Jump to content
Login new information ×
Login new information
Donations campaign phase one 2024

The dark side of Comodo products

karachidude

By karachidude
in Security & Privacy Center

Recommended Posts

karachidude

karachidude

Posted
Posted

Source

Comodo is a popular name in the software business. Comodo provides multiple free, and excellent, products for home users including, but not limited to, the award winning Comodo Firewall (now bundled with Comodo Internet Security). Comodo has also recently become a big name in multiple front-page controversies including the issuance of its SSL security certificates to known malware distributors/scam websites and a row with Softpedia over the inclusion of a third party toolbar in their software. For those that don't know I will do a quick recap for you:

Comodo has been caught selling its popular SSL certificate to malware distributors/scan websites. Now in Comodo's defense, whenever a malware distributor/scan website which has Comodo's certificate is brought to their attention, they remove it; furthermore the purpose of the SSL certificate, technically, is not to verify the contents of the website but rather to verify how secure it is to buy from (the irony). However the question of why Comodo is repeatedly selling the certificates to known malware distributors/scam websites (there have been cases where a website with the same exact layout, interface, and "product" except different name has been issued a certificate even though their earlier one was revoked) is still a significant one and still an on going issue.

Softpedia, once upon a time, labeled Comodo Internet Security as "malware" because CIS included SafeSurf, an optional third party toolbar considered to be malware by Softpedia. Of course Comodo did not like that, so they tried to get Softpedia to remove the label. Softpedia, standing by their high standards, refused. So in the end the result was (is) Comodo Internet Security was (is) removed from Softpedia's download database.

K'dude

Link to comment
Share on other sites
  • Replies 16
  • Views 2.4k
  • Created
  • Last Reply
Atasas

Atasas

Posted
Posted

website security and pc protection two very different things + even free ware have to be financed somehow+ obviously competitors are only glad to bring even irrelevant "compromising" issue of security certification... lol

I personaly see it more like it is officially free, it does block malware, it is safe to use- so finding as such a bit of scaremongery :frusty:

Link to comment
Share on other sites
manbotdbot

manbotdbot

Posted
Posted

So my suspicions are true... :fear:

Link to comment
Share on other sites
Bizarre™

Bizarre™

Posted
Posted

@manbotdbot:

Even known companies sell SSL security certificates to malware distributor / scam website.

A lot of people are critical of COMODO since they develop security programs.

Link to comment
Share on other sites
  • Administrator
DKT27

DKT27

Posted
  • Administrator
Posted

It's indeed an old news. Well for me it's one of the better programs I have used. It doesn't matter if they sold the certificates or not. All that matters is what security it offers to the normal users.

Link to comment
Share on other sites
RadioActive

RadioActive

Posted
Posted

i read this article,nothing special............................ :ph34r: :ph34r: :ph34r: :ph34r: :ph34r:

Ditto, I don't really like COMODO products (not my cup of tea I guess) but I don't need them anyways.

Link to comment
Share on other sites
HX1

HX1

Posted
Posted

True.. I agree.. I mean its an excellent suggestion for people who don't or haven't addressed HIDS, HIPS, or NIPS...but one of the reasons I left my first comment above...

First off your told to never use a connection to transfer any information over any connection that is not encrypted.. Personal true and correct...especially when purchasing something...Then your also told to use a firewall, and to make sure your system is clean and protected by using AV software and security suites...Then your told that trusting SSL certificates is not always going to help you.. Then your told to filter your traffic...Then your told that a good firewall is not going to help.. or rather that more than just a firewall is needed...THEN.. your notified about huge security holes in your OS and the growing numbers of other OSes which also are vulnerable..then about programs, plugins, and other items which are apart of everyday browsing..So you patch all of this and your sitting here one day and all of a sudden you get a random BSOD...or suddenly your browser starts acting weird.. or someone start back-dooring your 1026..and several things start going crazy so you start cleaning everything out of your temp files and automatically dumping them... You then start to secure your network and make sure you are using a LUA, SRP, and HIPS, along with HIDS.. for your average home based system..You get all of this done... and the next thing you know...a company which is part of this so-called protective system starts issuing valid certificates to companies which are known malware distributors...that you would trust because they have a certificate to identify themselves?..probably not.. Maybe its because you would pay these places for services or goods...and hand over your personal information to them...To the guy who is short of mugging you , and holding a gun to your head... ( Maybe you just aren't paying attention and don't know what they are for )

I mean is it just me or does it seem like.. to the common criminal.. that people..are willing get screwed...

LOL.. its so simple though..just like a manipulative child..

