ashrc4
join:2009-02-06
australia
| reply to ashrc4
Re: Comodo continues to issue certificates to known Malware
said by ashrc4  : If something was up with the firewall would they tell anyone? It would seem elevating it's effectiveness isn't exactly an entirley foreign subject. 
»Firewall Leak and HIPS test results
--
It's one thing to be sure of yourself. It's another to confuse people. If they weren't related to each other we wouldn't have a problem;~) |
|
Comodo User
@co.uk | reply to hayc59
Hmm what a suprise, a Outpost forum moderator spreadin FUD about the competition. |
|
Grail Knight
Who Dares Wins
Premium
join:2003-05-31 | reply to hayc59
As I said just because one part of a company performs poorly that does not make the whole company bad.
Trust me on this I pay attention to what is going on but do not get carried away with things.
--
“Facts not FUD." |
|
ashrc4
join:2009-02-06
australia
1 edit | reply to Comodo User
said by Comodo User :
Hmm what a suprise, a Outpost forum moderator spreadin FUD about the competition.
When's dslr bringing out their firewall. Carn't wait 
EDIT : just thought i'd try attentsion diversion myself 
--
It's one thing to be sure of yourself. It's another to confuse people. If they weren't related to each other we wouldn't have a problem;~) |
|
hayc59
VoodooChild
Premium
join:2001-02-26
David R.I.P.
3 edits | reply to Comodo User
said by Comodo User :
Hmm what a suprise, a Outpost forum moderator spreadin FUD about the competition.
Actually I am a mod and BETA tester but also MVP
and has nothing to do with the competition
its the crap thats added to all the programs with this tool bar and other stuff...please get your facts correct before posting ignorant statements like that one!!
If you took the time and read through countless threads
and post about this issue and others ..I think you would have second guessed that post!!
but just incase you missed any of the thread I will repost them for you:
and inclosing I gave and give awesome kudos to Mike Nash...owner of Online Armor for telling ask.com where to put it on the tool bar issue....oppps he is competitor for Outpost....oh my
Ask Toolbar in Online Armor Free? Nearly...
»onlinearmorpersonalfirewall.blog···rly.html
»www.calendarofupdates.com/update···ic=19279
»www.calendarofupdates.com/update···id=44516
--
ãrê ¥Øu êxpêriêncêD
Microsoft® MVP Consumer Security 2007-09
"Greater love has no one than this, that he lay down his life for his friends."
9/11/01 Never Forget |
|
dadkins
Can you do Blu?
Premium,MVM
join:2003-09-26
Hercules, CA
 ·Comcast
| reply to Comodo User
said by Comodo User :
Hmm what a suprise, a Outpost forum moderator spreadin FUD about the competition.
Regardles of who anyone is... crap is crap.
COMODO is crap! 
--
Think outside the Fox... Opera |
|
hayc59
VoodooChild
Premium
join:2001-02-26
David R.I.P.
| said by dadkins :said by Comodo User :
Hmm what a suprise, a Outpost forum moderator spreadin FUD about the competition.
Regardles of who anyone is... crap is crap. COMODO is crap! Thank you and just so anyone else
is curious about my alliance with Outpost or any other
software that takes this disgusting route
I would be on Outpost/Agnitum rearend also if they took or take this route in the future....;)
--
ãrê ¥Øu êxpêriêncêD
Microsoft® MVP Consumer Security 2007-09
"Greater love has no one than this, that he lay down his life for his friends."
9/11/01 Never Forget |
|
mers2
Premium,MVM
join:2004-03-20
USA
clubs:
 ·AT&T U-Verse
1 edit | reply to hayc59
I'll back hayc59 up on character. If a security application he uses takes an action he considers wrong, he'll condemn that software just as much as one he may not use. And he's been consistent showing no favorites. |
|
TheAnalyzer
join:2006-01-20
| reply to hayc59
I usually stay with the security products I have chosen.
But I am very glad now that I changed my firewall product.
(I originally changed my firewall because CPF 2.4 was getting old).
But now I say:
NO comodo software anymore for me ! I say this because I do not agree with what comodo is doing ATM.
I bought a product from Agnitum now. I am running Outpost Pro. And I am very happy that I took this step.
TA
--
quod erat demonstrandum |
|
Comodo User
@co.uk
| reply to hayc59
Actually hayc59 i used to be a outpost user till i got fed up with buggy final builds, the closed clique that U call beta testing etc.
You have never ever used comodo firewall but all you do is moan & complain about the company doing the usual microsoft tactic of spreading FUD.
The reason i say that is you dont complain about the other cert sellers that still sell DV certs only complain about comodo.
Nowadays even a lot of paid apps include toolbars (google, yahoo, ask etc) & if folk just blindly click next & they get installed then it their own damn fault for not reading & checking things.
You dont like matousec testing when it started because he didnt give your beloved outpost top marks & you have been calling them dishonest & unreliable ever since comodo got top marks.
