Wilpower2k3

Banking Mode not consistantly working when used.

Recommended Posts

Hi all: Am running OA++ Reg. and have set up two Banking sites through 'Learn' process under Advanced Mode.

The feature seems to work after immediately setting it up but then does not allow on consistant basis.

I have attached a pop up that occurs sometimes and if clicked allow seems to allow access to Banking site, however this pop up is also not consistantly coming up, nor is there a "Remember my choice" option.

I have attached sreenshots.

Thanks and confused??

Share this post


Link to post
Share on other sites

Hi all: Am running OA++ Reg. and have set up two Banking sites through 'Learn' process under Advanced Mode.

The feature seems to work after immediately setting it up but then does not allow on consistant basis.

I have attached a pop up that occurs sometimes and if clicked allow seems to allow access to Banking site, however this pop up is also not consistantly coming up, nor is there a "Remember my choice" option.

I have attached sreenshots.

Thanks and confused??

Can anyone offer any information on my concern?

Is there something I'm missing that would cause this behavior?

Anyone?? :(

Share this post


Link to post
Share on other sites

Did you initially enter the sites as rbcbank.com and paypal.com in Websites because choosing Learn?

Hello catprincess and thank you for your response. I believe I did.

The RBC Bank Home page is rbcroyalbank.com which I have entered in the "Learn" process and is shown on the first screenshot I have attached to this post. The problem only arrises when I click 'Sign In' which then takes me to the sign in page shown in the second screenshot.

As you can also see from the third screenshot I have entered all relevant RBC sites and have gone through the Learn process with each one.

NOTE: When I go to websites and choose www1.royalbank.com "LEARN" which is the 'sign in page' (The one that OA++ is having problem remembering)it does not open, I only get "Navigation to website cancelled"(forth screeshot). I always get the Home page no problem. During innitial Learn procedure I go through the full sign in procedure which includes the sign in page (www1.royalbank.com) however when then using "Banking Mode" OA does not remember the sign in page.I believe the issue could somehow be related to the OA "Service Unavailable" popup that 'always occurs' before taken to the Home Page. This popup does not have a 'Remember Option'??(5th.screenshot).

I'm sure this appears confusing, however I hope you can make some sense of it. And I do not understand why the www1.royalbank.com website does not open in the 'Learn' process (Navigation to Website Cancelled)4th. screenshot.

I appreciate your time and hope we can make some sense of this :(

Share this post


Link to post
Share on other sites

Does the problem still occur if rbcbank.com and paypal.com are set to Trusted instead of Protected?

Does not appear too.

Wouldn't you know, the only thing I didn't think of trying (because I believe in the Help File said could be set 'Trusted or Protected') after Learn Procedure.

I will check back if anything changes.

For now thank you very much catprincess for your assistance....very much appreciated. ;)

WP

Given no further problems is there a process for setting Thread as "resolved" or is it simply left as original thread?

Share this post


Link to post
Share on other sites

It should still work with the sites set to Protected. I'm unsure why that setting seems to be causing problems.

Your thread can be closed and marked Resolved if you'd like (although it's probably more a workaround than a resolution I guess). It's also fine to leave the thread as is though :)

Share this post


Link to post
Share on other sites

Thank you.

Being as this is a work around> Would anyone in the Emsisoft Technical Area(developer)be interested in following this up. I would be agreeable in providing any further info. logs etc. if required. :)

Share this post


Link to post
Share on other sites

The developers check the forum, so they will probably look into it and let you know if they need any information :)

Thank you catprincess and I hope they do, as it is an option that apparently is not functioning properly. :)

Share this post


Link to post
Share on other sites

The developers check the forum, so they will probably look into it and let you know if they need any information :)

Hello again: Unfortunately the 'set to Trusted'(or Protected as previously stated) work around has not worked consistantly either. Once set up (Learn)I kept the Mode set to "Banking" for 2 days and I could access the sign in page (which is the page in question) until today, when it seems I had to change to "Advanced" in order to receive updates. When in Banking Mode I kept getting "Ikarus Server is not available" for the 2 days OA++ was setting on Banking Mode. Changed it to Adavanced and OA++ updated.