1. Do something .. they don't know about or see.. can't prove..

2. Bust in and take it... then play stupid...

3. Pretend to be someone else...

4. Use various methods to take control...or manipulate the situation..

5. Get help and backing from a party which will also benefit from the action..

6. Lie about it...and any other thing 'I didn't mention..'

...and then people sit around and say..'well...I just don't understand where the criminal element comes from and why people would do something like this...' Not to mention all of the global factors and economic issues which are pushing crime through the roof..out of desperation..That these !@#$%^& airheads sit behind a desk and supposedly build for tomorrow everyday...nor their personal under-development and discrimination which forces peoples into the crevices of society.. Never even to have a chance.. before they are turned in that direction..

Link to comment
Share on other sites
Bizarre™

Bizarre™

Posted
Posted

Link to comment
Share on other sites
  • 3 months later...
jofre

jofre

Posted
Posted

i read this article,nothing special............................ :ph34r: :ph34r: :ph34r: :ph34r: :ph34r:

Ditto, I don't really like COMODO products (not my cup of tea I guess) but I don't need them anyways.

-------------------------------------

Same here !

Link to comment
Share on other sites
  • Administrator
DKT27

DKT27

Posted
  • Administrator
Posted

I see the thread is opened again. I would like to share my experience here. Few days ago I was caught by a redirecting link to a malware site. The site was an phishing site. And to my surprise it contained a SSL certificate. I can confirmed it was a fake site. Now guess who signed the certificate? ESET.

Link to comment
Share on other sites
HX1

HX1

Posted
Posted

I did not know ESET signed and issued certificates for Encryption.. except their own... and through one of the filtering options (I do know when your choose to scan certificates there is an option to add updated certificates to your browser, which imports and updates them..)... Besides that Certificates for encryption are only supposed to make sure that information is encrypted and decrypted between points.. and that the certificate properly identifies or matches the site it comes from or client endpoint. Verification of the identity of the sender as well which only takes the import of said certificate. Technically the only thing that COMODO and ESET can actually do is have these sites reported with cause to invalidate the certificate. BUT there is actually no cause for invalidation as it properly Identifies the site it is from.. s no real crime committed.. just unsuspecting people who are taken advantage of because they TRUST too much..OR are not well informed.. It fairly easy to get or pay for one. Verifying and scanning the content is another. If a redirect goes to another site where either it is a pharming or phishing attack.. and/or the DNS cache has been altered ( which is basically the two mentioned ) in some way.. the only way to watch this would be to have your Internet options set up to warn when navigating away from a secure site.. which is usually an option in your browser.. SO it can be in your settings.. but it can also be in a faulty method of detecting these tings as well.. or in the way or method in which the attack has be created.. Truthfully since TLS 'man-in-the-middle' vulnerability has been reported which occurred before this.. I have stopped really trusting anything at all.. if I can't package something and send it encrypted through trusted methods.. with the receiver using a key to decrypt/decompress it.. and do the SHA4-512 hash checksum on file .. I don't trust it... Everything I do anymore, as it has been for years is with erroneous information and methods that leave no means for loss.. small credit cards.. with low limits... and only one for the purpose.. with no directly connected information to anything else.. If I could I would use a fly-by-night card I could load with money and use as a credit card.. that would be nice..

It seems ( and is the whole point of my post above ) that there is just more and more people should be aware of and that when making decisions and choices on line.. there can be a HUGE amount of mistakes and oversights made. Lie not being totally aware of what is gong on in front of you, even after being well informed and doing all that you can to be safe. Like many sites that I know that do extensive testing, combing over every lat line of code.. disabling certain code .. rewriting sites, constantly updating and staying abreast the current changes and trends in vulnerabilities and hacks..

Really COMODO or anyone who has issued a certificate to a site who decided to do bad with it.. really isn't their fault.. ( I think the article may be blowing it 'out-of-proportion' a bit with manipulative perspective.. which is what they want to be reporting latest and greatest.. like what drives so many.. which is pathetic.. what if they actually understood the purpose .. ) but I don't think people should just sit back and cruise the Internet 'lacks-a-dasically', trusting that everything they see is taken care of or that there is at any point to rest.. You simply have to be ware and be willing to learn as your knowledge progresses to keep yourself safe... I think that is the only real point to be made here..

Link to comment
Share on other sites
  • Administrator
DKT27

DKT27

Posted
  • Administrator
Posted

That's true. Believe only after you are 100% sure about it.

Link to comment
Share on other sites
Bizarre™

Bizarre™

Posted
Posted

I thought the discussion will be bashing of security products 2lbz2xg.png

Good thing there are still level headed people ^_^

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...