credentials and is used by Rapport to identify any unauthorized leakage of your credentials. Rapport sends anonymous reports about security events and internal errors to a central server. This information is used to improve the product and the policy. You can specifically instruct Rapport not to send out any information.

Comment: why does it not default to NOT sending information and then SPECIFICALLY ask you if it can? Unless you had been able to unearth this deep in the bowels of their website, you would not be aware of this.

If I lack any computer knowledge, can I still use Rapport?
Absolutely! Rapport is extremely easy to use. There is absolutely no technical background or process required, other than installing Rapport with a few mouse clicks. Rapport does not require configuration, does not change the way you work, does not alter browser behaviour, does not require anything from you, and unlike most conventional security solutions, does not ask you technical questions when it encounters a security threat. Rapport is the most powerful yet convenient security solution on the market.

Comment: I am not very technically competent with computers. However, I do have some experience and believe that I am at least one level up from the average non-technically competent computer user. Yet not only did I have problems but the professionals within Microsoft as well as their Research laboratory had problems.

Lastly consider the compatibility with other security software.

Link: Compatibility with other security software | Trusteer (http://consumers.trusteer.com/compatibility-other-security-software)

It lists a total of 15 security software programmes that should not need any configuration changes.

This is followed by a total of 38 other security software programmes (many of the very commonly used types) that they then provide individual links that will require configuration changes. Some of these in my opinion are quite serious and could reduce the normal achieved security elements provided by them.

I do really question the different online banking organisations attempting to encourage or even force their customers to install this program. Whilst my online banking organisation, that caused all my problems in the first instance, did make you go through ‘nag’ screens to install this program, they no longer do that. They still allow an option should you so wish to install it. Whether or not this is as a result of my communication with them I do not know.

As Green Graphite previously posted on here:
“The problems will arise when the banks start to say look we've got this wonderful piece of security software, download it or we wont reimburse you if your account gets hacked and emptied.”

I would suggest that if your online banking organisation is in anyway attempting to force you to install this program, if you are so minded, I would recommend that you advise them as the reasons why you are not doing so, possibly highlighting Trusteers own website FAQ.

I hope that this follow up is of some benefit.

VB

Cheers thanks for that follow up, def food for thought.

Yes, interesting indeed. Particularly for me as I installed the Trusteer software on the advice from Natwest a week or so before this thread started. I am running Vista 64bit.

So far I've had no problems.....so far.....:uhoh:

I installed it 6 months ago again with advice from the Nat West Website.I am using AVG Antivirus,MalwareBytes Anti-Malware and SpyBot.on Windows XP Pro.These appear on the safe 15 list with no configuration required.I have found no problems in using the Trusteer Rapport software

ILS32

Hi,

There's a few mentions above of an Uninstall Tool.

Is there a link to this tool ?

I have previously had this software on my PC and if I recall correctly I uninstalled it via the Add / Remove programs feature of Windows, but would like to check it has really been fully uninstalled ?

http://i34.photobucket.com/albums/d129/coconut11/Coconutty.jpg

Coconutty

If you care to PM me with your email address, I can attach the Rapport Safe Uninstall Tool for you. It is some 278Kb in size.

Alternatively, if it has not been changed, you may still obtain it by following the instructions here:

Uninstalling Rapport using the SafeUninstall Utility | Trusteer (http://consumers.trusteer.com/uninstalling-rapport-using-safeuninstall-utility)

Additionally to this, it is interesting to note that even after using the Add/Remove facility or even after using the Rapport Safe Uninstall Tool as actually provided by Trusteer, there are still remnants of the Rapport program left.

I asked Trusteer about this and I was told that it is some form of configuration files that they do not wish to remove in case if you ever decide to re-install their program, it will save you having to reconfigure any information that you may previously used.

I just did a ‘search’ for all aspects of Rapport or Trusteer and found them and then manually deleted them with a secure delete facility. I will be occasionally checking that they do not return. This being another aspect of their program that concerned me.

VB

Thanks for the link VB....although I don't have any problems at the moment with it, I have saved this as one of my Favourites just in case.

