Linux Format forums Forum Index Linux Format forums
Help, discussion, magazine feedback and more
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Trusteer Rapport and preventing man in the middle attacks.

 
Post new topic   Reply to topic    Linux Format forums Forum Index -> Discussion
View previous topic :: View next topic  
Author Message
Fíona



Joined: Sun Mar 09, 2008 5:29 pm
Posts: 56
Location: Netherlands

PostPosted: Tue Dec 11, 2012 11:00 am    Post subject: Trusteer Rapport and preventing man in the middle attacks. Reply with quote

On my bank's website I noticed a suggestion to install Trusteer Rapport to protect my computer from trojans. Since I (obviously) use linux and there is no version for linux I have to pass on that piece of advice.
Browsing the net I discovered that this software appears to cause more problems than it solves and I wonder if it actually protects at all.
What is the position of linux and man in the middle malware? I know that the most of the malware/virus is designed to work on windows or mac platforms but don't understand how malware works and read that information can be hijacked during the http transmission. Is a linux system susceptable to this type of attack at the http level?
Interesting to see what you think!
Back to top
View user's profile Send private message
nelz
Site admin


Joined: Mon Apr 04, 2005 12:52 pm
Posts: 8455
Location: Warrington, UK

PostPosted: Tue Dec 11, 2012 11:55 am    Post subject: Reply with quote

HTTP uses plain text, so it is susceptible to interception regardless of the OS used. But your bank should be using HTTPS, which is both encrypted and certified, preventing man in the middle attacks.

As for trojans, there are rootkits which can hide in the background and do nasty things. I run Rootkit Hunter every day to make sure nothing has got onto my system.
_________________
"Insanity: doing the same thing over and over again and expecting different results." (Albert Einstein)
Back to top
View user's profile Send private message
Fíona



Joined: Sun Mar 09, 2008 5:29 pm
Posts: 56
Location: Netherlands

PostPosted: Tue Dec 11, 2012 12:03 pm    Post subject: Reply with quote

Thanks for your answer and tip Nelz.
I use https everywhere, so hopefully that will help but I will certainly look into using the rootkit hunter as well. I have also seen another tool chkrootkit, I'll look at that too.
Back to top
View user's profile Send private message
Ram
LXF regular


Joined: Thu Apr 07, 2005 10:44 pm
Posts: 1668
Location: Guisborough

PostPosted: Tue Dec 11, 2012 12:46 pm    Post subject: Reply with quote

That's the same software my bank would like me to install - not much chance there.
_________________

lubuntu LXDE 13.10 running on AMD Phenom II*4; ASUS Crosshair III Formula MB; 4 GB Ram.....
Back to top
View user's profile Send private message MSN Messenger
Nuke
LXF regular


Joined: Wed Feb 09, 2011 12:11 pm
Posts: 217
Location: Chepstow, UK

PostPosted: Sat Dec 15, 2012 12:27 am    Post subject: Reply with quote

Ram wrote:
That's the same software my bank would like me to install - not much chance there.

All very well, but what if the bank make it a condition of the account? In the HSBC General Terms and Conditions (April 2012 edition, Clause 9.2) it requires that you "keep your personal computer secure by using anti-virus and anti-spyware software". They do not specify which software, but it is a card that they could play if there were a dispute with your account. I make no comment as to whether I meet the condition myself.
_________________
Unsolved mysteries of the Universe, No 13 :-
How many remakes of Anna Karenina does the World need?
Back to top
View user's profile Send private message
pastychomper



Joined: Wed Apr 07, 2010 11:54 am
Posts: 52

PostPosted: Mon Dec 17, 2012 8:51 am    Post subject: Reply with quote

I'd be inclined to point out that the standard Unix user & file permissions are designed to prevent virus and spyware infection, and are of course implemented in software, so any Linux system meets HSBC's requirements - at least, as long as it isn't run as root.

If the bank didn't like that response I might consider using SELinux and/or a rootkit detector, but I doubt my current bank would care. If they support "Verified by Visa" and allow non-authenticated contactless payment, how security conscious can they be?
Back to top
View user's profile Send private message
Fíona



Joined: Sun Mar 09, 2008 5:29 pm
Posts: 56
Location: Netherlands

PostPosted: Mon Dec 17, 2012 11:07 am    Post subject: Reply with quote

I would agree that a banks view on security is sometimes surprising. I had problems with internet banking, apparently 3 atempts had been made to carry out transactions using my details. When I questioned the bank they assumed that the problem was on my computer and tried to tell me that I had windows virus's, trying to convince them that since I use linux I didn't believe that a windows virus would be the cause of the problem, was like talking to a brick wall.
If my bank were to compel me to use such software as the trusteer stuff, I would stop internet banking and go back to paper banking.
Back to top
View user's profile Send private message
View previous topic :: View next topic  
Display posts from previous:   
Post new topic   Reply to topic    Linux Format forums Forum Index -> Discussion All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Linux Format forums topic RSS feed 


Powered by phpBB © 2001, 2005 phpBB Group


Copyright 2011 Future Publishing, all rights reserved.


Web hosting by UKFast