NOW READ THIS
("Security Advisory")

Go Back

Submitted by: Bill Hickey
NCVA Listmaster

NRT-0614 Running secure transactions on an infected PC:


Your computer has been breached by malicious hackers. It is completely loaded with malware and spyware. You're about to get online, connect to a financial institution, and make some transactions. Is there anything, at this point, that can keep your identity off the black market? SiteTrust, a tool released by Waltham, Massachusetts, data‑security company Verdasys, aims to protect users from fraud, even when their computers have been compromised. After licensing SiteTrust from Verdasys, a financial institution would provide it to users as a supplement to their existing antivirus software. Once SiteTrust is downloaded and installed, it takes up less than a megabyte of disk space. When the user is connected to a protected site, SiteTrust consumes 1 to 2 percent of the computer's processing capacity. While the tool could work with multiple sites, the initial idea is that a customer would receive it for use with a specific website. SiteTrust bypasses malware because it is essentially a rootkit ‑ a program designed to bury itself deep in a user's operating system, where it can take fundamental control of most of the software running on the machine. When the user types in the URL of a protected site, Ledingham says, SiteTrust steps in. Without changing the appearance of the user's screen, SiteTrust separates the secure transaction from whatever else might be going on in the browser by running a fresh version of the browser code as its own "process." SiteTrust then monitors this process to make sure that no other program tries to interfere with it. As the user interacts with the site, SiteTrust bypasses many of the vulnerabilities of the operating system, instead taking information from the user's keyboard, encrypting it immediately, and sending it to the website. SiteTrust currently runs on Windows machines and works with the Internet Explorer and Firefox browsers. The company is working on Linux, Mac, and Safari versions. SiteTrust is launching to six million customers of an undisclosed online broker in the near future. The company plans to make additional deals to protect other websites.

[Technology Review 15Sep08]


Valid XHTML 1.0! Valid CSS! Counter Image
Last Modified: Friday, 10-Oct-2008 12:09:24 EDT