Broadband Tech > Security > Security > Comodo Continues to Damage It's Reputation

Comodo Continues to Damage It's Reputation

Thanks for this, hayc59

reply to hayc59
Comodo really needs to smarten up...

reply to hayc59
Disabled Comodo certs on IE and Firefox. thanks for heads up

reply to hayc59
Another thank you!

said by VikingBob:

Comodo really needs to smarten up...

Perhaps "layered" malware SUMware

reply to shearer
I'm still using Comodo version 2.4.18.184. Should I disable anything in Firefox? If so, where do I find the certs you referred to?

Don't use IE, but access one PhotoBucket account using Avant Browser (which is IE-based) to keep its cookies separate from another PhotoBucket account.
--
Be content with your lot; one cannot be first in everything. ▪Aesop

reply to siljaline

reply to onDvine
In FF, it's under Tools|Options|Advanced|Encryption and then view certificates. Find Comodo, and click edit for each of them and uncheck the boxes.

I unchecked and deleted all Comodo certificates in Opera, Seamonkey and IE7 and haven't had any problems.

reply to hayc59
Isn't EVERY issuer doing this, and the only reason Comodo's come under fire for it because they also have a line of security products?
--
/chown -R us:us /yourbase

reply to Its a Secret
Thanks for the tip! I need to do the same with IE8. But not sure how to?

reply to Trel

reply to Its a Secret
Simply unchecking Comodo certs is not enough. You must also uncheck for Add Trusted, Be Trusted and User Trust Network. They are all owned by Comodo. In Fx you cannot delete them. Well, you can but Fx will replace them next time you open the browser. Instead, disabling them as you have described is the correct and only effective way to do it in Fx.

In IE, UTN is User Trust Network. Click on Advanced tab and uncheck everything on each of them. Uncheck the Comodo one. Uncheck all A-Trust ones also.

In Opera, they are Add Trust, Comodo and UTN. You can uncheck both boxes or you can check both boxes. If you check both boxes then Opera will warn you before using the cert.

Fx3 is a mess for dealing with certs compared to earlier versions. In 1.5 if you have unchecked a cert, and you encounter a web site that uses a cert from that root issuer, Fx gives you a straightforward warning and asks if you want examine the cert, choose to never accept that cert, choose to accept it one time or always accept it. Fx3 is a great deal more complicated and you have to navigate through a bunch of windows designed to terrify the average user before Fx3 will allow you to examine the cert which is the first thing it should do like it does in 1.5. You need to examine the cert but Fx 3 thinks users are too dumb to do that (and a lot are).

Fx3 also is extremely misleading and lies to the user as it tells you that something is wrong with the web site. That is not true if you have unchecked all Root certs from Comodo! There is nothing necessarily wrong with the website. The user chose to uncheck those certs and unchecking them is the "problem". There could be something nasty at the website that uses one of those certs but not always. I keep GoDaddy unchecked because a lot of sites that are sleazy use GoDaddy because it is the cheapest. I want to know before I go to a secure site secured by GoDaddy. Fx 1.5 handles this correctly. Fx3 goes nuts. I just need to look at the cert (partly because I need to see who the issuer is) which Fx 1.5 understands and shows it to me immediately. Fx3 freaks out and makes it a hassle for me to examine the cert.

Mozilla is still seriously discussing yanking Comodo certs but the stumbling block appears to be that since that has never been done before they don't know how best to do it while causing the least disruption to users. At this point, I think they just need to yank them even if it causes some initial problems. I get chills every time I think about how Eddy Nigg was able to buy a cert for mozilla.com from a Comodo reseller with no attempt to check his identity. I think they should have yanked them back in January instead of the immense amount of discussion in the news group and the filing of bugs, etc. which is still ongoing.
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason

reply to Trel
Many cert issuers are in that business. That's what they do.
Comodo is in the security business, the others are not.
They are supposed to be protecting us from the very sites they are selling certificates too.
That's the difference.
Instead of trying to contol malware they are adding to it.

I have to wonder how many users have been infected by these sites certified by Comodo.
--
"In times of universal deceit, telling the truth becomes a revolutionary act.."
George Orwell

reply to hayc59
Comodo is going to discover that they either have to be in the cert business or in the security business, you can't do both. Well, you can, but those who know better won't deal with them. I've been really disappointed with how Comodo has handled a number of situations and I won't be using any of their products simply because I don't trust them.

reply to danny9

reply to danny9

reply to Its a Secret