Running a Win XP SP3 desktop and banking with Natwest, I too download Rapport in a moment of carelessness earlier in January 2010, resulting in instability in a hitherto rock-solid desktop. First, IE slowed down over period of days. Secondly, system froze (Windows Explorer unresponsive), followed by BSOD on shutdown, RapportPG.sys appearing as the implicated driver. Attempts to uninstall Rapport via CP A/R Programs robbed IE8 of the ability to connect (occasionally it would do so if all Add-ons were disabled, but the behaviour was random). Also my ZA Firewall lost all its registers and had to be reinstalled. Uninstalling IE8 via a reinstall operation failed twice to restore normality. Eventually succeeded by using the spuninst.exe command as recommended by Microsoft, returning to IE7 (but had then to make two minor registry changes to get IE7 to connect). Also found several Trusteer Rapport entries in registry that I removed manually. All in all, grief and catastrophe!!
Clearly somehow Rapport seriously interferes with IE8. This is defective software, poorly engineered and is a disgrace. The banks have no business recommending it, but since they have no understanding of high technology this is forgiveable - their motives are laudable.
Do not install any Trusteer software until there is solid evidence that these people have acquired the competence to be TRUSTED as a reliable software vendor.

Thanks to the warnings on here, I was able to tell my bank a resounding "NO WAY!" when they strongly recommended I install this software for my own security. The folks I spoke to were not aware of any problem, and tried to reassure me there had been no complaints.

They did imply that I must install it to remain a customer, to which I replied that I had enjoyed being a good customer of theirs for the past 40+ years, but that would end if they insisted. They didn't.

We shall see.

You can add HSBC to the list of 'banks we work with'. They have just asked me to download, so I declined.

As a detached observer on this problem, it surprises me that there have not been more complaints from forum members and also the fact that the quality of the banks in this scheme is impressive so presumably they would have done there own checks on the system? I refer in particular to the Queen's bank, has she downloaded it?:)

Oh how I wish I'd seen this thread a couple of weeks ago.

On a thread started by me http://www.pprune.org/computer-internet-issues-troubleshooting/408411-virus-problem.htmlI thought I that was my snag.

HSBC continually nagged me to install this software, and in a moment of madness, I did. I have removed it using Control Panel, but will now follow up with the removal tool.

I'm afraid that if either of my banks, Alliance & Leicester or HSBC insist on using this software, I'll be off to someone else.

Thanks, VB for your detective work. I won't be touching Rapport with a barge pole.

Arkroyal
I hope that you are able to fully remove this software.
I can send you the removal tool that I used to get rid of mine if you have any problems obtaining one. Just PM me.

PLEASE NOTE:
To anyone that has installed this programme and then decided to remove it, even with the removal tool as provided by Trusteer.
Even the Trusteer removal tool DOES NOT remove every trace of the Rapport programme! There remains some encrypted files on your system that will need to be manually removed if you can locate them.
When I challenged Trusteer about this, they stated that these files were left on your sytem so that if ever you decided to re-install their programme, it would already have some information about you!

I wonder if persons that load this programme realise that encrypted information is held on their system and actually automatically communicated back to Trusteer! I am amazed that the banking IT departments are prepared to allow this to happen.

So others do not get caught out like we have, may I suggest that you and any other PPPruNers let as many people know about the potential problems this untried software can possibly cause.

I have also campaigned to some of the banks in question, challenging their responsibility (irresponsibilities?????) in attempting to 'force' their customers into using this software.

What I asked for in writing from my own personal bank was the following: "would they take full financial responsibility in returning my computer to it's pre-installation state if this software corrupted my system once it had been installed". I believe you can imagine their reply! This was because I am still receiving the odd 'nag' screen when logging on.

Arkroyal, if you need any further help please do not hesitate in contacting me and if I can help you then I will.
Volant Brique.

Hi VB

Thanks again for your help. I have used Rapport's removal tool, and all seems ok now.

I may need direction to search out any other files left by them.

I emailed HSBC with my concerns, and got this back:Thank you for using the feedback facility for our Internet Banking service.

This is with regard to your query about the free Rapport Online Fraud Protection. The software is not mandatory to download, it?s completely optional. Rapport is a HSBC recommended download however should you choose not to download, this wont affect our relationship with you.
I wonder If that will change if someone interferes with my account?

