On 23 February 2012 10:49, <[email protected]> wrote: > I'm using Tor browser bundle for Windows v2.2.35-7.1 (latest as of Feb > 2012) and notice that Trusteer Rapport (software pushed hard by banks > in the UK that is supposed to raise the bar against > keylogging/screenshot stealing malware on Windows) is happily > functioning inside the Aurora instance of the Tor browser bundle. This > goes against the "do not install plugins in your truster browser" > rule. > > I understand that Tor is not trying to protect against local attacks > and Trusteer Rapport is certainly installed on my local computer - but > the fact it's just "there" in Aurora concerns me. The result is that a > common database (of logins Rapport monitors and tries to protect) is > shared between all of my browsing sessions. > > Short of running tor-browser-bundle on a read-only Linux live system > running off USB media, is it possible to somehow protect the Aurora > instance from accepting any external plugins to interfere with it? It > appears there are software bundles out there that accomplish this [0] > but that may be too far in local application protection space (and > therefore off-topic) for Tor to address. > > I assume the answer in Tor-browser-bundle & Rapport's case is "no, it > cannot be blocked" - as it's supposed to trap system calls below the > browser level - but it seems to have the potential to compromise the > anonymity of people using the Tor browser bundle so I thought I'd ask. > > Alex > > [0] http://www.trusteer.com/support/en/dell-kace-secure-firefox-browser
Sorry forgot screenshot - attached with Rapport plugin circled in red.
_______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