Now when changed back to "Banking Mode" the sign in page will not connect(See Screenshot):(

There is certainly something not right, and one of OA++ main security features is for some reason not functioning on a consistant basis.

This is concerning, I have been trying everything I can think of for days and nothing has solved the problem so the feature works "consistantly".

Thanks in advanced for any direction or fix :)

Share this post


Link to post
Share on other sites

When in Banking Mode I kept getting "Ikarus Server is not available" for the 2 days OA++ was setting on Banking Mode. Changed it to Adavanced and OA++ updated.

Banking Mode is only designed for use while Banking :) When you aren't banking, you need to switch out of Banking mode as this mode only allows connections to Trusted or Protected sites and blocks all other traffic.

I don't know what is going on with your Banking site unless the site is constantly changing to use random domains everytime you sign in, in which case the Learn process probably can't learn the setup.

Share this post


Link to post
Share on other sites

Banking Mode is only designed for use while Banking :) When you aren't banking, you need to switch out of Banking mode as this mode only allows connections to Trusted or Protected sites and blocks all other traffic.

I don't know what is going on with your Banking site unless the site is constantly changing to use random domains everytime you sign in, in which case the Learn process probably can't learn the setup.

Thank you for the update info. as I assumed this. :)

Mmmm.... So if I am understanding you correctly, you are saying that I'm at an impass and there is nothing further we can do to track down this specific problem.

Share this post


Link to post
Share on other sites

Mmmm.... So if I am understanding you correctly, you are saying that I'm at an impass and there is nothing further we can do to track down this specific problem.

There's not much I can do personally as I don't have an account with this bank and so can't look any further than the sign in page so see if the same problem occurs for me. You can open a support ticket with Emsisoft's Customer Center and see what they say though :)

Share this post


Link to post
Share on other sites

There's not much I can do personally as I don't have an account with this bank and so can't look any further than the sign in page so see if the same problem occurs for me. You can open a support ticket with Emsisoft's Customer Center and see what they say though :)

Thanks for your time catprincess. I appreciate it :)

Is there a way to simply provide 'Customer Center' with the link to this post. This would be far more efficient (with Screenshots and all) then trying to go over all the details again.

I would also like to add that The Royal Bank of Canada is among one of the largest in North American and certainly in Canada. Any security measures (like constant domain changing) I'm pretty sure would also be applied by the other equally large financial institutions like: Chase Manhatten, Bank of Montreal, Hong Kong Bank of Canada etc.

If this is the case then one would think OA++ would also not function with their sites either.

Frankly, I can't see this being the case, because if so then the 'Banking Mode' feature is pretty much useless. And it is one of the Main Reasons I decided to purchase a license.

I certainly hope someone can give me a definitive answer and explanation.

Thank you again B)

Share this post


Link to post
Share on other sites

Thanks for your time catprincess. I appreciate it :)

Is there a way to simply provide 'Customer Center' with the link to this post. This would be far more efficient (with Screenshots and all) then trying to go over all the details again.

You're welcome :) I'm not sure what information the Customer Center will request of you directly but this is the link to your thread here (you can just right click it and copy it) http://support.emsisoft.com/topic/3311-banking-mode-not-consistantly-working-when-used/ if you'd like to mention it in your correspondence with them.

I would also like to add that The Royal Bank of Canada is among one of the largest in North American and certainly in Canada. Any security measures (like constant domain changing) I'm pretty sure would also be applied by the other equally large financial institutions like: Chase Manhatten, Bank of Montreal, Hong Kong Bank of Canada etc.

The constant domain changing was just one guess as to the cause of the problem :) It may well be completely unrelated.

Share this post


Link to post
Share on other sites

You're welcome :) I'm not sure what information the Customer Center will request of you directly but this is the link to your thread here (you can just right click it and copy it) http://support.emsisoft.com/topic/3311-banking-mode-not-consistantly-working-when-used/ if you'd like to mention it in your correspondence with them.

