If You Can’t Beat Malware, Tunnel Through It
Trusteer’s methods of tackling malware have seen it clash with other established security specialists. The company’s CEO Mickey Boodaei answers the critics
Start-up Israeli security company Trusteer claims to have hit on a different tactic when it comes to combating financial malware and making activities such as online banking more secure.
Rather than trying to eliminate every nasty from a user’s desktop, the four year-old company claims its Rapport software establishes a secure link between a customer’s desktop and the bank’s systems, excluding any malware in the process. The approach has been greeted with enthusiasm by analysts with a recent report from Frost and Sullivan neatly distilling the problem and Trusteer’s response to it.
“This new approach makes the basic assumption that the end user’s computer will always have active malware scripts and applications,” the report states. “In the battle of protecting information from malware, Trusteers’ solution takes the right approach of focusing on what needs to be done rather then fighting a lost battle.”
And it is not only analysts that are impressed. Banks including RBS and Natwest are already urging their customer to adopt the software, with HSBC becoming the latest financial services company to jump on board.
But despite its promise, Trusteer – and the customers using it – have come in from some criticism from more traditional anti-virus companies. Graham Cluley, a security expert with Sophos has blogged about dubious metrics used by RBS to encourage customers to adopt Rapport. He also criticised the decision by HSBC to allow its customer to save their log-in IDs locally – not connected to the Rapport software deal according to Trusteer – which he described as usability wrongly triumphing over security.
Trusteer may also find itself under scrutiny from privacy advocates given the nature of the link it establishes between the user’s desktop, the Rapport application and the bank’s systems. It is these privacy issues which potentially prevent the banks from simply integrating Rapport into their online banking platforms presumably as users have to opt in to share information in this way.
Rapport also throws up interesting questions about the responsibility for fraud. Currently banks compensate most customers hit by online fraud, but much like an uninsured driver, will banks continue to give customers who don’t download applications such as Rapport the benefit of the doubt?
Eager to respond to some of comments made by Cluley, eWEEK Europe UK was contacted by Trusteer’s chief executive Mickey Boodaei who explained what makes Rapport different and why traditional anti-virus vendors might feel threatened.
