[tor-talk] Trusteer Rapport happily working inside tor-browser-bundle

ix4svs at gmail.com ix4svs at gmail.com
Thu Feb 23 10:49:02 UTC 2012


I'm using Tor browser bundle for Windows v2.2.35-7.1 (latest as of Feb
2012) and notice that Trusteer Rapport (software pushed hard by banks
in the UK that is supposed to raise the bar against
keylogging/screenshot stealing malware on Windows) is happily
functioning inside the Aurora instance of the Tor browser bundle. This
goes against the "do not install plugins in your truster browser"
rule.

I understand that Tor is not trying to protect against local attacks
and Trusteer Rapport is certainly installed on my local computer - but
the fact it's just "there" in Aurora concerns me. The result is that a
common database (of logins Rapport monitors and tries to protect) is
shared between all of my browsing sessions.

Short of running tor-browser-bundle on a read-only Linux live system
running off USB media, is it possible to somehow protect the Aurora
instance from accepting any external plugins to interfere with it? It
appears there are software bundles out there that accomplish this [0]
but that may be too far in local application protection space (and
therefore off-topic) for Tor to address.

I assume the answer in Tor-browser-bundle & Rapport's case is "no, it
cannot be blocked" - as it's supposed to trap system calls below the
browser level - but it seems to have the potential to compromise the
anonymity of people using the Tor browser bundle so I thought I'd ask.

Alex

[0] http://www.trusteer.com/support/en/dell-kace-secure-firefox-browser


More information about the tor-talk mailing list