Comodo Antivirus Tech Support Feature Lets Anyone Connect to Your PC

[Batu69]

Another case of antivirus software gone horribly wrong

Google researcher launching malicious applications on the user's PC using the GeekBuddy exploit

 

Google Project Zero security researcher Tavis Ormandy has discovered that one of Comodo's tech support tools packed with many of the company's security products leaves the door open for attackers to connect with admin privileges on the user's PC.

Ormandy noticed users complaining online about a VNC server that started on their Windows systems where they installed Comodo Antivirus, Comodo Firewall, or Comodo Internet Security.

Comodo tech support tool at the core of the problem

The researcher investigated the issue further and discovered that to blame for this problem was a remote desktop tool called GeekBuddy, which Comodo was bundling with its security software.

GeekBuddy was used by its tech support staff to debug problematic computers from afar. The application allowed Comodo staff to connect from remote locations by opening a VNC server on the user's PC.

If the user was connected to the Internet, anyone could access the user's computer using this backdoor. If the computer was offline, anyone could do the same from a local network.

GeekBuddy versions had no password, or used a weak one

In GeekBuddy's first iterations, the tool didn't even include a password, meaning anyone could just connect to the victim's PC using an IP:port combination.

Users complained about this problem, and in later GeekBuddy versions, Comodo introduced a password. The Google researcher says that this password is easy to guess, being composed of data stored in each computer's Windows Registry.

"The password is simply the first 8 characters of SHA1 (Disk.Caption+Disk.Signature+Disk.SerialNumber+Disk.TotalTracks)," Ormandy revealed.

Since Comodo installed GeekBuddy with full admin privileges, any attacker connecting through Comodo's support tool would have had full control over the system.

To prove his point, Ormandy provided a simple three-line exploit that discovered a workstation's SHA1 string, cut the first eight digits, and supplied them to the attacker.

The researcher informed Comodo of the issue on January 19, and subsequently released GeekBuddy 4.25.380415.167 to address the reported issues.

Mr. Ormandy had previously probed Comodo's software when it discovered that the antivirus maker was also shipping an insecure version of the Chromium browser, dubbed internally Chromodo. Mr. Ormandy is famous for discovering security issues in many high-profile security companies like Avast, AVG, Malwarebytes, Trend Micro, FireEye, and many others.

Quote

No response from Comodo yet. Let's hope they're not just going to leave everyone vulnerable until the 90day clock runs out.

#wtf #antivirus

— Tavis Ormandy (@taviso)

January 26, 2016

Well, Comodo wins as the most braindead and shady software I've seen so far. If you work for Comodo, please contact me. — Tavis Ormandy (@taviso)

January 22, 2016

Comodo Internet Security installs a VNC server with predictable password by default.

https://t.co/HQXVeKgMLT

¯\_(ツ)_/¯ — Tavis Ormandy (@taviso)

February 18, 2016

Article source

[coromonadalix]

Well done Comodo  pfff

 

I had my doubts about this company while using Comodo antivirus, i did not install chromodo and geekbuddy, but i was seeing stranges processes in task manager... had virusses that Comodo would not remove or put in quanrantine ...

 

Very deceptive Av

 

Tried Comodo after the Qihoo efficiency reports   ...   silly me

[Pjotr 1st]

UPDATE: Comodo has come out to clarify that only its support staff can connect to GeekBuddy, through special company relay servers, meaning remote attackers could not employ this flaw. On the other hand, malware that is already present on the system could use it to escalate its privileges and gain more intrusive capabilities.

 

same source

[straycat19]

Quote

If the user was connected to the Internet, anyone could access the user's computer using this backdoor. If the computer was offline, anyone could do the same from a local network.

 

This was disputed by Comodo and in fact, through testing, the only way you could get the password was if you had actual access to the computer.  From reading all reports on this and other information that was available, it appears that this has been blown out of proportion.  Not saying there wasn't a problem once, just that it isn't as severe as has been played up.

[Holmes]

They have fixed the issues to.  I use comodo firewall and it asked me to install geekbuddy I said no I dont experience issues with comodo firewall some ads pop up easy to kill those.  A friend programmer of mine recommended comodo firewall to me thats why I use it.  I am very happy I didnt install geekbuddy I dont need it if I use remote control software its going to be teamviewer.

