|
This virtual on screen keyboard also exists in W7 SD |
So, back to my query - have all the 'incompatibility' issues with Zone Alarm etc been sorted out and does anyone have any 'bad' experiences to share?
I suspect it will not be long before it will become a mandatory download for some banks. |
I seriously doubt the banks can make it mandatory. They would then be liable for computer repairs should the software cause a crash, not to mention that it wont work on linux and mac platforms.
|
Interesting story indeed, even if I don't do MS at a personal nor professional level.
However, the real lesson here is to stay away from online banking until they catch up with the current state of technology and its implications. |
Personally, I think that the best online banking security you can have is not to do it. I don't, and am very unlikely to do so for the forseeable future,
|
I am trying to be worried about Rapport but I am not. I installed it in 2008 and it works as far as I know. I don't recall, or recognize, any fault I have that could be related to its installtion. I would be happy to listen if someone feels that I am not being careful enough - but as I say I have not had a problem.
PPP |
BOAC you posted:
More and more institutions keep nagging me to download and install - any updates/latest opinions? PPrune Pop posted: I am trying to be worried about Rapport but I am not. I installed it in 2008 and it works as far as I know. I don't recall, or recognize, any fault I have that could be related to its installtion. I would be happy to listen if someone feels that I am not being careful enough - but as I say I have not had a problem. As the originator of this thread and with my poor experiences with Rapport, I am still reluctant to install it, even though two of the banks I use have ‘nag’ screens about installing it. My reasons are as follows: On contacting the Banks concerned, I found it very difficult to establish contact with their Senior IT Managers. However, persistence paid off and eventually I was able to discuss my concerns with them. I would also suggest anyone else considering installing this software should do the same. Then simply ask them that if you should install the software and if it causes any problems to your computer, will they take the responsible action and pay or arrange to have your computer corrected. Just watch them duck and dive and squirm. They WILL NOT give you this assurance. Yet they are categorical in their assurances that it SHOULD not cause a problem. Whilst I have not fully looked into the full current situation with Rapport, these recent postings encouraged me to briefly look and update myself at some of the major original concerns that I had with it after my previous experiences. This has highlighted that many of these remain. To give just a few examples: 1.Does Rapport store or send any information on me? From Rapport’s own website under the FAQs, the following is stated, ‘Rapport creates an encrypted signature of your credentials on your computer. This information cannot be used to retrieve your credentials and is used by Rapport to identify any unauthorized leakage of your credentials. Rapport sends anonymous reports about security events and internal errors to a central server. This information is used to improve the product and the policy. You can specifically instruct Rapport not to send out any information.’ My comment and feelings: I personally am not comfortable with any software that automatically sends out information that I am not aware of. How many of you ‘satisfied’ Rapport users have actually been able to OR EVEN KNOW HOW TO specifically instruct Rapport not to send out any information. Where is this information going to? It is an Israeli company, so is this information ending up there? What control is there in that country about the storage and use of personal information? 2. If I were to try and install Rapport, it would still actual disable some functionality within my purchased Internet Security Program. My comment and feelings: I personally am not comfortable with any software that automatically changes functionality with my installed Internet Security Program. Even more so if one is not told what functionality is actually changed? How many of you ‘satisfied’ Rapport users are actually aware as to what has been changed? I am not confident with any installed software that has to make changes to currently installed programs to be able to make it function - they should be stand-alone within their own rights in the same manner that all the other software that we load. 3. Having recently helped a colleague out, whom after installing Rapport, had problems and wished to uninstall it. Rapport would still not FULLY uninstall using the normal uninstall procedures. Only by the use of the special ‘uninstall’ tool provided to me by Trusteer after my previous experience of their program, was I able to remove certain aspects of their program. Ironically and interestingly, I have upgraded my computer since I had installed Rapport. As I was passing that computer on to a family member, I wished to format the hard drives fully. Whilst not able to be certain, it appears that possible ‘Rapport’ related information was even still well embedded within the root of the drive. My comment and feelings: Why is it not able to be removed fully from a computer using the normal accepted procedures? What is it still actually leaving? Considering that it does store and does send information on the user, could this still be the case when you believe that you have uninstalled it? 4. This software is provided free. However, this is certainly not like most freeware sources that one experiences – a couple of enthusiasts producing