The constant domain changing was just one guess as to the cause of the problem :) It may well be completely unrelated.

I have submitted a support ticket to Customer Care and have every confidence that the developers/Tech folks will do everything to resolve this issue.

I understand that they have spent significant time on the 'Banking Mode' feature in their beta testing. :)

Share this post


Link to post
Share on other sites

Hello again: Unfortunately the 'set to Trusted'(or Protected as previously stated) work around has not worked consistantly either. Once set up (Learn)I kept the Mode set to "Banking" for 2 days and I could access the sign in page (which is the page in question) until today, when it seems I had to change to "Advanced" in order to receive updates. When in Banking Mode I kept getting "Ikarus Server is not available" for the 2 days OA++ was setting on Banking Mode. Changed it to Adavanced and OA++ updated.

Now when changed back to "Banking Mode" the sign in page will not connect(See Screenshot):(

There is certainly something not right, and one of OA++ main security features is for some reason not functioning on a consistant basis.

This is concerning, I have been trying everything I can think of for days and nothing has solved the problem so the feature works "consistantly".

Thanks in advanced for any direction or fix :)

Hi wilpower2k3,

Sorry you're having problems with OA.

Could you please tell me if the login page available when accessed from some common browser (www1.royalbank.com) while OA is in Banking Mode? (Please try accessing it with "http://" and "https://" prefix).

Thanks in advance,

Best regards,

Andrey.

Share this post


Link to post
Share on other sites

Hi wilpower2k3,

Sorry you're having problems with OA.

Could you please tell me if the login page available when accessed from some common browser (www1.royalbank.com) while OA is in Banking Mode? (Please try accessing it with "http://" and "https://" prefix).

Thanks in advance,

Best regards,

Andrey.

Hello andrewf and thank you for you response: The login page is not available through IE8(Common Browser) with either prefix> http:// or https:// in Banking Mode.

I have attached the 2 attempts with each prefix (Screenshots)

Note: I want to restate a point I stated in my initial post. If I go into "websites" and re-do the 'learn' process(In Advanced Mode)for www.royalbank.com which is the Home Page and I click SIGN IN, I get the sign-in page, I sign in and can access my accout.

I then switch to 'Banking Mode' and I am able to access my account, but that soon changes.This changes for some reason after awhile. I don't know exactly when or why I am unable to succeed on a consistant basis.

This is extremely frustrating as access in Banking Mode' is not guaranteed over time, and soon becomes non functional.

Thanks again for your time and I hope we can resolve this issue. :)

Share this post


Link to post
Share on other sites

Hello andrewf and thank you for you response: The login page is not available through IE8(Common Browser) with either prefix> http:// or https:// in Banking Mode.

I have attached the 2 attempts with each prefix (Screenshots)

Note: I want to restate a point I stated in my initial post. If I go into "websites" and re-do the 'learn' process(In Advanced Mode)for www.royalbank.com which is the Home Page and I click SIGN IN, I get the sign-in page, I sign in and can access my accout.

I then switch to 'Banking Mode' and I am able to access my account, but that soon changes.This changes for some reason after awhile. I don't know exactly when or why I am unable to succeed on a consistant basis.

This is extremely frustrating as access in Banking Mode' is not guaranteed over time, and soon becomes non functional.

Thanks again for your time and I hope we can resolve this issue. :)

Hi willpower2k3,

Could you please reproduce the problem and send me your firewall logs to oasupport (at) emsisoft (dot) com?

(Please do some timing report like "12:30 - surfing normally, 12:40 - problem occured".

Please include link to this thread in the message body, so we'd know what your logs are for.

How to get the right logs:

1) Go to Options->Firewall

2) Make sure that "Additional debug info" checkbox is ticked. and Logging level set to "Blocked events".

3) Start reproducing the problem

4) Zip the contents of the "Logs" folder located at your Online Armor installation directory.

