I think Trusteer Rapport looks like a good product but I am extremely sceptical about its capabilities on a PC with pre-existing rootkit infection. Sure it may well cope with some user land keyboard loggers and screen grabbers but serious Rootkits?????
Without removing any pre-installed rootkit Trusteer's Rapport API blocking layer could be completely countermanded raising the obvious concern of unencrypted data leakage. This could easily occur, and worse while the user believes he or she is TOTALLY safe from information theft. This is a critical and fundamental weakness of Trusteer Rapport.
The security industry has seen wave after wave of technologies presented as a panacea in one area or another.
Trusteer Rapport may be part of the solution along with Prevx eSAC, Microsoft's Credentica and a few others. These vendors should work towards a hybrid solution but I wouldn't present even that as a panacea. But it would be much stronger than anything else we have seen.
Munchun