[pc71520]

Do you remember the C-O-M-O-D-O SSL Certificates story?

[NightWalker]

Comodo is a joke, I dont know why people still care about this company or their alpha products.

 

 

http://www.pcworld.com/article/2887632/secure-advertising-tool-privdog-compromises-https-security.html

http://www.geek.com/apps/google-calls-out-comodos-secure-web-browser-as-anything-but-1646373/

http://www.infosecisland.com/blogview/15106-The-Demise-of-the-Antivirus-Industry.html

http://arstechnica.com/security/2011/03/how-the-comodo-certificate-fraud-calls-ca-trust-into-question/

http://www.fark.com/comments/8610301/Comodo-goes-SuperFishing

 

There is so much wrong about Comodo that isnt funny, actually the way they develop and abandon software is funny 

[CODYQX4]

Comodo has had way too many blunders to trust them.

 

Also note, that you can whitelist all you want but it will interfere with MTK default settings and BSOD, because it thinks it's reasonable to force kill the main svchost for something that is not a virus.

[steven36]

15 minutes ago, CODYQX4 said:

Comodo has had way too many blunders to trust them.

 

Also note, that you can whitelist all you want but it will interfere with MTK default settings and BSOD, because it thinks it's reasonable to force kill the main svchost for something that is not a virus.

I never used Comodo Antvirus  but way back there when i was  on XP  i used there firewall  before  and  i was blocking and exe  of a app and it leaked it would become unregistered so i never have used none of there products every since .

[vibranium]

Comodo is digging their own graves.

[DKT27]

One never needs to install that optional non-required additional software in the first place though.

 

I still wonder how many regularly updated, standalone firewalls are out there which can take on Comodo in it.

[steven36]

13 hours ago, DKT27 said:

One never needs to install that optional non-required additional software in the first place though.

 

I still wonder how many regularly updated, standalone firewalls are out there which can take on Comodo in it.

Really now days since people dont use  XP  all these  3rd party Firewalls  are not needed Just  a piggy back like WFC or W10FC  works fine if you want full control .

 

Quote

 

Firewalls are an important piece of security software, and someone is always trying to sell you a new one. However, Windows has come with its own solid firewall since Windows XP SP2, and it’s more than good enough.

You also don’t need a full Internet security suite. All you really need to install on Windows 7 is an antivirus — and Windows 8 finally comes with an antivirus

 

http://www.howtogeek.com/165203/why-you-dont-need-to-install-a-third-party-firewall-and-when-you-do/

 

The reason they invented  3rd party Firewalls was because  XP didnt have a very good one  . I stopped  thinking  like i was using XP  when I stopped using it.

 

[DKT27]

3 hours ago, steven36 said:

Really now days since people dont use  XP  all these  3rd party Firewalls  are not needed Just  a piggy back like WFC or W10FC  works fine if you want full control .

 

http://www.howtogeek.com/165203/why-you-dont-need-to-install-a-third-party-firewall-and-when-you-do/

 

The reason they invented  3rd party Firewalls was because  XP didnt have a very good one  . I stopped  thinking  like i was using XP  when I stopped using it.

 

 

Fine, but while I personally prefer a non-OS firewall, having an OS based firewall does not mean one should not explore the options available.

 

The reason I say this is that recently, one more firewall company, one of some we list on FP, got sold and the company of bought them shut the company and it's firewall software.

[steven36]

38 minutes ago, DKT27 said:

 

Fine, but while I personally prefer a non-OS firewall, having an OS based firewall does not mean one should not explore the options available.

 

The reason I say this is that recently, one more firewall company, one of some we list on FP, got sold and the company of bought them shut the company and it's firewall software.

I used outpost back  when i was on XP too  but never on Windows 7 or newer .  You can explore them but really none of them will work better . I hate bloated  programs  to do jobs that really small programs can do better at.

 

My mom still use a  3rd party Firewall because she uses a suite KIS its not the best  FW in the world but its very easy like built in windows FW is  for people who just want to set it and forget it .  You add WFC  with Windows FW  then it becomes a really good one .  And one that's a little more complicated but works even better for me is W10 FC