software that they need and providing it free to others. Trusteer is operated like a huge commercial Software House with 7/24 support etc etc. My comment and feelings: This must surely beg the question where is their revenue stream for all this? If the Banks that almost ‘force’ us to use it have to pay for it, you can be sure they would attempt to pass on the cost to the customer. Instead commercial banking staff at senior levels are more than likely being offered junkets to increase the Rapport user base. I might be wrong and it might be a large collection of public spirited Israelis who have no commercial interests and are being provided with all free facilities and have decided to provide the rest of the world with free software! IN CONCLUSION - I STILL feel Rapport from Trusteer definitely needs to be considered with caution. Google for "Rapport Problems" and you'll find all the blogs and forums you need. A well-maintained, properly secured PC does not need this or any of the problems that come with it. Also, purely out of interest, look out for patronising posts from Trusteer support on the blogs and forums...they are usually accompanied by a post from some guy telling you how he and his brother both use Rapport and how wonderful it is. To anyone such as PPrune Pop whom is satisfied with it, then stick with it. Like many things in life, one has to make one’s own judgement, which is why I deliberately originally titled this thread ‘CAUTION – Free Online Banking Security Software.’ |
Thanks VB - I will continue saying "Thanks but no thanks"
|
I find this odd. My bank have started sending my credit card statements by email. They are accompanied by this email.
What is the point of encrypting it if the unencryption tool is referenced in the same email, and does not require any security or password? Am I missing something here? This seems to me a bit like locking your valuables in the safe and leaving a note on the safe to tell burglars where they key is! Attached is your Standard Bank Gold credit card statement. For your security it has been encrypted. This means that you will need a decoder to view your statement. Before you can view your statement, you must download and install the decoder. If you downloaded and installed the decoder previously, you do not need to download and install it again. If you have not installed a decoder please download it by going to this link. https://www.standardbank.co.za/secur...redecoder.html Regards, Standard Bank |
It does seem a bit lax, even I can download it and I'm not even a customer, I think I'd complain to the bank immediately.
|
You can download Truecrypt which I use to encrypt some stuff, doesn't mean you can read my files! Kind of guess there is some logon/password needed that only the customer would know.
|
Kind of guess there is some logon/password needed that only the customer would know. |
Dear Forum members,
We will attempt to address VB's latest post. 1. Regarding disabling Rapport's anonymous reports - During the installation process there is a check box that clearly states that you agree to send these reports. Clearing the check box disables the report sending. There is also an option to enable or disable this feature inside the Rapport console under "Edit policy". 2. Rapport does not automatically disable any functionality of your installed security product. If you believe that Rapport has conflicted with a security product on your computer, please contact support and let us know. We run extensive tests with many security products to ensure compatibility, and the page which displays this has already been shared on this thread. 3. The files that remain after uninstalling Rapport are user data and logs that can be manually deleted after restarting the computer. These are left there like many other software products leave them, for 2 main reasons - a. A re-install would result in all of your personal settings still in place so you won't have to repeat decisions and processes you did with Rapport. b. If you choose to report a problem to us, the encrypted logs can be sent to Trusteer to be analyzed. These files do not have any effect whatsoever once Rapport is removed from the program files folder, which occurs after normally uninstalling through the control panel and restarting the computer. The technical information within them is not sent anywhere and is encrypted. 4. Regarding our revenue - You can read everything about our company right here: Company | Trusteer Best Regards, Trusteer Support Team |
Having taken over this computer from a now deceased acquaintance who did use online banking, how can I check if Rapport is installed on this machine or has been incompletely removed from it? I can see nothing obvious among the installed software and have done a simple search for any file containing "rapport", both with no results.
Thank you in advance! |
I guess regedit and look for Trusteer or Rapport folder? Any other ideas? Would services show anything started?
|
fresh install ?
If you are that concerned and you 'inherited' the computer, perhaps time for a clean start ? Regedit would perhaps show traces even if software had been removed, but at least you would know it had once been on (and probably still is).
|
I'm happy to report that my bank is no longer nagging me to install Trusteer Rapport every time I log on. I haven't installed it, and don't intend to.
|
A very good friend of mine used to work in Criminal Intelligence which is a division of the UK Metropolitan Police (the London police service) but answerable to the Home Secretary. Their security policy regarding the computers they used for their intelligence work was interesting.....they were never connected to the internet!