5) Send zipped logs to the address I mentioned above.

Thank you in advance,

Best regards,

Andrey.

Share this post


Link to post
Share on other sites

You are welcome Andrey. :)

I have proceeded with and completed your instructions.

I hope the logs will reveal exactly what is wrong with why OA++ does not retain the 'Learn'process information on the Web Site.

Thank you again for your support.

Share this post


Link to post
Share on other sites

Submitted a support request a month ago.

Still waiting for a reply from the developers :(

I've always wondered how the DNS spoofing protection in Banking mode is actually implemented: does OA store the DNS hostnames & actual IP addresses of "Protected" sites provided by the Trusted DNS? If so, then there may be a problem when the user's default DNS servers yield a different DNS lookup result than OA's Trusted DNS does, because the authoritative DNS server for a host may give a result that depends on the origin of the query: e.g., a query from Europe may direct the browser to the bank's European host servers, while a query from Canada may may direct to the bank's North American servers, all in the intent to provide faster response times for online banking customers depending where they are located.

I've seen this kind of discrepancy between OA's Trusted DNS result and your usual DNS server result when attempting to use OA in Banking mode on www.ebay.com (after all, www.ebay.com does want your money...): several popups stating that normal DNS and Trusted DNS don't agree on IP lookups, hence suspicion of DNS spoofing. Well, I'm assuming this was because www.ebay.com has geographoically localized server infrastructure around the world. I dropped the attempt, especially as the learn process for www.ebay.com was adding dozens of "Trusted" sites to my web site list, not all of them under Ebay's direct corporate control. (But banking mode does seem to work with Paypal...)

Share this post


Link to post
Share on other sites

I've always wondered how the DNS spoofing protection in Banking mode is actually implemented: does OA store the DNS hostnames & actual IP addresses of "Protected" sites provided by the Trusted DNS?

When you go to a Trusted or Protected site, OA compares the DNS results from your internet service provider with those of a trusted third-party DNS server, and alerts you if they do not match.

Share this post


Link to post
Share on other sites

When you go to a Trusted or Protected site, OA compares the DNS results from your internet service provider with those of a trusted third-party DNS server, and alerts you if they do not match.

Would it not compare the IP address of the URL provided by your DNS server with the IP address provided by the trusted server for the same URL? I'm unsure if the ISP is part of the equation.

Share this post


Link to post
Share on other sites

Would it not compare the IP address of the URL provided by your DNS server with the IP address provided by the trusted server for the same URL? I'm unsure if the ISP is part of the equation.

I'm sure CatPrincess was just abbreviating the fact that most people just take the DNS service provided by their ISP (normally through the usual DHCP mechanism when they set up their Internet connection) without further ado.

Share this post


Link to post
Share on other sites

I'm sure CatPrincess was just abbreviating the fact that most people just take the DNS service provided by their ISP (normally through the usual DHCP mechanism when they set up their Internet connection) without further ado.

Agreed - I thought it was important to differentiate, because 'tricks' can be performed with DNS - I think that is why Banking mode exists. I assume that ISP DNS servers are relatively safe. My DNS server is my modem-router; so, I am dependent on the router's being able to correctly configure and protect its DNS server addresses (I always set them manually).

Share this post


Link to post
Share on other sites

I'm sure CatPrincess was just abbreviating the fact that most people just take the DNS service provided by their ISP (normally through the usual DHCP mechanism when they set up their Internet connection) without further ado.

Yep, that's right :) If you are using a different DNS server than the one provided by your ISP, then it will compare the results of the DNS server you are using with the results of the Trusted DNS.

Share this post


Link to post
Share on other sites

Yep, that's right :) If you are using a different DNS server than the one provided by your ISP, then it will compare the results of the DNS server you are using with the results of the Trusted DNS.

Appreciate your input catprincess and insert real name: DNS is not my strong point. How do these posts relate directly to the issue here.

