Comodo continues to issue certificates to known Malware

Discussion in 'other security issues & news' started by hayc59, May 16, 2009.

Thread Status:
Not open for further replies.
  1. hayc59

    hayc59 Updates Team

    Forum: COU
    More Info: MSMVPS Blogs
  2. sded

    sded Registered Member

  3. hayc59

    hayc59 Updates Team

    sded, thanks for the additional info :thumb:
  4. mvdu

    mvdu Registered Member

    All I can say is - yikes!
  5. Saraceno

    Saraceno Registered Member

    This 'CoreGuard' tool downloads an installer to the user, then proceeds a longer download, bringing all sorts of junk with it.

    With Shadow Defender on, tried to install, but having problems with wireless, so just quarantined the process.

    Just a note, once installed, very difficult to uninstall. Tries to connect and download itself again.


    Buy page:
    Last edited: May 17, 2009
  6. ypestis

    ypestis Guest

    The sad thing is that during these hard economic times there will be companies go toe's up,
    not as a direct result of the economy,but rather as a result of a "Ends justify the mean's" business model, in response to the economy.
    Perhaps Comodo teeters on the brink of such a fate.
    So much for "building trust on line""
  7. danny9

    danny9 Departed Friend

    "building trust on line"
    Between this thread and the fiasco, Comodo surely has lost mine.
    I would like to hear Comodo's side or excuse but I doubt if we will.
    That's a shame too because CIS worked so well on my system.
    I will find alternatives.
    Sometimes things aren't always free.
    There is a price to pay. :thumbd:
  8. Boost

    Boost Registered Member

    Just another reason I wont touch any software that has the Comodo name.
  9. 3xist

    3xist Guest

    Re: Comodo continues to issue certificates to known Malware.

    So... you got $15 in your pocket and a domain, then you can buy an SSL cert...
    buying ssl cert is very easy (unfortunately)...

    so any malware provider simply goes gets it...

    they can get it from Verisign, Godaddy, Comodo etc... so if you are a malware author and have a domain you can buy an SSL.

  10. 3xist

    3xist Guest

    That said thing is: endusers don't understand it, Including my self, Because they see a DV Certificate on a website and think it's legitimate. Geotrust removed validation process and named it DV... And ANYONE can then buy a DV. Then Comodo, etc were forced to do the same.

  11. Einsturzende

    Einsturzende Registered Member

    maybe mr. sded will now remove all certification authorities from his browser? :rolleyes:
  12. 3xist

    3xist Guest

    It's an issue... This isn't first time either. DV should be banned, Validation process should be carefully re constructed by CA's.

    As for Rouges... Just... EWWWW... :)

  13. danny9

    danny9 Departed Friend

    Does it really?
    Does Kaspersky, Online Armor, Avira, Outlook etc. do the same thing or is it just Comodo?
    This is what I'd like to find out.
  14. Eice

    Eice Registered Member

    Considering how those companies you listed aren't in the certificate business at all, I doubt it.
  15. Boost

    Boost Registered Member

    Funny thing is,all the controversy comodo generates and we're supposed to believe everything is fine,especially these days with rogue software applications popping up every day,nope I'm not convinced at all. Comodo's reputation is hardly anything to be proud of.
    Last edited: May 17, 2009
  16. ypestis

    ypestis Guest

    Do Verisign,Godaddy or Geotrust offer end user security programs?
    Its really the Ask thing again
    Its OK to be a criminal defense lawyer.
    Its OK to be a prosecutor.

    To be doing criminal defense work,while employed as a prosecutor has at least the appearance of impropriety.

    It is OT, but look at SpywareTerminator.
    not that they do not have other problems, but the
    crawler toolbar is still an albatross for them,and this long
    after Crawler is supposed to have reformed.
  17. Kees1958

    Kees1958 Registered Member

    Two things
    1) understable, not good, but as worse as their competitors

    b) What a marketing misser, let me explain
    SO they issue only a very small number, for $15 each. So for a small profit share they risk to negatively associate their other business initiative: security software. Remember they must have invested serious money in developing freeware FW/HIPS/AV.

    So in stead of seeking public attention/free publicity with the fact that other companies show bad practise/have bad company norms and values. They could have had a massive USP as being the only trusthworthy company in that field. After all it is only a small income of te Comodo company those DV certificates!

    Imagine what a nice scoop this would be for PC magazines, on-line magazines and possibly even popular tabloids?

    Comodo can change their tag line, from making available security for everyone to applying web / e-business deciet for everyone!

    Boy the marcom department of Comodo is really a bunch of empty heads.
    a) profit of being as bad as the competitors is problably less then the investements made in CIS (scenario being as bad as the competition, can damage our investments in CIS)
    b) value of free publicity problably exceeds loss of income of those DV certificates (scenario Comodo being more thrustworthy as its competitors)
    Last edited: May 17, 2009
  18. Eice

    Eice Registered Member


    Comodo jumps into the practice of issuing security certificates to MALWARE DOMAINS, just because it wants a share of the big buck$$$ that VeriSign and GoDaddy were raking in from doing so. Instead of being the one CV company that refuses to consort with malware writers, Comodo decides that the $$$ is more important. Very innocent and online trust-building indeed.

    I'm looking forward to the comedy that their clown of a CEO is inevitably going to spew out to justify his company's actions. :D
  19. Kees1958

    Kees1958 Registered Member

    Eice that is the stupid thing about it, Comodo only issues few DV certificates! So it is not for big bugs, but for change money.
  20. Eice

    Eice Registered Member

    Then again, sometimes you really have to wonder. The malware guys are making money by the truckload, and I don't think they'd hesitate to pay "special" rates for a certificate for their domain.

    Wonder what's coming next: D+ subtly allowing malware by default, and Comodo getting paid for each installation?
  21. Eice

    Eice Registered Member

    Simple. Just have Melih take the grandstand, claim that it's a bug in D+, and dramatically promise that it'll be "looked into" and "fixed immediately in the next version". Or just have him spew whatever crap he wants, or even threaten to sue Avira/MBAM/SAS, it's not like the Comodo fanboys have ever doubted whatever outlandish poo he spouts anyway.

    Meh, hopefully someone else going to continue posting Melih's responses here or link to them. I'm kind of not enjoying the idea of having to wade into the Comodo forums to get my dose of Melih comedy.
Thread Status:
Not open for further replies.