Trusteer's Rapport software is an application written that a number of banks have asked their customers to download onto their systems. Banks that have offered the software include Bank of America, Société Générale, INGDirect (now owned by Capital One), HSBC, NatWest, The Royal Bank of Scotland, CIBC,Ulster Bank, First Direct, Santander, Standard Bank of South Africa, Scotiabank, Bank of Montreal, Banco de Chile, and The Co-operative Bank. Reports are that the software is difficult to remove, as it has some features that resemble malware in the way it installs itself, and offers little protection against most malware. It can consume an excessive amount of CPU time and prevent some normal programs, such as screen snapshot applications, from functions. The purported purpose is to stop screen-scraping programs and keyloggers, and to verify that you are connected to the bank’s actual Web site.
Should you install it? Should you uninstall it if you already have it?
We recommend against installing it. It is not proven that the software doesn't violate privacy, and your financial institution would not take responsibility for its actions should there be data leakage or intrusions into your computer if Rapport were found to be culpable. Overall, the risks are much larger than the rewards for this particular application. The application has been found to be weak at accomplishing its goals, and it is likely well behind the current wave of malware technology being used by the bad guys. Another problem is that it has been almost three years since the last
authoritative article appeared on the web analyzing Rapport.
The intent of the bankers and the company offering the application is to thwart criminals that target customer systems with malware in order to steal credentials, identities, and the contents of bank accounts. The problem is that, legally, the software is acting on behalf of the bank, not you, so you have no recourse when the software does stupid things, like consume all of your computing power, or be difficult to uninstall. A better solution is to increase your computer's defenses with better firewall, better virus and malware detection, and especially to surf the web using only a non-administrative account. Even if you are the only user on your computer, you will be safer if you create two accounts: one for administrative functions, and the other for everything else, especially cruising the internet and online banking, which does not have the power to locally modify the registry, other computer settings, or install applications.
Businesses are usually liable for losses arising from this type of fraud. If you are in this position, we recommend this solution: Dedicate a single computer for the purpose of online banking. Use it to connect only to your online bank web site. Make it company policy that using that computer for any other purpose is grounds for immediate dismissal.
Free Software to Protect Your Bank Account
A Closer Look at Rapport from Trusteer
