Trusting Trusteer?

I have been with The Co-operative bank for a long time and have no plans to switch despite the problems which arose during the tenure of disgraced former chairman Paul Flowers aka the crystal Methodist. I use the online banking system and one day (a long time ago) when I went to log in I was prompted to download and install some security software called Rapport from a company called Trusteer. Being naturally wary of such things I did a search and immediately discovered that people were having problems with it, so I declined. In fact the only options were to “Download” or “Remind me later” so I clicked the latter and proceeded as usual. I find the reminders mildly annoying but as long as they don’t make use of Rapport compulsory it is not a big deal.

But maybe the problems have been solved? Well I just searched the Apple Support Communities and from December 2013 alone I found comments such as:

• Get rid of Trusteer Rapport
• Uninstall the Trusteer Rapport third party junk that you put on your machine
• Get rid of it. Your Mac will not run properly with it installed
• McAfee and Trusteer Rapport are useless and will cause nothing but problems

Doesn’t inspire confidence does it? Maybe the Windows version is better, in which case the problem might just be that Trusteer are not employing competent Mac developers. All I know is that I am not touching it with a barge pole.

Fortunately I have worked in IT and am pretty clued up on security. I am running the latest version of OS X and always install security updates as soon as they are released. I hardly ever install third party software on my Mac, and then only after I have done a bit of research. I use a text only email client (Mutt) and don’t open attachments from unknown senders, never enter any password on the web unless I know I am in the right place etc. Anyway, OS X already has a lot of good security features built in so there is generally no need to install third party products.

I have no evidence that Rapport is anything but a piece of buggy software but in light of recent revelations there is another danger. Three days ago I read a Reuters article by Joseph Menn about a secret deal between the U.S. National Security Agency and RSA, one of the most influential firms in the computer security industry. Thanks in part to information leaked by Edward Snowden we know that the NSA has been pretty determined in its efforts to introduce back doors into widely used encryption software. Supporters will say that this is necessary in order to foil terrorist plots and that if you have nothing to hide then you have nothing to worry about, but the fact is that strong encryption forms the basis of all online security and without it we would not have secure Internet banking or commerce. What happens when these back doors are discovered (or leaked)? And if the NSA can pay to get its flawed algorithms embedded in security software sold by RSA then how many other companies have they targeted? What about Trusteer? Isn’t it possible that far from enhancing security they are secretly weakening it?

Now you may well be thinking “what about Apple?” and you are right to do so. Even if I install no third party software on my Mac I still have to trust Apple. Have they made a deal with the NSA? Of course I can’t rule it out but I am still better off minimising the number of third party organisations whose software I allow to run on my machine – particularly software that asks for my admin password. Switching to Windows is not an option I would consider, and it is no less likely to be compromised (probably more so). An open source system might be safer and I would consider a move to Linux but I am sticking with Apple for now. A sign that Apple is not rolling over is the inclusion of a “Warrant Canary” in its first transparency report, as explained in this EFF article by April Glaser.