Discussion in 'other security issues & news' started by hayc59, May 16, 2009.
More Info: MSMVPS Blogs
Followup to http://www.dslreports.com/forum/remark,21634814 ? I have Opera set up to warn me if any site tries to use a Comodo sponsored certificate.
sded, thanks for the additional info
All I can say is - yikes!
This 'CoreGuard' tool downloads an installer to the user, then proceeds a longer download, bringing all sorts of junk with it.
With Shadow Defender on, tried to install, but having problems with wireless, so just quarantined the process.
Just a note, once installed, very difficult to uninstall. Tries to connect and download itself again.
The sad thing is that during these hard economic times there will be companies go toe's up,
not as a direct result of the economy,but rather as a result of a "Ends justify the mean's" business model, in response to the economy.
Perhaps Comodo teeters on the brink of such a fate.
So much for "building trust on line""
"building trust on line"
Between this thread and the ask.com fiasco, Comodo surely has lost mine.
I would like to hear Comodo's side or excuse but I doubt if we will.
That's a shame too because CIS worked so well on my system.
I will find alternatives.
Sometimes things aren't always free.
There is a price to pay.
Just another reason I wont touch any software that has the Comodo name.
Re: Comodo continues to issue certificates to known Malware.
So... you got $15 in your pocket and a domain, then you can buy an SSL cert...
buying ssl cert is very easy (unfortunately)...
so any malware provider simply goes gets it...
they can get it from Verisign, Godaddy, Comodo etc... so if you are a malware author and have a domain you can buy an SSL.
That said thing is: endusers don't understand it, Including my self, Because they see a DV Certificate on a website and think it's legitimate. Geotrust removed validation process and named it DV... And ANYONE can then buy a DV. Then Comodo, etc were forced to do the same.
maybe mr. sded will now remove all certification authorities from his browser?
It's an issue... This isn't first time either. DV should be banned, Validation process should be carefully re constructed by CA's.
As for Rouges... Just... EWWWW...
Does it really?
Does Kaspersky, Online Armor, Avira, Outlook etc. do the same thing or is it just Comodo?
This is what I'd like to find out.
Considering how those companies you listed aren't in the certificate business at all, I doubt it.
Funny thing is,all the controversy comodo generates and we're supposed to believe everything is fine,especially these days with rogue software applications popping up every day,nope I'm not convinced at all. Comodo's reputation is hardly anything to be proud of.
Do Verisign,Godaddy or Geotrust offer end user security programs?
Its really the Ask thing again
Its OK to be a criminal defense lawyer.
Its OK to be a prosecutor.
To be doing criminal defense work,while employed as a prosecutor has at least the appearance of impropriety.
It is OT, but look at SpywareTerminator.
not that they do not have other problems, but the
crawler toolbar is still an albatross for them,and this long
after Crawler is supposed to have reformed.
1) understable, not good, but as worse as their competitors
b) What a marketing misser, let me explain
SO they issue only a very small number, for $15 each. So for a small profit share they risk to negatively associate their other business initiative: security software. Remember they must have invested serious money in developing freeware FW/HIPS/AV.
So in stead of seeking public attention/free publicity with the fact that other companies show bad practise/have bad company norms and values. They could have had a massive USP as being the only trusthworthy company in that field. After all it is only a small income of te Comodo company those DV certificates!
Imagine what a nice scoop this would be for PC magazines, on-line magazines and possibly even popular tabloids?
Comodo can change their tag line, from making available security for everyone to applying web / e-business deciet for everyone!
Boy the marcom department of Comodo is really a bunch of empty heads.
a) profit of being as bad as the competitors is problably less then the investements made in CIS (scenario being as bad as the competition, can damage our investments in CIS)
b) value of free publicity problably exceeds loss of income of those DV certificates (scenario Comodo being more thrustworthy as its competitors)
Comodo jumps into the practice of issuing security certificates to MALWARE DOMAINS, just because it wants a share of the big buck$$$ that VeriSign and GoDaddy were raking in from doing so. Instead of being the one CV company that refuses to consort with malware writers, Comodo decides that the $$$ is more important. Very innocent and online trust-building indeed.
I'm looking forward to the comedy that their clown of a CEO is inevitably going to spew out to justify his company's actions.
Eice that is the stupid thing about it, Comodo only issues few DV certificates! So it is not for big bugs, but for change money.
Then again, sometimes you really have to wonder. The malware guys are making money by the truckload, and I don't think they'd hesitate to pay "special" rates for a certificate for their domain.
Wonder what's coming next: D+ subtly allowing malware by default, and Comodo getting paid for each installation?
Simple. Just have Melih take the grandstand, claim that it's a bug in D+, and dramatically promise that it'll be "looked into" and "fixed immediately in the next version". Or just have him spew whatever crap he wants, or even threaten to sue Avira/MBAM/SAS, it's not like the Comodo fanboys have ever doubted whatever outlandish poo he spouts anyway.
Meh, hopefully someone else going to continue posting Melih's responses here or link to them. I'm kind of not enjoying the idea of having to wade into the Comodo forums to get my dose of Melih comedy.
Separate names with a comma.