Linux Format forums

Re: Trusteer Rapport and preventing man in the middle attacks.

F�ona — Mon Dec 17, 2012 11:07 am

Author: F�ona

Posted: Mon Dec 17, 2012 11:07 am

I would agree that a banks view on security is sometimes surprising. I had problems with internet banking, apparently 3 atempts had been made to carry out transactions using my details. When I questioned the bank they assumed that the problem was on my computer and tried to tell me that I had windows virus's, trying to convince them that since I use linux I didn't believe that a windows virus would be the cause of the problem, was like talking to a brick wall.
If my bank were to compel me to use such software as the trusteer stuff, I would stop internet banking and go back to paper banking.

Re: Trusteer Rapport and preventing man in the middle attacks.

pastychomper — Mon Dec 17, 2012 8:51 am

Author: pastychomper

Posted: Mon Dec 17, 2012 8:51 am

I'd be inclined to point out that the standard Unix user & file permissions are designed to prevent virus and spyware infection, and are of course implemented in software, so any Linux system meets HSBC's requirements - at least, as long as it isn't run as root.

If the bank didn't like that response I might consider using SELinux and/or a rootkit detector, but I doubt my current bank would care. If they support "Verified by Visa" and allow non-authenticated contactless payment, how security conscious can they be?

Re: Trusteer Rapport and preventing man in the middle attacks.

Nuke — Sat Dec 15, 2012 12:27 am

Author: Nuke

Posted: Sat Dec 15, 2012 12:27 am

Ram wrote:

That's the same software my bank would like me to install - not much chance there.

All very well, but what if the bank make it a condition of the account? In the HSBC General Terms and Conditions (April 2012 edition, Clause 9.2) it requires that you "keep your personal computer secure by using anti-virus and anti-spyware software". They do not specify which software, but it is a card that they could play if there were a dispute with your account. I make no comment as to whether I meet the condition myself.

Re: Trusteer Rapport and preventing man in the middle attacks.

Ram — Tue Dec 11, 2012 12:46 pm

Author: Ram

Posted: Tue Dec 11, 2012 12:46 pm

That's the same software my bank would like me to install - not much chance there.

Re: Trusteer Rapport and preventing man in the middle attacks.

F�ona — Tue Dec 11, 2012 12:03 pm

Author: F�ona

Posted: Tue Dec 11, 2012 12:03 pm

Thanks for your answer and tip Nelz.
I use https everywhere, so hopefully that will help but I will certainly look into using the rootkit hunter as well. I have also seen another tool chkrootkit, I'll look at that too.

Re: Trusteer Rapport and preventing man in the middle attacks.

nelz — Tue Dec 11, 2012 11:55 am

Author: nelz

Posted: Tue Dec 11, 2012 11:55 am

HTTP uses plain text, so it is susceptible to interception regardless of the OS used. But your bank should be using HTTPS, which is both encrypted and certified, preventing man in the middle attacks.

As for trojans, there are rootkits which can hide in the background and do nasty things. I run Rootkit Hunter every day to make sure nothing has got onto my system.

Trusteer Rapport and preventing man in the middle attacks.

F�ona — Tue Dec 11, 2012 11:00 am

Author: F�ona

Posted: Tue Dec 11, 2012 11:00 am

On my bank's website I noticed a suggestion to install Trusteer Rapport to protect my computer from trojans. Since I (obviously) use linux and there is no version for linux I have to pass on that piece of advice.
Browsing the net I discovered that this software appears to cause more problems than it solves and I wonder if it actually protects at all.
What is the position of linux and man in the middle malware? I know that the most of the malware/virus is designed to work on windows or mac platforms but don't understand how malware works and read that information can be hijacked during the http transmission. Is a linux system susceptable to this type of attack at the http level?
Interesting to see what you think!