Comodo continues to issue certificates to known Malware

The admin at the COU forum responds to Melih's reply:
http://www.calendarofupdates.com/updates/index.php?showtopic=19279&st=0&#entry80462

 

It al boils down to this (emphasis is mine):

the bolded part from the quote above could well be translated as:

"My competitors in the auto sales branche do provide waranties for cars with failing brakes. Therefore, I must do one and the same, otherwise it would cost me money".

In my book that's by no means a justification; on the contrary. Knowing there's something totally wrong, stating in public one and the same - and persisting in doing the wrong thing can't be justified in any way. Symantics are of no importance here.

Comodo should keep the interest from the public in mind instead of focussing on loosing money/clients themselves. They willingly pick the wrong side.

Wether or not part of the competition is doing one and the same is of no importance; it's Comodo who solely is responsible for their actions. The same goes for the technical relevancy from certificates in question; that is not the real issue at hand here.

 

OK, so Comodo's justification for issuing certs to anyone who asks is ... (1) we need to make money, and (2) as others are doing it this way, so shall we.

Hey, a neighbour of mine deals in drugs, and I want to make just as much money, so I decided to too. What, your honour, that's not OK? I don't understand.

I suggest 'melih' stands back and takes a good look at himself. After his complete loss of face over the ask.com toolbar debacle, and his astonishing public revelations over this issue, he (or his superiors) might like to consider how to reintroduce some ethics back into his company.

 

i think they should not give away their software free. They can make all their software paid while keeping some free versions with less features.

 

More and more it is clear Comodo's main problem is not it's code,but rather it's CEO.
Perhaps share holders will awake to this fact before it is too late.
Unless of course "Melih is Comodo",in which case there will only
be more grandstanding and showboating,until some talented coders are out of work.

 

This was quite an interesting read to start with, and i had a few questions regarding the subject.
Like Domain Validation, basically that`s just saying the site in question is the site i wen`t to (not really much).

What more is there?
How do we know who is what?
Would you download a product like the one pictured just because the site had been verified? If the answer was yes, then you`d probably still download it from a non-certified site and not even know what a certificate was(this is hypothetical btw)

I`m not condoning this action but to me guidelines need to be made, this being the World Wide Web what are the chances of that......!!

 

The original issue, to me, was what the admin at COU stated:

"(why did Comodo) ask MVP Mike to shut-up when he's reporting such cert issued to known malware/rogue domains? They (Comodo) as issuer of whatever secure certification have all the rights to reject/refuse/terminate it."

Basically, when a MVP alerted Comodo through an email address set up to report problems (such as a known domain being used for malware), Comodo told this MVP to keep it quiet. Instead, they should have acted on the MVP's advice and terminated the secure certification, as Comodo represents a security company who should act on preventing malware.

 

Wolfe,

I fully agree. It is exactly what I was thinking too.

 

True, then Melih's reply, which was along the lines of, 'if we can't beat them, join them', probably shocked a few people.

I don't know if it's the best thing having a CEO respond on forums. Something can be taken out of context. Best to have a media team do that - save the CEO for the important announcements.

I think it's great he's always involved, but at the same time, posting under another username, 'Comodo staff', would probably be better for the company.

 

I do not agree with the theory "My neighbour sells drugs to make money so i`ll have a bit of that" or "That garage gives mot`s to dodgy cars so i`ll do that to make a bit extra"

These things are illegal are they not?

What is the answer......

Cash will allways be king, and as someone has said these malware authors can make a lot, so what`s gonna stop them?

 

Morality? There is no such thing in business! What are you all trying to say? That before this, you truly believed that COMODO cares about end users? Yeah, sure! Their freely available CIS is just an intelligent way to spread the word about COMODO. Althugh, it's free, it's a big moneymaker. They don't care about end users at all, just like any other company does not!

 

This is also an interesting thread over COMODO forum that I've found in the Digital Certificates, Encryption and Digital Signing sub forum.

http://forums.comodo.com/digital_ce...igital_signing/is_this_for_real-t38305.0.html

Not even an explanation by COMODO staff members. If that domain is or not distributing not so clear software, etc., beats me up, but, as other users mentioned there, nowhere in that domain a COMODO certificate is used.

Now, why would a domain place information that they're using COMODO certificates, when they're not?

And, no concern from COMODO?

 

And, that's why wise people tend to say that in most cases charity pays charity.

Do you really think that those famous people do charity because they're nice people? No, it's great publicity... Just as CIS is.

 

Sorry cant ignore that..
What a load of preposterous BS.
What a staggeringly stupid self serving statement that is, both as a stand alone effort and some sort of twisted attempt to justify comodo.

I have tried not to post in any threads re comodo since Ask.com blemish and absurd grab for cash at expense of credibility, unhappily as posted above this is apparently an ongoing escalating issue at comodo.
I watched perfectly sensible posters at the comodo forums get flamed by the drooling dolts of the melih fanboi club for posting well reasoned and articulate analyses of Ask.com fiasco and now watching the same happen elsewhere.

Initially I had tremendous regard for melih and his 'mission' but he, as prime representative for comodo, has become tainted by his own words and deeds.

I've watched mods from comodo here whinging and complaining about how hard we are being on poor old comodo
I've watched wilders cop a ( fairly pathetic attempt at) bashing at comodo forums by individuals who post frequently here.

CPF and then CIS are good tools, but I felt tainted by association when using them.
Lie down with dogs , you get their fleas.
(even with an opt-out box or three )

I know melih has been banned here previously and so cannot respond to these threads so I dont want to drag this out as a free hit: I've already posted @comodo forums ( member since 04/2007) and been sandblasted.

