[tor-talk] Trusteer Rapport happily working inside tor-browser-bundle

ix4svs at gmail.com ix4svs at gmail.com
Thu Feb 23 11:46:52 UTC 2012


On 23 February 2012 10:49,  <ix4svs at gmail.com> wrote:
> I'm using Tor browser bundle for Windows v2.2.35-7.1 (latest as of Feb
> 2012) and notice that Trusteer Rapport (software pushed hard by banks
> in the UK that is supposed to raise the bar against
> keylogging/screenshot stealing malware on Windows) is happily
> functioning inside the Aurora instance of the Tor browser bundle. This
> goes against the "do not install plugins in your truster browser"
> rule.
>
> I understand that Tor is not trying to protect against local attacks
> and Trusteer Rapport is certainly installed on my local computer - but
> the fact it's just "there" in Aurora concerns me. The result is that a
> common database (of logins Rapport monitors and tries to protect) is
> shared between all of my browsing sessions.
>
> Short of running tor-browser-bundle on a read-only Linux live system
> running off USB media, is it possible to somehow protect the Aurora
> instance from accepting any external plugins to interfere with it? It
> appears there are software bundles out there that accomplish this [0]
> but that may be too far in local application protection space (and
> therefore off-topic) for Tor to address.
>
> I assume the answer in Tor-browser-bundle & Rapport's case is "no, it
> cannot be blocked" - as it's supposed to trap system calls below the
> browser level - but it seems to have the potential to compromise the
> anonymity of people using the Tor browser bundle so I thought I'd ask.
>
> Alex
>
> [0] http://www.trusteer.com/support/en/dell-kace-secure-firefox-browser

Sorry forgot screenshot - attached with Rapport plugin circled in red.


More information about the tor-talk mailing list