I start Rapport before communicating with my bank and stop it running afterwards and do not appear to have any problems so long as I adhere to this procedure.
I will now pay close attention to any odd behaviour which may be associated with the Trusteer app.

This software is, at best, a placebo for the user and at worst (as another poster suggested) a crutch for the banks to accuse the user of lax security.

I would also go as far as to say that it is completely useless as a security application. It does not protect your data against the most serious malware infections, such as root-kits or other embedded viri.

The single most effective security precaution any Microsoft Windows user can take, no matter what website you are using, is NOT to use any iteration of Internet Explorer.

Sorry if this amounts to a thread-derailment.

The single most effective security precaution any Microsoft Windows user can take, no matter what website you are using, is NOT to use any iteration of Internet Explorer.

No, I cannot agree that it ranks as the single most effective security measure.

For me, the three key on-line precautions are:


Properly configured firewall (preferably hardware with NAT & PAT);
Up-to-date anti-virus set to on-demand scanning;
Not to run as an admin or equivalent.


SD

As has been said already, one of my concerns is that, should I fail to run Rapport and there are security problems, my bank may wash their hands of responsibility.

Unless the bank make installation of the software a condition of use then I don't believe they could do that.

That'sthe point I was trying to make. I've got an email from HSBC stating it's entirely optional, so if next time I log on,my accoubt's empty, I can't see it being my fault for not running Rapport.

Opening this thread up again following the MITB thread, I see that Rapport is not 'compatible' with Zone Alarm/Avast when run together. I also note that the spelling on Trusteer's site is not 100%. Following violant's concerns,

1) Are we sure the programme is 'squeaky clean' - antyhing that leaves encrypted files on my machine 'in case I want to re-install it' leave me wondering?

2) How does it 'detect' MITB when other programmes supposedly cannot?

Been running rapport for about 10 months now without so much as a hiccup. XP SP2, Avast and Malwarebytes running too. All good.

Rapport monitors your logins and registrations and tells you of any conflicts of usernames and passwords. It means you'll have to remember EVEN more combinations of these. I reckon I must have memorised about 20 combos so far...

So this software, which has the ability to phone home, knows all your login and password details. Gosh - how reassuring.

More and more institutions keep nagging me to download and install - any updates/latest opinions?

Didn't chrome have issues with security when it first came out? Add to that banking software and you have a whole load of issues.

Thank Goodness for my Macbook pro

Now being "recommended" by Santander online banking as well.

WHat does anyone know about the benefits of using the "virtual keyboard" in products like Kapersky where you click on a keyboard on the screen by using your mouse rather than using the keyboard itself. Said to defeat keyloggers.

This virtual on screen keyboard also exists in W7 (someone mentioned it on another thread on Pprune recently). You press the 'Windows' key and the 'U' and it comes up with a menu showing the keyboard, click on that, and there you have it.

If someone inserts a physical dongle between your keyboard plug and the computer directly (ie. an inline connection) such a device would be almost imperceptible and would evade physical and software detection.
However, if you have software running on your computer, it can detect keyboard API events sent by the keyboard driver OR the interface -also detect mouse events and the timing between events.

(Keypress timing data is a key tool in user identification)
Also many programs can take on screen snapshots a pre-programmed intervals with varying frequency -ie tied to how fast you type, activity/inactivity, whole screen or just active window)
With enough data on you, they would be able reduce a million password possibilities to a few probabilities.

This virtual on screen keyboard also exists in W7

Also in XP

SD

So, back to my query - have all the 'incompatibility' issues with Zone Alarm etc been sorted out and does anyone have any 'bad' experiences to share?

I suspect it will not be long before it will become a mandatory download for some banks.

I seriously doubt the banks can make it mandatory. They would then be liable for computer repairs should the software cause a crash, not to mention that it wont work on linux and mac platforms.

Interesting story indeed, even if I don't do MS at a personal nor professional level.

However, the real lesson here is to stay away from online banking until they catch up with the current state of technology and its implications.

Personally, I think that the best online banking security you can have is not to do it. I don't, and am very unlikely to do so for the forseeable future,

I am trying to be worried about Rapport but I am not. I installed it in 2008 and it works as far as I know. I don't recall, or recognize, any fault I have that could be related to its installtion. I would be happy to listen if someone feels that I am not being careful enough - but as I say I have not had a problem.

