Bank Security Software EULA Allows Spying On Users

An anonymous reader writes Trusteer Rapport, a software package whose installation is promoted by several major banks as an anti-fraud tool, has recently been acquired by IBM and has an updated EULA. Among other things, the new EULA includes this gem: "In addition, You authorize personnel of IBM, as Your Sponsoring Enterprise's data processor, to use the Program remotely to collect any files or other information from your computer that IBM security experts suspect may be related to malware or other malicious activity, or that may be associated with general Program malfunction." Welcome to the future...

Shop elsewhere

[ysth]

If a bank/CD/whatever other crazy thing requires you to install software to use it, take your business elsewhere.

Re:How crazy

[al0ha]

Agreed, these so called kooks actually understand how IT works; that's why they are alarmist.

Yeah I trust IBM to only use the software to remotely collect *malicious* files from my system, I am sure IBM never receives confidential requests from the NSA or anything like that. *rolls eyes*

Re: Bank Security Guy here

[markdavis]

It certainly won't change the fact that we can't run it on Linux and it is a pain in the ass under any platform.

Trusteer Rapport is a HORRIBLE idea and many businesses are being FORCED to deal with it because it is essentially mandatory for many banks (looking at YOU, Suntrust).

It is a totally unacceptable "solution" from an I.T. department perspective. And it is also unnecessary for many situations, if they just allow us some additional common-sense controls (like limiting access to just certain IP addresses, or using hardware token devices).

Re: How crazy

[rickb928]

I work with teams in the U.S. and Canada, Mexico, Britain, Australia, India, and the Philippines. I have no normal working hours any more.

But my employer does not require me to do 8-5 and will other hours. An 11pm call either leaves me staying the next day at 10am, or
  taking the 2nd day off.