Home > All, Security Issues > Sorry – we can’t protect you against your own stupidity

Sorry – we can’t protect you against your own stupidity

October 18, 2010 Leave a comment Go to comments

 

click for full size

Amit Klein, CTO, Trusteer

 

I was talking to Amit Klein, the CTO of Trusteer, because I wanted a better understanding of how Rapport works. Rapport is Trusteer’s anti-banking trojan product. It’s free if your bank is a participating bank. The product prevents online bank transaction fraud; so it saves the banks money. If it saves the banks money, it is only fair that they pay for it. You get it free.

It works by protecting your browser. It recognises worrying behaviour and stops it. So, if I’m infected with Zeus (or some other bank trojan) and start an online bank transaction, Rapport sees Zeus trying to interfere and steps in to protect me.

Ah, I said. OK, you can protect my browser/bank interaction; but what if I’ve got a completely separate root-kit infection that doesn’t try to interfere with the transaction, just tries to steal my credentials?

Amit was very polite. He said, “We will protect your credentials when you’re online to your bank. But if you leave them lying around in some file on your computer…”

What he was saying was that security software can do what it is designed to do: but no software can protect against user stupidity. And that’s something we sometimes forget. We can install all the security we want: it won’t work if we forget to teach our users about security awareness.

Trusteer

Categories: All, Security Issues
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s