PPP

BOAC you posted:
More and more institutions keep nagging me to download and install - any updates/latest opinions?

PPrune Pop posted:
I am trying to be worried about Rapport but I am not. I installed it in 2008 and it works as far as I know. I don't recall, or recognize, any fault I have that could be related to its installtion. I would be happy to listen if someone feels that I am not being careful enough - but as I say I have not had a problem.

As the originator of this thread and with my poor experiences with Rapport, I am still reluctant to install it, even though two of the banks I use have ‘nag’ screens about installing it. My reasons are as follows:
On contacting the Banks concerned, I found it very difficult to establish contact with their Senior IT Managers. However, persistence paid off and eventually I was able to discuss my concerns with them. I would also suggest anyone else considering installing this software should do the same. Then simply ask them that if you should install the software and if it causes any problems to your computer, will they take the responsible action and pay or arrange to have your computer corrected. Just watch them duck and dive and squirm. They WILL NOT give you this assurance. Yet they are categorical in their assurances that it SHOULD not cause a problem.

Whilst I have not fully looked into the full current situation with Rapport, these recent postings encouraged me to briefly look and update myself at some of the major original concerns that I had with it after my previous experiences.

This has highlighted that many of these remain.

To give just a few examples:

1.Does Rapport store or send any information on me?

From Rapport’s own website under the FAQs, the following is stated, ‘Rapport creates an encrypted signature of your credentials on your computer. This information cannot be used to retrieve your credentials and is used by Rapport to identify any unauthorized leakage of your credentials. Rapport sends anonymous reports about security events and internal errors to a central server. This information is used to improve the product and the policy. You can specifically instruct Rapport not to send out any information.’

My comment and feelings:
I personally am not comfortable with any software that automatically sends out information that I am not aware of. How many of you ‘satisfied’ Rapport users have actually been able to OR EVEN KNOW HOW TO specifically instruct Rapport not to send out any information. Where is this information going to? It is an Israeli company, so is this information ending up there? What control is there in that country about the storage and use of personal information?



2. If I were to try and install Rapport, it would still actual disable some functionality within my purchased Internet Security Program.

My comment and feelings:
I personally am not comfortable with any software that automatically changes functionality with my installed Internet Security Program. Even more so if one is not told what functionality is actually changed? How many of you ‘satisfied’ Rapport users are actually aware as to what has been changed? I am not confident with any installed software that has to make changes to currently installed programs to be able to make it function - they should be stand-alone within their own rights in the same manner that all the other software that we load.



3. Having recently helped a colleague out, whom after installing Rapport, had problems and wished to uninstall it. Rapport would still not FULLY uninstall using the normal uninstall procedures. Only by the use of the special ‘uninstall’ tool provided to me by Trusteer after my previous experience of their program, was I able to remove certain aspects of their program.

Ironically and interestingly, I have upgraded my computer since I had installed Rapport. As I was passing that computer on to a family member, I wished to format the hard drives fully. Whilst not able to be certain, it appears that possible ‘Rapport’ related information was even still well embedded within the root of the drive.

My comment and feelings:
Why is it not able to be removed fully from a computer using the normal accepted procedures? What is it still actually leaving? Considering that it does store and does send information on the user, could this still be the case when you believe that you have uninstalled it?



4. This software is provided free. However, this is certainly not like most freeware sources that one experiences – a couple of enthusiasts producing software that they need and providing it free to others. Trusteer is operated like a huge commercial Software House with 7/24 support etc etc.

My comment and feelings:
This must surely beg the question where is their revenue stream for all this?

If the Banks that almost ‘force’ us to use it have to pay for it, you can be sure they would attempt to pass on the cost to the customer. Instead commercial banking staff at senior levels are more than likely being offered junkets to increase the Rapport user base.

I might be wrong and it might be a large collection of public spirited Israelis who have no commercial interests and are being provided with all free facilities and have decided to provide the rest of the world with free software!


IN CONCLUSION - I STILL feel Rapport from Trusteer definitely needs to be considered with caution.

