D+ Trusted Vendors, is this safe?

Discussion in 'other anti-malware software' started by jo3blac1, Sep 17, 2012.

Thread Status:
Not open for further replies.
  1. jo3blac1

    jo3blac1 Registered Member

    Joined:
    Sep 15, 2012
    Posts:
    739
    Location:
    U.S.
    I have a question. Is it safe for D+ to have a whitelist of trusted vendors? I mean wouldn't it be possible for malware to have a valid signature and just bypass D+
     
  2. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,078
    They have had this problem in the past.
    The problem was with some developers companies (most of them Chinese) with trusted software that suddenly they start to develop fake av's and malware.

    Comodo is very carefully now adding new trusted vendors.

    I'm not sure if it's possible to steal a cert and sign a malware with it.
    Shouldn't be easy or possible if not all the malware would be signed by microsoft xD and I think all the av's trust microsoft files automatically
     
    Last edited: Sep 17, 2012
  3. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,872
    If you liked you can remove the TVL if you so wanted.:thumb: :ninja:
     
  4. jo3blac1

    jo3blac1 Registered Member

    Joined:
    Sep 15, 2012
    Posts:
    739
    Location:
    U.S.
    how do I remove it?
     
  5. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    Delete the "vendor.n" file in the "database" folder.

    I always do this as well. Yes, that whitelist does decrease the effectiveness of D+. I like to decide on my own what is safe and what isn't... thank you very much. I disable cloud scanning for the same reason (among others).
     
  6. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,872
    on the contrary.The tvl actually makes comodo a lot more user friendly especially if you download a lot of software.If on the other hand you have already installed your chosen apps then the tvl can be deleted.but when i used comodo i left it installed.
    Comodo is a lot more user friendly now then it used to be.:thumb: :ninja:
     
  7. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,088
  8. jo3blac1

    jo3blac1 Registered Member

    Joined:
    Sep 15, 2012
    Posts:
    739
    Location:
    U.S.
    Thanks for the links they were informative. The entire idea of trusted vendors seems like a hole in their security. I'm gonna simply delete it and make my own much smaller.
     
  9. Chiron

    Chiron Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    174
    It will be easy to disable the TVL in V6.
     
  10. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    We're talking about completely different things here. Security and user friendliness are pretty much mutually exclusive things. You usually have to sacrifice one for the other. That list weakens the security of D+, period.

    And for the record, my D+ is perfectly user friendly with that list deleted, in Safe Mode with unrecognized files treated as Untrusted. I never hear a peep out of the thing.
     
  11. jo3blac1

    jo3blac1 Registered Member

    Joined:
    Sep 15, 2012
    Posts:
    739
    Location:
    U.S.
    Depends what you call user unfriendly. I have removed "trusted" vendor list, I have made my own list based on software I run and then turned on D+ to block all files not signed by my custom trusted vendor list.
    Now I have no problem using my computer. Whenever I install new software, I disable D+ and then add known application vendor into the "trusted" list. To me this is user friendly. But Comodo could do better. There should be an option to whitelist all .exe vendors on your system. That way I wouldn't have to add each vendor one by one.
     
Loading...
Thread Status:
Not open for further replies.