Archive for September, 2010

Safer Online Banking: Trusteer Rapport

Online banking and ecommerce are convenient and quick. And attractive to would-be attackers. To protect your data when logged on, such sites typically use Secure Sockets Layer, or SSL, to provide a secure channel between you and the site that employs it. But SSL doesn’t kick in until the data transfer occurs, hence it cannot fend off keyloggers, phishing, man-in-the-middle attacks or other malware behavior that intercepts (and possibly redirects) communications before it hits the SSL channel. A keylogger, for example, can still record the username and password used to login to the secure site, intercepting it locally before it gets sent to the site.

Trusteer Rapport adds an important layer of security – when you access a designated site, Rapport kicks in to uber defense mode, preventing the local behaviors that can compromise your online security. Rapport prevents:

  • Keyloggers and Screen Captures
    A keylogger trojan can record keystrokes or take screenshots when specific activity (such as opening your bank website) are detected. Trusteer Rapport uses API blocking to prevent this type of behavior, alerting you if any such activities are attempted when you visit a Rapport-protected site. Rapport also encrypts the data from the keyboard to the network, offering a local security layer until its handed off to SSL.
  • Man-in-the-Middle and Redirection Attacks
    Social engineering is often used in conjunction with malware. One of the most common is to try and trick the user into visiting a fake bank or ecommerce site. But malware can also automatically redirect to these bogus lookalike sites when the legitimate site is requested by the browser – no fooling required. Trusteer Rapport uses delivery confirmation for designated websites, offering protection against man-in-the middle attacks, session hijacking, phishing, and pharming. In short, Rapport ensures the site you are on is really the site you intended to visit.
  • Phishing and Other Socially Engineered Scams
    Phishing is a scam in which the attacker sends an email purporting to be from a valid financial or eCommerce provider. The email often uses fear tactics in an effort to entice the intended victim into visiting a fraudulent website. Once on the website, which generally looks and feels much like the valid eCommerce/banking site, the victim is instructed to login to their account and enter sensitive financial information such as their bank PIN number, their Social Security number, mother’s maiden name, etc. This information is then surreptitiously sent to the attacker who then uses it to engage in credit card and bank fraud – or outright identity theft. Rapport protects against these types of attacks by tagging sensitive information, associating it with the legitimate site and warning you if its attempted to be used elsewhere.
  • Get More info on Trusteer Rapport

Microsoft Internet Explorer 9 review

Next to Internet Explorer 8, Microsoft Internet Explorer 9 is faster, with a streamlined interface. But some areas still need refinement in Microsoft’s brand new web browser. IE9 is in beta and available to download from Microsoft

Internet Explorer 9’s New Look

The first thing you’ll notice about Internet Explorer 9 is its new, simplified look. In use, we found the new interface had both its pros and its cons. Microsoft built IE 9 around the idea of putting the web page at the forefront of the interface by reducing the number of visible buttons and controls. And in many ways, it works: When you first open up IE 9, all you see is one toolbar, with only a minimum number of controls. The controls and toolbars are semitransparent, in the same way as window frames in Vista or Windows 7 are transparent, and are designed so as not to distract from the web page that stands at the center of attention.

But there is such a thing as too little interface, as we quickly discovered. By default, IE 9 only briefly gives an indication of whether a page is loading: it will show a spinner on the tab for a second or two when you first click a link or enter a URL, and then nothing. This can be frustrating on slower connections – we weren’t sure if IE was still loading the page or if it gave up. And we’re not a fan of Microsoft’s decision to bunch tabs and the address bar on the same line; it can get awfully crowded in a hurry up there, especially if you open lots of tabs or have a small screen.

Longtime IE users may be stymied by Internet Explorer 9’s new interface as well: we had some trouble finding our favourite features in this new version. The company’s goal was to show only the features that most users will actually put to use (for example, you’ll notice the favourites bar is hidden by default), but also says that it didn’t remove any features from IE. Meanwhile, some elements remain fundamentally unchanged; for example, the Internet Options pane is still a cluttered mismash of buttons, checkboxes, tabs, and settings toggles that may be confusing to the uninitiated.