Google for "Rapport Problems" and you'll find all the blogs and forums you need. A well-maintained, properly secured PC does not need this or any of the problems that come with it. Also, purely out of interest, look out for patronising posts from Trusteer support on the blogs and forums...they are usually accompanied by a post from some guy telling you how he and his brother both use Rapport and how wonderful it is.

To anyone such as PPrune Pop whom is satisfied with it, then stick with it.

Like many things in life, one has to make one’s own judgement, which is why I deliberately originally titled this thread ‘CAUTION – Free Online Banking Security Software.’

Thanks VB - I will continue saying "Thanks but no thanks"

I find this odd. My bank have started sending my credit card statements by email. They are accompanied by this email.

What is the point of encrypting it if the unencryption tool is referenced in the same email, and does not require any security or password?

Am I missing something here? This seems to me a bit like locking your valuables in the safe and leaving a note on the safe to tell burglars where they key is!

Attached is your Standard Bank Gold credit card statement. For your security it has been encrypted. This means that you will need a decoder to view your statement.

Before you can view your statement, you must download and install the decoder.

If you downloaded and installed the decoder previously, you do not need to download and install it again.

If you have not installed a decoder please download it by going to this link.
https://www.standardbank.co.za/secure/decoder/securedecoder.html

Regards,
Standard Bank

It does seem a bit lax, even I can download it and I'm not even a customer, I think I'd complain to the bank immediately.

You can download Truecrypt which I use to encrypt some stuff, doesn't mean you can read my files! Kind of guess there is some logon/password needed that only the customer would know.

Kind of guess there is some logon/password needed that only the customer would know.

That is what I would have expected. there isn't, which makes the encryption about as much use as a chocolate teapot.

Dear Forum members,

We will attempt to address VB's latest post.

1. Regarding disabling Rapport's anonymous reports - During the installation process there is a check box that clearly states that you agree to send these reports. Clearing the check box disables the report sending. There is also an option to enable or disable this feature inside the Rapport console under "Edit policy".

2. Rapport does not automatically disable any functionality of your installed security product. If you believe that Rapport has conflicted with a security product on your computer, please contact support and let us know. We run extensive tests with many security products to ensure compatibility, and the page which displays this has already been shared on this thread.

3. The files that remain after uninstalling Rapport are user data and logs that can be manually deleted after restarting the computer. These are left there like many other software products leave them, for 2 main reasons - a. A re-install would result in all of your personal settings still in place so you won't have to repeat decisions and processes you did with Rapport. b. If you choose to report a problem to us, the encrypted logs can be sent to Trusteer to be analyzed.
These files do not have any effect whatsoever once Rapport is removed from the program files folder, which occurs after normally uninstalling through the control panel and restarting the computer. The technical information within them is not sent anywhere and is encrypted.

4. Regarding our revenue - You can read everything about our company right here:
Company | Trusteer (http://www.trusteer.com/company)

Best Regards,

Trusteer Support Team

Having taken over this computer from a now deceased acquaintance who did use online banking, how can I check if Rapport is installed on this machine or has been incompletely removed from it? I can see nothing obvious among the installed software and have done a simple search for any file containing "rapport", both with no results.

Thank you in advance!

I guess regedit and look for Trusteer or Rapport folder? Any other ideas? Would services show anything started?

If you are that concerned and you 'inherited' the computer, perhaps time for a clean start ? Regedit would perhaps show traces even if software had been removed, but at least you would know it had once been on (and probably still is).

I'm happy to report that my bank is no longer nagging me to install Trusteer Rapport every time I log on. I haven't installed it, and don't intend to.

A very good friend of mine used to work in Criminal Intelligence which is a division of the UK Metropolitan Police (the London police service) but answerable to the Home Secretary. Their security policy regarding the computers they used for their intelligence work was interesting.....they were never connected to the internet!

Very interesting thread.

Thank you BOAC and Mr Optimistic. Regedit showed no trace and I took the opportunity to tidy up a few registry issues with CrapCleaner.

After reading the last post from "TrusteerSupport", I would be more than wary regarding the use of that "software".

