Rapport

5 views
Skip to first unread message

Martin J Duckworth

unread,
May 5, 2013, 9:57:58 AM5/5/13
to mmug...@googlegroups.com
This software seems to be loved by the Banks. However, it is a 'real memory hog' (110Mb).

Two questions:-

1. Is it needed on a Mac behind a NAT enabled modem-router? (Or just on a Windows machine?)
2. If not, how does one get rid of it?

Thanks in advance,

Martin

Rick Squires

unread,
May 5, 2013, 10:02:38 AM5/5/13
to mmug...@googlegroups.com
Don't install it in the first place!

Sent from my iPhone
> --
> --
> MMUG is an  Apple User Group.
> You received this message because you are subscribed to the "MMUG Chat" group. To post to the group, send email to mmug...@googlegroups.com. To unsubscribe, send email to mmug-chat-...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/mmug-chat. Please note that what you post to the list is publicly readable by anyone and regularly indexed by search engines.
> ---
> You received this message because you are subscribed to the Google Groups "MMUG Chat" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to mmug-chat+...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>

Isabelle M.M.Devereux

unread,
May 5, 2013, 10:39:53 AM5/5/13
to mmug...@googlegroups.com
I should also add I use an ancient Mac too!
- the new one is coming this month!


Isabelle M.M.Devereux

unread,
May 5, 2013, 10:47:43 AM5/5/13
to mmug...@googlegroups.com
What I meant to say was - change your bank!
My old Mac has never had a glitch with my bank (Smile)

Martin J Duckworth

unread,
May 5, 2013, 10:52:13 AM5/5/13
to mmug...@googlegroups.com
I'm with Smile, thanks, a most excellent (mutual) Bank. Only ever excellent service from their support centre in Skelmersdale, UK.

The consensus thinking on forae appears to be that if your Bank wants you to use it, best run it as to not could give them an excuse not to reimburse one's losses from fraud.

Martin

Rick Squires

unread,
May 5, 2013, 11:03:09 AM5/5/13
to mmug...@googlegroups.com
If you have any other AV software installed expect a fight on your hands. There's very little information on how it works, but the fact that it blocks installs may give you problems too. I'd be interested to know whether it stopped Mac Defender from installing for example.

The installer landed up unasked for on one of our Macs under my wife's(non admin) account as she banks with HSBC. No information given about it so I trashed it(as I would no with any installer I didn't ask for)

You'd have to ask your Bank about liability. Mine(Barclays) doesn't use Rapport

Sent from my iPad

Martin J Duckworth

unread,
May 5, 2013, 11:26:41 AM5/5/13
to mmug...@googlegroups.com
Doesn't appear to do much apart from flagging up a warning (and choice boxes) whenever a password it recognises is used on a site that it doesn't recognise.

So 110Mb seems a bit too much 'real mem' to tie up.

Trustees provide a removal tool that seemed to work.

Martin

Sent from my iPad

Drew Reece

unread,
May 5, 2013, 11:31:31 AM5/5/13
to mmug...@googlegroups.com
NAT & Firewall's only stop unsolicited requests from the outside world. It's entirely possible to install malware, viruses, trojans… when behind a router, other devices on that same network can also be compromised and can look for new targets on the same network. Once inside the network malware can reach out onto the internet the router/ firewall becomes irrelevant (they usually all allow traffic out, so incoming requests are no longer unsolicited).
I think this is the reason why the most recent malware for Macs have been in the form of trojans hidden inside legitimate installers (or pirated copies of legitimate apps).

Rapport appears to be an anti virus/ malware scanner that focuses on stopping financial service attacks. It also claims to stop phishing attacks. I'm not clear on how this is different to any other regular AV scanner (like ClamAV - a.k.a ClamXav for Mac) and using a site with correct https/ SSL setup. It also checks for known flaws that haven't been fixed (zero day exploits), which is something that ClamXav doesn't do.

Personally I don't like services that force software onto your machine just to complete one task, especially when it's web based anyway.

If you are paranoid you could create an OS installation just for banking tasks. On a removable disk install a clean OSX and install verified software updates from Apple…
http://support.apple.com/kb/HT5044
An 8GB memory stick should be enough for >10.7, but it will run slower than normal due to the lower read/write speeds. Older OS's need a bit more space IIRC.

Optionally install ClamXav or other scanner & enable all the security features you can - don't run as admin, disable opening downloads, enable built in firewall, enable secure virtual memory, even use File Vault if you want to protect the disk when not booted.

You could even install Rapport if you think it's necessary & safe.

Only use the 'clean system' for your banking tasks.

Linux Live CD's are ideal for this, so long as you verify the checksums of the source (so it hasn't been tampered with) and can work out how to open a browser in Linux. It's easier to grab a new installer as updates come out too.

It seems the bad guys are trying to exploit Rapport too…
https://krebsonsecurity.com/2011/07/zeus-trojan-for-google-android-spotted/

P.S.
It's probably worth checking the banking site uses SSL with Extended Validation (EV) and isn't being tampered with along the way. https://www.grc.com/fingerprints.htm <- Steve Gibson checks & explains it all.

Re:co

Drew Reece

unread,
May 5, 2013, 11:45:21 AM5/5/13
to mmug...@googlegroups.com
There is also SSL labs for verifying SSL security.
Submit the URL of the banking login page to see how it is rated.

https://www.ssllabs.com/ssltest/analyze.html?d=https%3A%2F%2Fwww.nwolb.com%2F
nwolb = Natwest

Tell your bank if it fails or has a low rating.

R
Reply all
Reply to author
Forward
0 new messages