When Bank Home Page (www.rbcroyalbank.com) is initially set up through the 'Learn' process, there does not appear to be any problem signing in(Using Banking Mode). Once I click 'Sign In' on the Home Page, I am then redirected to the Sign in Web page (www1.royalbank.com) where the necessary security info is entered and Bank Account is accessed.

However, here is the oddity> Once I turn off the computer or log out and then reboot, the "settings that OA has noted" seem to be lost (or changed) I really don't know; but now I am unable to access account. :(

I receive a DNS notice and the "Sign In" web page cannot be accessed. If I go back and re-do the 'Learn' process, then all is good >>>> until I reboot>>> then "Banking Mode" does not work.

Support has contacted me recently, and I have provided some Bug Logs etc. in hopes of tracking down the specific problem

I don't understand the DNS factor and how it directly relates to issue here.

Thanks. B)

Share this post


Link to post
Share on other sites

Agreed - I thought it was important to differentiate, because 'tricks' can be performed with DNS - I think that is why Banking mode exists. I assume that ISP DNS servers are relatively safe. My DNS server is my modem-router; so, I am dependent on the router's being able to correctly configure and protect its DNS server addresses (I always set them manually).

Some ISPs tweak their DNS infrastructure so that the standard "domain not found" answer to a lookup (NXDOMAIN, if I remember correctly) is replaced by a redirect to a search portal (Bing, Yahoo, etc.) that allows the ISP to earn click-through money (or some other traffic recompense). Also, any ISP can just throw together a bunch of Linux servers, configure the DNS servers to accept queries, and call it a day--I'm exaggerating, of course. But public DNS servers, like the ones Google makes available at 8.8.8.8 and 8.8.4.4, can also play a role in keeping customers out of known malware or hijacked domains, ensure that their cache is not poisoned by careful monitoring, etc. Your ISP DNS will probably be a tiny bit faster (although that is debatable in the case of Google, they've massively deployed it across their network).

One of the things Online Armor might look into, is embedding a Secure DNS (DNSSEC) client in the program as the trusted DNS; most of the top-level domains have this infrastructure already in place, I believe; this would do the trusted name resolution entirely through cryptographically secured lookups. No need any longer for an Online Armor trusted DNS service.

Share this post


Link to post
Share on other sites

[snip]

I don't understand the DNS factor and how it directly relates to issue here.

Thanks. B)

Well, I certainly went off-topic from your original post! sorry about that.

I just had a quick look at your latest posted screen capture and your description of how you got there. The pop-up does state that OA can't access the OA trusted DNS server. Since you have set OA in Banking Mode, it's shouldn't let you visit any website, trusted or untrusted, under those circumstances, since the trusted DNS server is unavailable.

Can you verify that no site is accessible, i.e., when you reach the error pop-up on your attempt to access your banking in Banking Mode, try opening another web browser window, and attempt to go to another website not on your trusted list? OA should block the attempt, the browser window should display a message to the effect that the site in question is unavailable. Now, switch OA back into its regular mode: if you hit the reload button for the web site that it just blocked, it should now load normally, since the trusted DNS is no longer required.

The loss of learned banking mode sites also needs some attention, even though I think the loss of access to the OA Trusted DNS is the real problem here: go through the OA learning procedure with your bank site access (make sure OA is in its regular mode when doing this). Without rebooting yet, open a command prompt window (Start-->All programs-->Accesories-->Command Prompt) and note down the results of executing

nslookup www1.royalbank.com

. It will be something like

Non-authoritative answer:
Name:    www1.royalbank.com
Address:  198.96.131.233

and it's the numbers that you want to note down.

Now, reboot your machine, go through the rigmarole of banking Mode and attempt to access your banking. When you reach the error pop-up, use nslookup to note www1.royalbank.com address numbers again. They will probably be different: I just tried

nslookup www1.royalbank.com

a second time, and the result is

Non-authoritative answer:
Name:    www1.royalbank.com
Address:  142.245.40.233

Different, which only shows that RBC is just using some kind of round-robin DNS to balance the load among several of its customer service web servers. (My bank probably does load balancing too, but the IP addresses don't change, and OA banking mode does work well--PayPal also works.)