There's a simple reason. When you "uninstall" it, why does it leave ANYTHING? After all, if you are getting rid of that programme you will want EVERYTHING deleted, you want no reference to the programme what you are getting rid of. There should be no "profiles", there should be no "legacy" files or registry entries. You "uninstall" and everything goes. Period. Otherwise you are just as bad as Symantec.



My bank over here doesn't use something that, in my mind, is malware. If the Trusteer people can tell us why their software does not wipe out EVERYTHING when you uninstall it, I would think we would all like to know.

After all, it is, at least, piss poor programming. And if they cannot get that right then why should anyone trust the chances that their software is actually "secure"........................

Rapport smells like a rootkit. Do not install rootkits on your machine. If an antivirus says it's a keylogger, than in all probability that's exactly what it is. Do not install keyloggers on your machine. Do not disable keylogging detection.

You don't need any additional security for online banking. A simple https connection to the bank's Web site is more than secure enough.

Good security products fully disclose everything they do, because a secure product does not depend on obscurity. Good security products remove themselves completely from the system when uninstalled. Software vendors do not control your PC—you control your PC. A software vendor that installs rootkits and/or makes parts of its software unremovable or unremoved may be committing a crime in some jurisdictions, so potentially you can file a criminal complaint if the vendor will not cooperate with you.

It amazes and depresses me that people are still being hoodwinked into installing junk like this on their computers. It's even more amazing to see the cavalier attitude of the vendor. Would you let strangers root around in your wallet? Would you give them free access to your bank accounts? That's exactly what you are doing here.

I suspect that end users are not the only victims. I see a lot of little banks on the list, and hardly any of significant size. I think somebody is fooling them into suggesting this software as well.

This is a great example of social engineering. Quis custodiet ipsos custodes?

I suspect that end users are not the only victims. I see a lot of little banks on the list, and hardly any of significant size.

On the contrary, one of the reasons I moved from Santander, which is gobbling up everything in sight, to a much smaller bank, is that bl**dy S. were putting up the Rapport nag screen every time I logged on. Mind you I was planning to get away from them anyway.

So is there an up to date uninstall tool for this?

Just use the uninstall feature. XP Users: Uninstalling Rapport | Trusteer (http://consumers.trusteer.com/uninstalling-rapport-0) and Remove Rapport Folders | Trusteer (http://www.trusteer.com/remove-rapport-folders). As usual, Google is your friend (and also, it appears, is rampant paranoia).

Interesting, my bank have informed me that Rapport is now available for Macs. After all the previous posts I have no intention of using it.

Still never had a problem and my online banking is fine. I have had two occasions of ID theft - one from Morrisons and the other a restaurant. In both cases the bank repaid within 5 days.

There's a simple reason. When you "uninstall" it, why does it leave ANYTHING? After all, if you are getting rid of that programme you will want EVERYTHING deleted, you want no reference to the programme what you are getting rid of. .

Many progs leave SOMETHING behind. Try re-installing a programme you were using some time ago.......simples.

If you want to get rid of stuff use CC Cleaner and clean the registry, and the rest of the computer, and you see most times what is hanging around IF, and I do mean IF, you really know the base words you are looking for.

If you want to get rid of stuff use CC Cleaner and clean the registry, and the rest of the computer, and you see most times what is hanging around IF, and I do mean IF, you really know the base words you are looking for.

You shouldn't have to run a third-party product just to uninstall another product. If a product doesn't fully remove itself from the system when it is uninstalled, the developers are either incompetent or have questionable motives/ethics. No one is in a better position to carry out the uninstallation of a product than the creators of the product, and if they won't do it, there's a problem.

An article sent to me by a friend so can't validate the source but believe it's the Times (since it says that in the article....).

Expert says that it is ‘almost inevitable’ crooks will take advantage of ‘flaw’

Millions of online banking customers are at risk of fraud because of a “fundamental” flaw in key security software, The Times has learnt.

Major British banks, including HSBC and Santander, strongly advise customers to install specialist software called Trusteer Rapport in order to protect themselves from fraudsters when logging into banking websites.

At least seven million customers have installed the software, which promises to verify that a bank’s website is genuine and to block keyloggers and other malicious software that is used by criminals to steal users’ banking details.
NatWest, the Royal Bank of Scotland, HSBC, Santander, first direct, The Co-operative Bank and Nationwide all actively promote Trusteer to their customers and offer it for no charge. Some force users to click through a screen recommending that they download the software before they can log into their online banking account.