All that said, IE 9 marks a clear improvement that’s less intrusive with alerts and dialog boxes than previous versions. For example, when you download a file in Internet Explorer 9, you’ll get an unobtrusive bar at the bottom of the screen asking if you want to run or save the file, as opposed to the alert box that you’d get in IE 8 and earlier.

If you’re running Windows 7, you can pin shortcuts to links or sites to the taskbar and Start menu. To pin a site to the taskbar, drag the favicon – the small icon located next to the page’s URL – or the browser tab to the taskbar. If you open the page by clicking the taskbar shortcut, the resulting IE window will take the colour of the favicon, and display it in the browser’s toolbar as a visual aid.

When you right-click a pinned site icon, you’ll get a jumplist that by default includes a menu option to enable InPrivate browsing (a browsing mode that doesn’t leave cookies, cache files, or browsing history behind). But Microsoft says that site designers will be able to add some code for putting custom menu items on the jumplist.

We found the taskbar pin feature useful, especially for sites we visit on a frequent basis. Its presence makes web pages feel more like apps than ever before. But you can’t combine pages together into one taskbar tile, which would be even more useful and would reduce clutter (your taskbar can get filled up in a hurry with pinned sites).

IE 9 takes a page from Google Chrome’s playbook with a single box for both searching and entering URLs. Microsoft calls this combined address bar/search bar the Onebox. The Onebox works pretty much as advertised: Start typing a URL, and it’ll show auto-complete suggestions as you type, just as in IE 8 and earlier. Type a search query and press return, and the browser will take you by default to a Bing search for that query. Like IE 8, Internet Explorer 9 doesn’t limit you to Bing searching: Click the Add button in the Onebox drop-down menu, and you can add support for other search engines.

Despite all this new interface goodness, we feel Microsoft didn’t go far enough in simplifying and streamlining its browser. The Internet Options pane, for example, looks dated and is in serious need of a makeover. Hopefully, in version 10 Microsoft will delve a little deeper and clean up some of IE’s remaining rough edges.

Internet Explorer 9: Download Manager and Security Enhancements

A long-overdue addition to IE 9 is a download manager that, as you’d expect, lets you see all your active downloads, just as you can with other Windows web browsers. The download manager window tells you the basic vitals on your download’s progress, and lets you pause or cancel it. This is pretty standard on other browsers, but it’s a welcome addition nonetheless.

Microsoft has also added in some new protections against malicious downloads. The SmartScreen download reputation feature can identify safe, popular downloads, and will let those files download without a warning message (you’ll still get the message for less popular downloads, ones that IE isn’t sure about). The idea is to cut down on the number of times you’ll see the “This file may harm your computer” nag, and to show it to you only when it’s absolutely necessary. It will still ask you whether you want to run or save a file before you download it, but for popular downloads (iTunes, Flash Player, etc…), that’s all you’ll see. This worked reasonably well.

Internet Explorer 9: Performance

With IE 9, Microsoft is making a big push for supporting the latest web technologies, and improving browsing performance. We didn’t have a chance to test it on normal, everyday sites, but we did run it through the SunSpider JavaScript benchmark.

The result? A dramatic improvement over IE 8’s JavaScript performance, which, in past testing, had lagged far behind its competition. In informal testing, IE 9 completed the test in 484.0 milliseconds. By comparison, on our test system – a 2.13GHz Intel Core 2 Duo desktop running Windows Vista – Chrome completed the benchmark in 397 milliseconds, Opera in 354, Safari in 445, and Firefox 3.6.9 in 1067 milliseconds.

Keep in mind that actual performance results may vary depending on your PC’s configuration, and on other factors such as the sorts of sites you visit, your connection speed, and so forth. Remember, also, that we haven’t tested it on actual sites as yet. But the fact that IE 9 put up drastically improved numbers in this one test is a very good sign.

Page-loading performance aside, IE 9 will also check to see if any add-ons you’ve installed are slowing down your browser’s startup time. If any are, it will notify you once it opens. Thanks to this feature, we realized that we had some add-ons installed that we didn’t even know were there. This check by IE 9 is a fairly small addition, but it’s a welcome one.