I don't know if that kind of round-robin technique is compatible with OA banking mode, since OA's trusted DNS server will make its own DNS lookup of www1.royalbank.com and may receive yet another, different result!

So that's as much as I can help you, I'm afraid...

Share this post


Link to post
Share on other sites

Well I do believe you are on to something. I think catprincess may have eluded to this in an earlier post. ;)

Well if there is round -robin, rotating DNS thing going on and being that The Royal Bank is a major finanacial institution; then I would say OA has a serious flaw in its "Banking Mode" feature! Am I wrong???

The Royal Bank can't be the only major bank initiating this kind of round-robin technique. :(

That leaves the question; what can be done to resolve the problem.....And that is what the developers are hopefully going to recognize and resolve.

BTW, I don't have a problem accessing 'PayPal' account in "Banking Mode" :D

Edit: I am awaiting a response to the latest data I sent,requested by Support a couple of days ago..

Share this post


Link to post
Share on other sites

Well I do believe you are on to something. I think catprincess may have eluded to this in an earlier post. ;)

Well if there is round -robin, rotating DNS thing going on and being that The Royal Bank is a major finanacial institution; then I would say OA has a serious flaw in its "Banking Mode" feature! Am I wrong???

The Royal Bank can't be the only major bank initiating this kind of round-robin technique. :(

No, I'm sure RBC isn't the only financial web site doing this, but I do want to emphasize that I'm far from expert in these matters and that, in any case, I have no knowledge of how OA actually does its Banking Mode--I'm making a lot of assumptions. I'm not sure how it could ever deal with round-robin DNS. Normal DNS address queries deliver just one result, I think, special queries have to be crafted to get all of the address records for one host name--and even then, with geographically distributed DNS, you might get different sets of addresses for queries originating in different areas.

The few times I've directly contacted OA support (both in the TallEmu and Emsisoft eras), they've been clear in explaining the product's limitations and what improvements may be expected.

Share this post


Link to post
Share on other sites

Well what ever the case may be, the fact remains that a feature of the software doesn't function right(at this point).

I appreciate the response from Support,and inquiry for Debug Logs and Firewall logs which I provided.

Now I'm anticipating a response. :)

Share this post


Link to post
Share on other sites

No, I'm sure RBC isn't the only financial web site doing this, but I do want to emphasize that I'm far from expert in these matters and that, in any case, I have no knowledge of how OA actually does its Banking Mode--I'm making a lot of assumptions. I'm not sure how it could ever deal with round-robin DNS. Normal DNS address queries deliver just one result, I think, special queries have to be crafted to get all of the address records for one host name--and even then, with geographically distributed DNS, you might get different sets of addresses for queries originating in different areas.

The few times I've directly contacted OA support (both in the TallEmu and Emsisoft eras), they've been clear in explaining the product's limitations and what improvements may be expected.

I have sent more Firewall logs and Debug "dial" to support a week ago and am waiting for some feedback on the data.

NOTE:I have also inquired if any of the DNS discussion here in posts #23 to #33 have any bearing on the problem discussed in this topic.

No response as yet. B)

Share this post


Link to post
Share on other sites

I have sent more Firewall logs and Debug "dial" to support a week ago and am waiting for some feedback on the data.

NOTE:I have also inquired if any of the DNS discussion here in posts #23 to #33 have any bearing on the problem discussed in this topic.

No response as yet. B)

They say that they are working hard on the new version 5.0 of Online Armor, and I'm inclined to believe them. It would make sense if they wanted to wrap up and release 5.0 before doing any more bug hunting. That way, they can see which problems still exist and concentrate on those, ignoring any that have been inadvertently (or purposely) fixed by version 5. I've no idea if this is their plan, I'm just guessing. Either way, we'll have to see if their support picks up after the release of 5.

If you seem to be having no luck with e-mail and such, you could always try talking to someone in real-time via the live support chat. The least they'll do is offer to flag up your problem for some attention.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.