But Times Money has seen evidence that the software’s keylogger protections — designed to prevent fraudsters recording users’ login and credit card details — can be hacked by computer security specialists with “minimal effort” in less than a minute, and that the program signposts how to do this in the names it gives to various functions.

Criminals can turn off keystroke encryption or can “listen in” as the information passes through Trusteer, in both cases without the program being aware of it, allowing them to steal banking login names and passwords and other financial details.

Neil Kettle, a computer security researcher who discovered the problem, says that it was “almost inevitable” that criminals would start exploiting the weakness, particularly because the software allows them to identify online banking customers.

Mr Kettle, who has a PhD in theoretical computer science, and has previously exposed flaws in Apple Macs, says: “I have shown that getting around the keylogger protection is trivial for those with hacking knowledge. In fact, Trusteer give you the means in their own software to decrypt the keys.” Customers who use it are “effectively putting a big target on their back”, he adds.

“If you put in a check that Trusteer is there, 99 per cent of times you know that machine is used for accessing online banking.”

Rik Ferguson, a web security analyst at Trend Micro who has seen the code, explains: “It is designed to hook in to the internal interfaces that relay keystrokes, and so by doing that can capture what you type into the computer.”

Information such as a customer’s banking login or credit card details could then be relayed back to a fraudster making use of this flaw.

Mr Ferguson says that this “undermines one of Trusteer’s key claims”, but adds that consumers should be wary of relying on a single piece of security software anyway.

“A layered approach of security is the right approach. A machine has to be compromised in the first instance to enable this code to run on it, so you need to have something to stop you visiting known malicious websites.”
In order to be used to subvert Trusteer, the code must be installed and run on a victim’s computer. This can be done without the victim’s knowledge by using a Trojan, such as those that secretly download the software when a person uses peer-to-peer websites or is tricked into clicking on a link in an e-mail.

Mr Kettle believes that it is “almost inevitable” that fraudsters will exploit the design flaw he has highlighted, though he is not aware of any malware currently exploiting the weakness.

“Knowing it’s so monumentally simple to get round the keylogger protection in the way that I did, it’s hard to believe that malware developers aren’t smart enough to figure it out,” he says.

This view is shared by Professor Ross Anderson, one of Britain’s leading card fraud experts, who says that it is only “a matter of time”.

“In our experience if something can be exploited it will be. There are lots of greedy people out there in places like Russia and Brazil and so on, where law enforcement is corrupt or nonexistent,” he says.

In a written statement, Trusteer said that it had managed to fix the flaw by ensuring that part of the program alerted the software when someone made an unauthorised attempt to access the driver. A spokesmen added: “Existing customers do not need to take any action, as the update is automatic. Trusteer is constantly working with security researchers to improve its products,” it stated.

The company told Times Money that the patch to fix the problem would be rolled out to customers at the time of the next regular update in about two weeks However, Mr Kettle questioned whether this would fix the flaw because “there is no operating system which allows you to lock down access to their kernel driver” in the way that Trusteer claims. Even if this were possible, he said that it would be easy for a fraudster to incorporate Trusteer’s own code into malware.

Trusteer was unable to provide a copy of the update that it said had fixed the problem in time for this article but a spokesman said: “Trusteer Rapport has the ability to capture, from within the operating system kernel, any process that accesses any of its objects (or other objects such as the browser). At this point it is capable of inspecting the complete process code. If it’s not a Trusteer code then Rapport can block it, kill it, or remove it.”

Trusteer Rapport is widely used by banks in the United States, Canada, South Africa and Ireland as well as the UK, and the software company’s website claims to have had 24 million worldwide downloads.

A typical notice — in this case on the Santander website — reads: “We strongly recommend you download the free Rapport security software to help guard yourself against internet banking identity theft and fraud.”

RBS states that more than four million customers have downloaded the software, and a spokesman for Santander said that two million out of its 3.5 million online banking customers use it. It has previously been reported that at least one million HSBC customers have downloaded it in the UK.