At least comodo engages with the users & listens to questions & suggestions etc unlike agnitum that ignore things for the most part, i dont see any agnitum staff posting in the OP forums.
Plus with comodo i can disable any call home function unlike OP that has hard coded rules to download so called news\ads.
I didnt post to start a argument, i only posted cause i have seen over the past few years that you go out of your way to disrespect comodo even though U dont use it & they have never done anything to you. |
|
dadkins
Can you do Blu?
Premium,MVM
join:2003-09-26
Hercules, CA
·Comcast
2 edits | Their firewall was ok, but not as good as matousec stated.
They have been doing shady things for years now and it seems that you are taking exception to anyone berating them for their actions.
If it walks like a duck, and quacks like a duck...
Bottom line, COMODO is a crap company.
They trashed BoClean.
Their firewall has been severely buggy and problematic.
They *ARE* issuing certs to malware producers.
Hmmm... yeah, I want me some of that!
Guess you missed the Lavasoft fiasco and the fallout they caught for merely de-listing malware.
Wasn't pretty.
AdAware is no longer part of my toolbox - who knows what it will allow to stay. 
By all means, keep using their software and patronizing a questionable company - no sweat off my ba... well, no worries here!
BTW, join DSLReports - It's FREE!
*EDIT*: For the record, I don't use any firewall. Not even Windows Firewall!
No brand loyalty here. 
--
Think outside the Fox... Opera |
|
danny9
Go Ahead, Make My Day
Premium
join:2002-07-14
Clinton Township, MI
clubs: | dadkins, you have a way with words and tones.
Well written. |
|
EGeezer
Go Bobcats
Premium
join:2002-08-04
Country!
 ·Callcentric
·RoadRunner Cable
·AT&T CallVantage
|  reply to hayc59
Comodo responses?
Having read the various linked posts, I am not comfortable with Comodo as a certificate issuer. Since I have no way to differentiate the various levels of vetting in the free versus paid certificates, I've removed them from my trusted list until I see evidence from them that the process has been fixed.
As for their security applications, I don't use them, myself, but am curious about the notification and Comodo's responses
1) Did the Comodo security application(s) alert on the malware sites prior to any certificates being revoked(if they were revoked)? If not, I'd be quite upset if I were a user.
2) When the issue was reported, how long was it before they removed/revoked the malware site's certificates?
3) Did you follow the same public disclosure guidelines for Comodo as you would have for Microsoft or other vendors you would notify?
4) How long was it after you notified Comodo that you went public?
How did Comodo's response and timeframes differ from other product vendors, including Microsoft?
Thanks in advance for responses - they will be helpful in evaluating Comodo's actions relative to other vendors.
--
The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis |
|
sded
Premium
join:2002-11-04
San Diego, CA
 ·DSL EXTREME
1 edit | reply to hayc59
Re: Comodo continues to issue certificates to known Malware
ssl tray icon | | | 
dv ssl warning |
If you use Opera 9.64, they have upgraded their padlock SSL indicator to show the class of the certificate used by a site, so at least you can tell if it is to be trusted. If you go to view/toolbars/customize/buttons/browser view you will find the icon that does it. If you click on the icon, you get more information about the status of the site-attached are the button and the page you get for a DV, showing it is encrypted but not trusted. Example is for the Comodo forums website, which uses a DV.
Presume the other browsers have something similar to expand on the "golden padlock" by now. |
|
hayc59
VoodooChild
Premium
join:2001-02-26
David R.I.P.
| reply to Comodo User
said by Comodo User :
Actually hayc59 i used to be a outpost user till i got fed up with buggy final builds, the closed clique that U call beta testing etc.
You have never ever used comodo firewall but all you do is moan & complain about the company doing the usual microsoft tactic of spreading FUD.
The reason i say that is you dont complain about the other cert sellers that still sell DV certs only complain about comodo.
Nowadays even a lot of paid apps include toolbars (google, yahoo, ask etc) & if folk just blindly click next & they get installed then it their own damn fault for not reading & checking things.
You dont like matousec testing when it started because he didnt give your beloved outpost top marks & you have been calling them dishonest & unreliable ever since comodo got top marks.
At least comodo engages with the users & listens to questions & suggestions etc unlike agnitum that ignore things for the most part, i dont see any agnitum staff posting in the OP forums.
Plus with comodo i can disable any call home function unlike OP that has hard coded rules to download so called news\ads.
I didnt post to start a argument, i only posted cause i have seen over the past few years that you go out of your way to disrespect comodo even though U dont use it & they have never done anything to you.
You are correct on one and only one issue! for a breif week sometime ago, I gave Comodo a whirl when it first hit the scene to test it and found it far inferior to Outpost[and still find it lacking all over] and gave it back as quickly as I took it!
I do not disrespect any inanimate object...never have or could comprehend how a human carbon life form can feel dis-respectful to a peice of software!!!
