HSBC is urging its online bank customers to download a free security app it believes can protect them from the predations of banking Trojans, phishing and keyloggers.
The application in question is actually Trusteer's Rapport browser plug-in, which protects a user's browsing sessions while visiting specific websites.
The plug-in embedded its own default selection of banking institutions (including HSBC and Alliance & Leicester in the UK), but the user can add additional ones as they choose, although this limits some security features.
When visiting one of these sites, Rapport blocks any attempt to take control of the session by malware, which could include keylogging and screen capture, session hijacking, and DNS redirection hijacks.
Other invisible layers of protection include secure DNS via Trusteer's site - a block on redirection attacks - and a secure internal store for all data worked on during an online banking session.
Bank IP addresses are verified and communication to and from the bank site is encrypted, a feature Trusteer points out is also useful when using open public Wi-Fi hotspots.
Users can monitor and configure the app using a green (on) or grey (off) icon which installs itself on the browser toolbar.
'Surpassing our most optimistic expectations'
"Download rates have surpassed our most optimistic expectations," said HSBC's digital security manager, Nick Staib.
"Rapport is software that I use myself and I am happy recommending to friends."
The app allows for some nice features such as receiving a weekly report on different types of security and browsing events, and there is also an optional feature to allow Trusteer to remotely collect data on any attacks encountered.
It is worth noting that any bank or site not embedded within the app will face some limits on the security features it can access.
Rapport does not support full traffic encryption for added sites (only for passwords on these sites), screen grabbing protection will not work, and fraud and transaction tracking, which requires bank involvement, is obviously turned off.
Whitelisting
Rapport is really the thin edge of a slowly growing movement, that of whitelisting. The principle behind this is that a user does not know which sites are malevolent but does know the few sites that are not.
Focusing on securing access to these is the conceptual strength of its design.
Unlike some past attempts at securing browsers through plug-ins, rapport is also pleasingly low-key. Installation happens in seconds, requires no browser reboot, and seems to consume almost no memory.
Registration is free, and gives you full access to our extensive white paper library, case studies & analysis, downloads & speciality areas, and more.
Turning the app off involves entering a CAPTCHA.
Supported browsers include Microsoft's IE, Mozilla's Firefox and Google's Chrome, and works on Windows 7, Vista and XP, as well as Apple OS X Tiger.
The application is free as long as the number of protected websites (including those already embedded) does not exceed 100.
Anyone not downloading the app through a supported partner should visit the Trusteer website.
Be the first to comment on this article!