A spokesman for HSBC said that it believed the software to be secure and that it had “proved very successful in protecting our customers”.

Times Money readers who use the software are advised not to uninstall it because it provides protection against other threats, but they should be extra vigilant.

Doriena Koldenhof, of Financial Fraud Action UK, says that her advice would be that “if your bank offers it, it’s important to use it just to add an extra level of security”. She adds that it offers protection against other types of fraud, such as verifying that a customer was using the bank’s genuine website, thereby preventing phishing attacks.

Many banks issue card readers that require users to have their credit or debit card present and to enter their pin before making payments from their online account.

This is not affected by the flaw in Trusteer Rapport, but the card reader does not prevent “card-not-present fraud”, such as using stolen details to shop online. According to Which?, card fraud costs the UK £1.2 million a day, and card-not-present fraud is responsible for the most losses.

If an unauthorised payment is taken from a customer’s account, the bank must refund the money when it is notified. It can refuse to refund money only if it can prove that the customer authorised the payment, or deliberately, or with gross negligence, failed to protect the card details.

Victims of fraud on debit and credit cards can be liable for no more than £50 unless they have been grossly negligent — for example, by writing down the pin and leaving it near the card.

But Professor Anderson says that in these cases banks have unfairly blamed customers who have been the victims of fraud. He says: “What the banks routinely do is simply claim that you must have been negligent. If you manage your money online, then what happens if there’s a dispute is the bank will say ‘Sorry, your password was used, it’s your fault’.”

How to stay safe online
• Be alert to phishing e-mails that purport to come from your bank and ask for your login details and password.

• Never click on an attachment in a spam e-mail, and use a filter to avoid getting junk messages in your inbox.

• Think about opening a free online e-mail account to use for online shopping and site registration. Give out your personal e-mail address only to friends.

• Always type your bank’s web address into your browser rather than going through an e-mail link.

• Look for the padlock or unbroken key in the bottom of your browser window to check you are using a secure website.

• Use anti-virus software and a personal firewall on your computer and make sure you keep it up to date.

• Consider using anti-spyware software and always install the latest security updates for your browser and operating system.

One of my banks had a brief period of pushing Trusteer again, but has now stopped. They've issued a code-generator card to use with each online transaction instead. It's a pain, but it works.

A lady in the village told me last month that her bank card had been compromised and her account raided. "Surely, that shouldn't have happened, with Trusteer", she said. The bank has refunded the money, but I wonder how the hack worked with Trusteer on the only PC she uses for online banking.

My UK bank (NatWest) used to push Rapport whenver I logged in, but they no longer do so, unless after my ignoring it for so long they no longer ask me, if the system is capable of that.

This is shown if you click on a screen after you've logged in

http://dl.dropbox.com/u/7593647/rapport.JPG

I haven't had time to read through all this thread, but thought it worth passing on that I've now seen three Vista PCs with Trusteer rapport that would not download/install MS updates properly. All worked perfectly once TR had been removed.

I STILL cannot tell anyone I have had a problem. I haven't. On the contrary I have been warned by the system about mistakes I make - but the system for me works perfectly.

Been using it for over 5 years now and I repeat - NEVER a problem.

A cut & paste of a very recent post on AV forums:-


PC was working fine until I was searching for a program. Came across Trusteer in the "all programs", and decided to try opening the console to see what it was. It would not respond, so I closed it down. Since then the PC cannot access the internet, Explorer will not even open and Safari just keeps trying to load. Also it has blocked the Control Panel, so I cannot get to uninstall software.

Now it says its not running, but a look at Resource Monitor show two files running. Choosing to end process gives an access denied message. So I cannot remove it from my PC (turns out the wife installed it because Barclays wanted her to). IMHO this appears to have taken over the PC, so is Trusteer Rapport the new Mozarts Ghost? Certainly I feel like it was written by Cathedral. I've emailed their so called customer support, but nothing, nada, zilch

Could I get rid of this by deleting all the program files, the Windows 32 driver, and removing entries in the Registry under HKEY CURRENT USER - software, trusteer rapport? Or wait is that Jeremy Northam at the door, suppressed Glock in hand?

The official website is slient on removing the software kelsurpeeze! Any ideas on how to rid this PC pest?