Very interesting thread. |
Thank you BOAC and Mr Optimistic. Regedit showed no trace and I took the opportunity to tidy up a few registry issues with CrapCleaner.
|
After reading the last post from "TrusteerSupport", I would be more than wary regarding the use of that "software".
There's a simple reason. When you "uninstall" it, why does it leave ANYTHING? After all, if you are getting rid of that programme you will want EVERYTHING deleted, you want no reference to the programme what you are getting rid of. There should be no "profiles", there should be no "legacy" files or registry entries. You "uninstall" and everything goes. Period. Otherwise you are just as bad as Symantec. My bank over here doesn't use something that, in my mind, is malware. If the Trusteer people can tell us why their software does not wipe out EVERYTHING when you uninstall it, I would think we would all like to know. After all, it is, at least, piss poor programming. And if they cannot get that right then why should anyone trust the chances that their software is actually "secure"........................ |
Rapport smells like a rootkit. Do not install rootkits on your machine. If an antivirus says it's a keylogger, than in all probability that's exactly what it is. Do not install keyloggers on your machine. Do not disable keylogging detection.
You don't need any additional security for online banking. A simple https connection to the bank's Web site is more than secure enough. Good security products fully disclose everything they do, because a secure product does not depend on obscurity. Good security products remove themselves completely from the system when uninstalled. Software vendors do not control your PC—you control your PC. A software vendor that installs rootkits and/or makes parts of its software unremovable or unremoved may be committing a crime in some jurisdictions, so potentially you can file a criminal complaint if the vendor will not cooperate with you. It amazes and depresses me that people are still being hoodwinked into installing junk like this on their computers. It's even more amazing to see the cavalier attitude of the vendor. Would you let strangers root around in your wallet? Would you give them free access to your bank accounts? That's exactly what you are doing here. I suspect that end users are not the only victims. I see a lot of little banks on the list, and hardly any of significant size. I think somebody is fooling them into suggesting this software as well. This is a great example of social engineering. Quis custodiet ipsos custodes? |
I suspect that end users are not the only victims. I see a lot of little banks on the list, and hardly any of significant size. |
So is there an up to date uninstall tool for this?
|
Just use the uninstall feature. XP Users: Uninstalling Rapport | Trusteer and Remove Rapport Folders | Trusteer. As usual, Google is your friend (and also, it appears, is rampant paranoia).
|
Interesting, my bank have informed me that Rapport is now available for Macs. After all the previous posts I have no intention of using it.
|
Still never had a problem and my online banking is fine. I have had two occasions of ID theft - one from Morrisons and the other a restaurant. In both cases the bank repaid within 5 days.
There's a simple reason. When you "uninstall" it, why does it leave ANYTHING? After all, if you are getting rid of that programme you will want EVERYTHING deleted, you want no reference to the programme what you are getting rid of. Many progs leave SOMETHING behind. Try re-installing a programme you were using some time ago.......simples. If you want to get rid of stuff use CC Cleaner and clean the registry, and the rest of the computer, and you see most times what is hanging around IF, and I do mean IF, you really know the base words you are looking for. |
If you want to get rid of stuff use CC Cleaner and clean the registry, and the rest of the computer, and you see most times what is hanging around IF, and I do mean IF, you really know the base words you are looking for. |
Expert says that it is ‘almost inevitable’ crooks will take advantage of ‘flaw’
An article sent to me by a friend so can't validate the source but believe it's the Times (since it says that in the article....).