I only comment on your post because I find it intreging at the least...
--
ãrê ¥Øu êxpêriêncêD
Microsoft® MVP Consumer Security 2007-09
"Greater love has no one than this, that he lay down his life for his friends."
9/11/01 Never Forget |
|
DonnaB
Premium
join:2003-05-07
malaysia
| reply to EGeezer
Re: Comodo responses?
1. I just tried installing CIS latest version (on a test system) with all of its components installed (including Ask.com's stuff), I updated the program prior visiting the malware/rogue link that have Comodo cert. Visited xsoftstore.com and clicked on a buy link. Comodo's security desktop application is quiet. It is not revoked yet even after MVP Mike have shown screenshot that Comodo have issued certs to this rogue site/buy links. No alert from their desktop security software. I don't see option anyway that their AV or Firewall will handle that.
2. As per MVP Mike Burgess blog, he reported it on April 21, 2009.
3. He did by sending them the notice via email. No response from Comodo until it goes public and the good Sunbelt Software, CEO alerted Comodo.
4. More than 3 weeks that he waited for action or response from Comodo.
Difference on response and timeframes from other product vendors, including Microsoft: Well, there are steps:
1. Acknowledge/Time frame - Comodo did not acknowledge the email for weeks.
2. Response - It depends how a person will accept the response but they did respond (including questioning the ethics of the security MVP Mike Burgess)
3. Action - They acted fast as soon as they receive alert from another security vendor's CEO - Alex of Sunbelt. They failed to act on the alert of MVP Mike and most importantly, they failed to prevent this from happening again even though they are aware of such issue (as per MVP Mike.. he's been reporting since Winfixer days).
How it differs with other product vendors is in my opinion, other products vendors will not only fix/act/provide security notice or security response but will try to prevent it from happening again (unless of course there is a mistake on the fixes or another security issue affected old security issue that was fixed). It depends on the security issue though.
Others may have different opinion or views or answer to your question.
Regards,
Donna |
|
mers2
Premium,MVM
join:2004-03-20
USA
clubs: | Thanks, Donna, for providing the practical demonstration. I have a feeling it's going to take strong public sentiment to get Comodo's attention/action. |
|
hayc59
VoodooChild
Premium
join:2001-02-26
David R.I.P. | reply to hayc59
Re: Comodo continues to issue certificates to known Malware
Hello Donna and thanks for posting
should clear a few thangs up!! |
|
EGeezer
Go Bobcats
Premium
join:2002-08-04
Country!
·Callcentric
·RoadRunner Cable
·AT&T CallVantage
2 edits | reply to DonnaB
A basic flaw in X.509?
Donna, thanks for that response! Well written and you answer many of my questions quite well.
Your response triggered memories of a discussion my little group had sometime back about certificates. This whole issue brings up a serious weakness in the X.509 cert itself. It is perceived - and, by implication, marketed - as being a certificate that provides business practice integrity when in fact it is only an encryption certificate that guarantees only that the site to which the user is connecting is the site to which the certificate is registered, and provides an encryption key whereby the client can connect securely to the site.
For example, a certificate may be issued to GoodHands Insurance, but that does not mean that GoodHands is necessarily a reputable or financially sound entity. The certificate only provides that the client is connecting to Goodhands.com's site and doing so through SSL. There exists a need at this point for something more to be added to the certificate standards.
Bottom line, the present X.509 certificate standards are inadequate for the purpose of establishing the legitimacy and trustworthiness as a business. There will need to be another level similar to a Dun & Bradstreet, BBB or ISO set of standards incorporated into the certification process (and probably the X.509 standards) to achieve that feature.
Dan Houser, then of Nationwide Insurance and now with Cardinal Health(as I last recall), gave a presentation at ISSA on just such a process - For those interested, See »www.isaca-centralohio.org/archiv···mbus.pdf
Although Dan's motivation and concern is more geared to the B2B world, it also applies to the issue in this topic - consumer2B transactional connections.
Dan had more to say recently about SSL and certs - here's another PDF of his that hammers common misconceptions, assumptions and implementations;
»centralohioissa.org/images/Feb_2···user.pdf
For you folks serious about the broader issues, these will be interesting..
--
The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis |
|
Daniel
Premium,MVM
join:2000-06-26
Pleasanton, CA
clubs:
| Hmm, I'd say this is a classic problem. How do we know when we can trust someone? Ultimately this isn't something easily solved by technology.
I suppose the main thing we can say is:
•Company x asked for this cert, and they're a real, major company.
•Our CA will sign their cert.
•And we make it known that we only sign certs where we've verified the legitimacy of the company.
But again, it comes down to trusting that CA party to verify the legitimacy of the companies they give certs too. Ultimately, and this is the reality we've been grappling with--you have to trust somebody.
--
dmiessler.com -- grep understanding |
|