Absolutely; my choice as to whether or not to use comodo apps: guess which?

"Creating Trust OnLine" ( trademarked) is looking a bit hollow, but then again millions of users cant be wrong, right.
Congrats to the mods here for allowing these issues to be aired.
Go Donna.
Over and out.

 

Kinda boring to read all rubbish here at wilders..

First you guys make us belive that CIS is a popup bomb while its not. Then you post this junk, all know that certificates are there for the following:

1) Make sure you are sending the info to a site YOU trust.
2) Make sure noone can read your traffic (encryption)..

Comodo don't deserves this rubbish, any site can buy a certificate from any company, a security related page like wilders with all the "pros" should know that.. Shame on you guys for posting all this nonsens. Read about Certificates and what they do before posting.

 

So, what you're saying, is that, COMODO is certificating that the malware domain the user is at is the real deal, and not some bogus malware domain? Is that it?

Please, explain me as if I know nothing about certificates.

 

Hi Folks,

I didn't know that Melih was banned here. With his posturing and arrogrance and dubious promotion, I am not surprised -- however I wonder sometimes if the Wilder's mods might look for more intermediate solutions -- posting limits, moderated posts, directed threads, etc, and offer the posters a chance for limited exposure and rehabilitation, if they learn to follow the forum decorum.

There was a fellow on another forum who was obviously quite intelligent who mentioned, without acrimony, how he was banned here. I'm sure stuff happened of which I am not aware, however the thought occurred that he would be a strong addition here.

Please understand -- I am all for mods having a good solid, banning policy. And this has in general surely made Wilder's a stronger and friendlier forum. I am just suggesting that it be a policy that is under almost continual review.

Hope you don't mind the divergence. I appreciate that Wilder's has been a prime forum for exposing the Comodo and Melih problems (even Softpedia felt to walk lightly -- not happy about all those legal beagle letters). I would say that I learn more about these problems here than anywhere else.

The blind mice certificate thing is just another example, I gave up on Comodo when the legal bluster letters went out to Softpedia. Simply because they were consistent and acting with integrity. The arrogance and stupidity, followed by the Melih double-talk, were amazing. (I probably would have given up on them because of the deceptive toolbar shenanigans, but the letters and continual double-talk and bluster were carob fudge cake-icing.)

Shalom,
Steven Avery

 

Apropos of absolutely nothing at all to do with anything here:

“My Dear,” said the gentleman to the lady, “would you go to bed with me for a million dollars?”
“Well, yes, I suppose I would,” she replied.
“Here’s $100. Let’s go then.”
“How dare you! What kind of person do you think I am?”
“My Dear, we have already established that. Now we are merely haggling over the price!”

Wasn;t that something we were taught as children ..I think..

 

If you're in the business of 'fighting malware', you should do all you can (within your capacity) to squash it.

But if you're not in it (computer security business), and you're issuing secured certificates to malware distributers, then you don't have the same duty/obligation.

As aigle said, Comodo should start charging for their software, and creating limited-feature free products. That should boost their income stream.

 

This is one of Melihs responses.

 

Picture this scenario for a minute.

A young lad/lass works in the Domain Validation section of any of the major players out there. Said person gets a correspondence enquiry about a DV certificate.
Now they get payed commission for every certificate they sell, it`s been a tough few months with the `credit crunch` and all so what do they do?

The`re gonna sell it and go for a few beers on friday


"The writing of this post and everything in it are all made up and do not in any way represent anyone or anything that has ever happened in real life, as far as i`m aware"

 

No wait, they're not going to sell it and lose their jobs
even then, an other will still sell it, so there is no gain....

 

To all:

A number of posts comprising an off-topic tangent have been moved offline.

Here's the deal. Past and present moderation decisions are not open to public debate. Period. If it's not something you agree with, move on.

If you wish to present a counter view, do it privately offline via PM.

Blue

 

The problem with Melih is... that deep down, he is a born politician.

So, most other companies, choose a business model and they say it to you or you guess by their silence, that, it's about making the $.

But this, was not enough for Melih. He started the "political campaign" with the "Melihvision" etc, the "save the world", "we must stop the malware", "trust", we offer this for free because we love you , not another 9/11 yadda, yadda.

So when time comes and reality behind the rhetoric is shown, people get disappointed and it becomes a major issue.

First it was "we don't need money from you, we get enough from selling certificates". Then the extra services and Ask.com toolbar arrived.

Now we suddenly learn that what's legal is also morally OK, because at the end, it's about $, not about "trust, "love" , "save the world, save the internet" etc.

If this was done by Verising, probably now this discussion would have been over.


I leave you with advice of how to fight "evil" and "securing internet ", "authentication and malware prevention".

http://www.youtube.com/watch?gl=IT&v=1rRslZHhvLY

Melih for President!!!

Just a thought. Maybe he should leave the immoral grounds of validation to the others, since he doesn't agree with how it's done, and make Comodo products with a payware and freeware version. In this way, he could still say that he must earn the $, while not doing something that he doesn't like or isn't according to his consciousness.

I can almost hear Melih's answer to this: "No, we won't leave the sector of validation to the unethical powerhouses. We will give our fight, from inside, to change this, because what is legal, isn't always automatically ethical. Hence, i will put all my resources to make Comodo grow stronger, take the place of Verisign and lay my own rules to the certification sector. I will make the world a safe place. Together, you and me, will raise the Comodo flag to the peaks of internet, we shall never, ever surrender!"

Oh, Melih, Melih... If you 'd just stay in your office and leave alone fora and Melihvisions, just like the 99% of other CEOs do. It would be the usual "Ok, the world is about $, what's the big deal".