Expert says that it is ‘almost inevitable’ crooks will take advantage of ‘flaw’ Millions of online banking customers are at risk of fraud because of a “fundamental” flaw in key security software, The Times has learnt. Major British banks, including HSBC and Santander, strongly advise customers to install specialist software called Trusteer Rapport in order to protect themselves from fraudsters when logging into banking websites. At least seven million customers have installed the software, which promises to verify that a bank’s website is genuine and to block keyloggers and other malicious software that is used by criminals to steal users’ banking details. NatWest, the Royal Bank of Scotland, HSBC, Santander, first direct, The Co-operative Bank and Nationwide all actively promote Trusteer to their customers and offer it for no charge. Some force users to click through a screen recommending that they download the software before they can log into their online banking account. But Times Money has seen evidence that the software’s keylogger protections — designed to prevent fraudsters recording users’ login and credit card details — can be hacked by computer security specialists with “minimal effort” in less than a minute, and that the program signposts how to do this in the names it gives to various functions. Criminals can turn off keystroke encryption or can “listen in” as the information passes through Trusteer, in both cases without the program being aware of it, allowing them to steal banking login names and passwords and other financial details. Neil Kettle, a computer security researcher who discovered the problem, says that it was “almost inevitable” that criminals would start exploiting the weakness, particularly because the software allows them to identify online banking customers. Mr Kettle, who has a PhD in theoretical computer science, and has previously exposed flaws in Apple Macs, says: “I have shown that getting around the keylogger protection is trivial for those with hacking knowledge. In fact, Trusteer give you the means in their own software to decrypt the keys.” Customers who use it are “effectively putting a big target on their back”, he adds. “If you put in a check that Trusteer is there, 99 per cent of times you know that machine is used for accessing online banking.” Rik Ferguson, a web security analyst at Trend Micro who has seen the code, explains: “It is designed to hook in to the internal interfaces that relay keystrokes, and so by doing that can capture what you type into the computer.” Information such as a customer’s banking login or credit card details could then be relayed back to a fraudster making use of this flaw. Mr Ferguson says that this “undermines one of Trusteer’s key claims”, but adds that consumers should be wary of relying on a single piece of security software anyway. “A layered approach of security is the right approach. A machine has to be compromised in the first instance to enable this code to run on it, so you need to have something to stop you visiting known malicious websites.” In order to be used to subvert Trusteer, the code must be installed and run on a victim’s computer. This can be done without the victim’s knowledge by using a Trojan, such as those that secretly download the software when a person uses peer-to-peer websites or is tricked into clicking on a link in an e-mail. Mr Kettle believes that it is “almost inevitable” that fraudsters will exploit the design flaw he has highlighted, though he is not aware of any malware currently exploiting the weakness. “Knowing it’s so monumentally simple to get round the keylogger protection in the way that I did, it’s hard to believe that malware developers aren’t smart enough to figure it out,” he says. This view is shared by Professor Ross Anderson, one of Britain’s leading card fraud experts, who says that it is only “a matter of time”. “In our experience if something can be exploited it will be. There are lots of greedy people out there in places like Russia and Brazil and so on, where law enforcement is corrupt or nonexistent,” he says. In a written statement, Trusteer said that it had managed to fix the flaw by ensuring that part of the program alerted the software when someone made an unauthorised attempt to access the driver. A spokesmen added: “Existing customers do not need to take any action, as the update is automatic. Trusteer is constantly working with security researchers to improve its products,” it stated. The company told Times Money that the patch to fix the problem would be rolled out to customers at the time of the next regular update in about two weeks However, Mr Kettle questioned whether this would fix the flaw because “there is no operating system which allows you to lock down access to their kernel driver” in the way that Trusteer claims. Even if this were possible, he said that it would be easy for a fraudster to incorporate Trusteer’s own code into malware. Trusteer was unable to provide a copy of the update that it said had fixed the problem in time for this article but a spokesman said: “Trusteer Rapport has the ability to capture, from within the operating system kernel, any process that accesses any of its objects (or other objects such as the browser). At this point it is capable of inspecting the complete process code. If it’s not a Trusteer code then Rapport can block it, kill it, or remove it.” Trusteer Rapport is widely used by banks in the United States, Canada, South Africa and Ireland as well as the UK, and the software company’s website claims to have had 24 million worldwide downloads. A typical notice — in this case on the Santander website — reads: “We strongly recommend you download the free Rapport security software to