Trusteer

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hello, All!

I've been using Trusteer for another layer of security for awhile now. It
work's pretty good. Any comments on this desktop security utility.

http://www.trusteer.com /
--
With best regards, gufus.  E-mail: stop.nospam.gbbsg@shaw.ca



Re: Trusteer

On 3/28/2011 1:25 PM, gufus wrote:
Quoted text here. Click to load it

Hello gufus:

What proof can you offer that it "works pretty good"?  Has it
undeniably prevented, while adequately reporting, attacks or malware
that nothing else did?

Late last month, Trusteer seemed to be the only ones that discovered a
banking Trojan (Oddjob?) & whose defense seemed to lay only with its
discoverer.  At the time, it seemed as if Trusteer wasn't sharing with
the antimalware community.  This doesn't instill confidence in their
company and may have the opposite & chilling effect on some.

Perhaps if you are running unquestionably best in breed antivirus and
antispyware applications already, it wouldn't hurt to see how
effective it is against real world threats, in parallel.  This
presupposes that all other computer safety practices are being
scrupulously followed.

HTH

--
1PW

Re: Trusteer

Hello, 1PW!

On Mon, 28 Mar 2011 14:24:41 -0700:

Quoted text here. Click to load it

It's only found a screen capture program I use VNC. And a browser add-on
CutePDF form filler helper.

Quoted text here. Click to load it

Really...


I do.. I run .. Avira Premium + Malwarebytes'  and Trusteer. Trusteer is
just another layer of security.
--
With best regards, gufus.  E-mail: stop.nospam.gbbsg@shaw.ca



Re: Trusteer

Hello, 1PW!

On Mon, 28 Mar 2011 14:24:41 -0700:

Quoted text here. Click to load it

BTW... It uses a /lot/ of memory too.

http://www.gypsy-designs.com/image44.jpg

--
With best regards, gufus.  E-mail: stop.nospam.gbbsg@shaw.ca



Re: Trusteer



gufus wrote:
Quoted text here. Click to load it

So, you think 2.3MB is a lot of memory? Hell, Avira uses well over 10MB.
Buffalo



Re: Trusteer

Hello, Buffalo!

imra5f$o6r$1@dont-email.me
On Mon, 28 Mar 2011 18:46:37 -0600:

Quoted text here. Click to load it

Ya... sure adds up hu.

--
With best regards, gufus.  E-mail: stop.nospam.gbbsg@shaw.ca



Re: Trusteer

I didn't hear from that programm yet!

Quoted text here. Click to load it

Re: Trusteer

Hello, Daniel!

4d9db02b$0$311$14726298@news.sunsite.dk
On Thu, 7 Apr 2011 14:37:58 +0200

Quoted text here. Click to load it

From Rapport?

--
With best regards, gufus.  E-mail: stop.nospam.gbbsg@shaw.ca



Re: Trusteer

gufus wrote:

Quoted text here. Click to load it

Trusteer is a company name, not a product name.  So what PRODUCT of
theirs are you using?

None of their products (Rapport, Flashlight, and PinPoint) are end-user
security solutions.  

Rapport requires a secure channel established at both ends of the
connection (like SSL or VPN do) and so requires their product be
installed on BOTH the client *and* the server.  If it isn't used on the
server to establish a secure connection with a client using the product
then there is no secure connection.  For example, your bank might deploy
Rapport on their servers and offer you a client-side download which then
permits you to have secure channel between your client and their server;
however, just installing Rapport on your host gives you absolutely
nothing in way of security unless the site to which you connect is also
using Rapport.  Go read http://www.trusteer.com/webform/download-rapport
and notice that the *server-side* is using Rapport and offering you a
means of securing connecting to them.

Flashlight is an end-to-end interrogation tool used by financial
institutions to analyze malware used against them.  It isn't an end-user
solution.

PinPoint is a logon transaction monitoring system which obviously needs
to be installed on the server where you are logging in.  Obviously this
is a server-side solution and not a client or customer solution.

None of their products are single-sided or one-ended solutions employed
by only the client (user).  They are enterprise solutions.  If you
installed something of theirs on your host and don't connect to matching
sites that also implement their software then you have nothing on your
end doing any protection.  These aren't standalone security solutions.
They are enterprise-level products used to protect THEIR servers.  The
client software is free to you because the owner of the server had to
buy the product to use with their service(s).  They are protecting THEIR
butt, not yours, but putting spin on marketing a product to make
customers feel happy is very common practice.  

"Trusteer works with more than 70 leading banks around the world to keep
your online bank account safe from online fraudsters."  Yeah, and that
works if the bank you use has deployed Trusteer's products on THEIR
servers and then offered you the free client-side plug-in to use that
added security on their server.  Well, did you get the plug-in from your
bank?  If they don't offer it then nothing of Rapport is going to secure
your communication beyond what the site already provides without
Rapport.  And how is this going to protect you when visiting sites OTHER
than your bank?  You know, all those other sites that don't have Rapport
enterprise services on their servers.

Installing the Rapport plug-in for your web browser is only HALF of that
product solution.  You also must connect to a site that uses Rapport.
Well, if your bank is using Rapport then it might be worth installing
its client plug-in.  As for anywhere else, Rapport isn't going to do
anything to further secure your communications.  Other than your bank
(and *if* they offered the plug-in to show they provide Rapport
support), just how many other sites have you visited where the address
bar icon for Rapport is colored green (showing it is active)?

There are currently only 90 sites that are Rapport-supported servers.
Yes, you can add other sites but all that does is try to prevent malware
(e.g., keyloggers) from obtaining your login credentials.  Alas, if you
can see your login progress as you enter it from your keyboard then a
keylogger can still get it.  This is very specific security software for
very specific uses by a limited number of sites.

Of very limited usefulness.

Re: Trusteer


Quoted text here. Click to load it

Given the hype on the website, I was going to say avoid the product.  Then
I looked at the list of sites that do support it.

While my bank is not included (TD-Canada-Trust), some of the Canadian
chartered banks are (CIBC, BMO).

 From what I read on their website, regarding hooking keyboard input very
early in the interrupt chain, it may actually be able to
"encrypt keystrokes", and prevent key logging, which would be good even
if the bank you're using doesn't use it.  Depends on how they've actually
implemented it, as to how well it will work though, and the order of
interrupt hooking between rapport and the key logger.

Won't work on my linux system.  I like the concepts the site describes,
but have no way of verifying that the company has implemented them
properly.

For those financial sites where it is supported, it should help avoid
phishing and man in the middle attacks (using dns poisoning), until
dnssec is widely deployed.

Seems like a heavy price in terms of local resources though.  I use a
separate user account, with a simple browser without any plugins, for
online finance, with a localhost resolving name server, to avoid any
possible dns poisoning.

Regards, Dave Hodgins

--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)

Re: Trusteer

Hello, VanguardLH!

On Mon, 28 Mar 2011 20:52:25 -0500:

Quoted text here. Click to load it

I just us Rapport...Yes, I got the plug-in from my bank(s) and use Rapport
with the banks that support it. other than that, I don't use the plug-in for
any other website.

Quoted text here. Click to load it

Thanks for your input, It sure looks lke they are getting more
Rapport-supported servers on line now. IMHO, It's just another layer of
security.

--
With best regards, gufus.  E-mail: stop.nospam.gbbsg@shaw.ca



Site Timeline