Archive for the ‘Computing’ Category

« Older Entries

Setup Trusteer Rapport to protect other websites

Monday, February 22nd, 2010

Trusteer Rapport helps to stop key loggers from stealing your passwords, and stops viruses or spyware from seeing what you are doing in your web browser.

Many banks are now offering it for free download. You can for example download it from NatWest’s website here – even if you aren’t a NatWest customer.

It is preconfigured to protect a small number of partner websites, but you can configure it to protect other sites you use as well.

You can enable it for each website that you enter username / password / credit card details into. When on the website you want to protect click on the grey Rapport arrow, and then press the ‘Protect this Website’ button.

trusteer rapport unprotected website

Then:

trusteer rapport protect this website

When you are on a website it is protected if the arrow is green, and it is not protected if the arrow is grey.

As well as protecting each individual website I’d recommend you increase the level of protection Trusteer Rapport offers.

Increase the security from the default settings

Click on the ‘Rapport’ arrow in the address bar of the web browser and press ‘Open Console’.

trusteer rapport open console

Click on the green circle with the right facing arrow on the bottom right of the screen.

trusteer rapport green button

Click on ‘Edit Policy’.

trusteer rapport edit policy

On this screen go through all the pull down options and make sure the bottom option of each is selected.

trusteer rapport advanced configuration

Click ‘Save’. You will be told that it is a good idea to restart the computer. There’s no need to do this now. The setting will be applied when you next turn the computer on.

After saving you can close the Trusteer window by clicking on the green ‘x’ on the top right hand corner of the screen.

In my case I was able to turn all the settings up to the maximum level apart from the ‘Block Kernel Keylogging’. I found that this setting prevented my wireless keyboard from working. If you have a problem with a wireless keyboard after installing Trusteer Rapport then you should try turning this setting off too.

Using Trusteer Rapport

Trusteer is only configured by default to protect a few websites. You need to manually enable it for the sites that you enter username / password or other sensitive details into. You can enable it to work for up to 50 sites. Do this for each sensitive website when you visit it next.

When you visit a website that needs username password details, and which is not already protected (i.e. it has a grey Rapport arrow), click on the grey arrow and choose ‘Protect this website’ as detailed above.

When you submit your login details you will probably see this box. Select ‘Yes’.

trusteer rapport password monitoring

Trusteer Rapport will then warn you if this password is being sent to a new website – for example to a phishing website.

Related Posts

Tags: , ,
Posted in Computing | No Comments »

Finding the best WiFi channel with Vistumbler

Friday, February 19th, 2010

If you are having trouble with your WiFi connection you may have heard that it is a good idea to connect to your WiFi router on a quiet WiFi channel to avoid interference from other WiFi devices.

WiFi myths

It is in fact quite unlikely that other WiFi devices are causing your problem. The WiFi protocol is designed to cope with many other WiFi devices in the area at the same time. Cisco have an interesting list of 20 Myths of WiFi Interference including this one that you might want to read.

But despite knowing this you still want to find the quietest WiFi channel.

Before I show you how make sure that it is the WiFi connection that is dropping. With WiFi internet you have two main points of failure. First you have the WiFi connection between your computer and the router which can drop. Secondly you have the internet connection between your router and your ISP which can also drop.

If your loss of connectivity is caused by the router to ISP connection failing then this won’t help at all.

Stop wasting my time – just tell me how to find the quietest WiFi channel!

Ok – here’s what you do. You’ll need to download and install Vistumbler. It’ll work on Windows Vista and Windows 7.

Start the application. Make sure your WiFi adaptor is selected from the Interface menu. Press Scan APs.

vistumbler loaded

After Vistumbler has been scanning for a minute or so press stop. You should have a list of other WiFi access points nearby. If you don’t then there probably aren’t any other hotspots nearby.

Have a look at the WiFi channels list on the left. You should go through them and see how many access points are listed on each.

vistumbler channels

You can see that channel 6 has lots of access points on it.

vistumbler busy channels

Channels 2, 4 and 8 are quiet only having one access point each. Don’t forget the channels which aren’t listed – they have no access points on them.

vistumbler quiet channels

Using this information you’ll see which channels are quiet, or empty. You can have a go changing the channel to a quiet one.

You might find your connection reliability improves. If it does then this is probably due to you picking a channel with less interference from baby monitors, video senders, and microwaves, rather than the other WiFi devices.

So was this all a waste of time? Maybe. But it is still interesting to know the distribution of routers across the channels nevertheless.

Related Posts

Tags: , , ,
Posted in Computing | No Comments »

Trusteer Rapport password leakage problem

Wednesday, February 17th, 2010

If you bank online then there is a good chance you will have been prompted to install a software product called Trusteer Rapport. It is recommended by NatWest, HSBC, First Direct and a whole list of others.

Trusteer Rapport helps increase the security of your Windows operating system by attempting to block keystroke logging attempts, screen capturing, validating the IP address of sites you visit (to protect against phishing/pharming), and more.

On the whole it looks like a good piece of software to have on your computer when combined with an up to date virus scanner, firewall, spyware blocker, and Windows automatic updates turned on. I use it on my computer and intend to continue to use it for now.

However there are a number of worries about the software. RLR UK Secure IT Services has written about some of the worries here and here.

I have a new worry to add to the list.

Password leakage

One of Trusteer Rapports security measures is to warn you if you enter a known password onto a new site. This is a security measure to protect against the password for one site being stolen by another sites phishing attempt.

This is all good stuff. However they have created a new potential problem in the way they have implemented the warning message. If you use the same password on multiple sites (as most people do), and someone discovers your password, then they can use Trusteer Rapport to get a list of other sites that you have asked Rapport which use the same password.

The malicious user will need access to your computer to do this, but if they have this access then all they need to do is enter the password on a new website and they will trigger this Trusteer Rapport warning dialog.

Trusteer Rapport password information leak

You will see that in this example dialog Trusteer Rapport has now leaked that this particular password is also the same password used on 6 other websites.

This means that instead of gaining access to one account, the malicious user could gain access to many of your password protected accounts.

Now you can argue that users should use a different password for each site, but in reality that is never going to happen. People have two choices (unless they have some kind of super brain), they either use a small number of passwords they can remember on all their sites, or they write the passwords down somewhere. Most people will reuse the passwords.

I think Trusteer would be better off changing this message so that it doesn’t print out the names of the websites. Perhaps Rapport could just print out a message saying that this password is in use on other websites, and that this is a new website that has not been given this password before.

Overall

Despite this I’d still recommend using Trusteer Rapport at the moment as it does many things which will increase the security on your computer. You must make sure you use it in combination with up to date anti-virus and anti-spyware.

Related Posts

Tags: , ,
Posted in Computing | 1 Comment »

« Older Entries