help guard yourself against internet banking identity theft and fraud.” RBS states that more than four million customers have downloaded the software, and a spokesman for Santander said that two million out of its 3.5 million online banking customers use it. It has previously been reported that at least one million HSBC customers have downloaded it in the UK. A spokesman for HSBC said that it believed the software to be secure and that it had “proved very successful in protecting our customers”. Times Money readers who use the software are advised not to uninstall it because it provides protection against other threats, but they should be extra vigilant. Doriena Koldenhof, of Financial Fraud Action UK, says that her advice would be that “if your bank offers it, it’s important to use it just to add an extra level of security”. She adds that it offers protection against other types of fraud, such as verifying that a customer was using the bank’s genuine website, thereby preventing phishing attacks. Many banks issue card readers that require users to have their credit or debit card present and to enter their pin before making payments from their online account. This is not affected by the flaw in Trusteer Rapport, but the card reader does not prevent “card-not-present fraud”, such as using stolen details to shop online. According to Which?, card fraud costs the UK £1.2 million a day, and card-not-present fraud is responsible for the most losses. If an unauthorised payment is taken from a customer’s account, the bank must refund the money when it is notified. It can refuse to refund money only if it can prove that the customer authorised the payment, or deliberately, or with gross negligence, failed to protect the card details. Victims of fraud on debit and credit cards can be liable for no more than £50 unless they have been grossly negligent — for example, by writing down the pin and leaving it near the card. But Professor Anderson says that in these cases banks have unfairly blamed customers who have been the victims of fraud. He says: “What the banks routinely do is simply claim that you must have been negligent. If you manage your money online, then what happens if there’s a dispute is the bank will say ‘Sorry, your password was used, it’s your fault’.” How to stay safe online • Be alert to phishing e-mails that purport to come from your bank and ask for your login details and password. • Never click on an attachment in a spam e-mail, and use a filter to avoid getting junk messages in your inbox. • Think about opening a free online e-mail account to use for online shopping and site registration. Give out your personal e-mail address only to friends. • Always type your bank’s web address into your browser rather than going through an e-mail link. • Look for the padlock or unbroken key in the bottom of your browser window to check you are using a secure website. • Use anti-virus software and a personal firewall on your computer and make sure you keep it up to date. • Consider using anti-spyware software and always install the latest security updates for your browser and operating system. |
One of my banks had a brief period of pushing Trusteer again, but has now stopped. They've issued a code-generator card to use with each online transaction instead. It's a pain, but it works.
A lady in the village told me last month that her bank card had been compromised and her account raided. "Surely, that shouldn't have happened, with Trusteer", she said. The bank has refunded the money, but I wonder how the hack worked with Trusteer on the only PC she uses for online banking. |
My UK bank (NatWest) used to push Rapport whenver I logged in, but they no longer do so, unless after my ignoring it for so long they no longer ask me, if the system is capable of that.
This is shown if you click on a screen after you've logged in http://dl.dropbox.com/u/7593647/rapport.JPG |
I haven't had time to read through all this thread, but thought it worth passing on that I've now seen three Vista PCs with Trusteer rapport that would not download/install MS updates properly. All worked perfectly once TR had been removed.
|
I STILL cannot tell anyone I have had a problem. I haven't. On the contrary I have been warned by the system about mistakes I make - but the system for me works perfectly.
Been using it for over 5 years now and I repeat - NEVER a problem. |
A cut & paste of a very recent post on AV forums:-
PC was working fine until I was searching for a program. Came across Trusteer in the "all programs", and decided to try opening the console to see what it was. It would not respond, so I closed it down. Since then the PC cannot access the internet, Explorer will not even open and Safari just keeps trying to load. Also it has blocked the Control Panel, so I cannot get to uninstall software. Now it says its not running, but a look at Resource Monitor show two files running. Choosing to end process gives an access denied message. So I cannot remove it from my PC (turns out the wife installed it because Barclays wanted her to). IMHO this appears to have taken over the PC, so is Trusteer Rapport the new Mozarts Ghost? Certainly I feel like it was written by Cathedral. I've emailed their so called customer support, but nothing, nada, zilch Could I get rid of this by deleting all the program files, the Windows 32 driver, and removing entries in the Registry under HKEY CURRENT USER - software, trusteer rapport? Or wait is that Jeremy Northam at the door, suppressed Glock in hand? The official website is slient on removing the software kelsurpeeze! Any ideas on how to rid this PC pest? |
| All times are GMT. The time now is 14:36. |
Copyright © 2026 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.