|
 |
VikingBob
join:2004-06-05
Ste Anne, MB | Comodo really needs to smarten up...  | |
|
 | 
Khaine
join:2003-03-03
Australia
| Re: Comodo Continues to Damage It's Reputation said by VikingBob  :Comodo really needs to smarten up... I think its too late. Security is all about trust, and how can we trust them now? | |
|
shearer
Northern Lights
Premium
join:2002-06-18
Toronto, ON
clubs: | Disabled Comodo certs on IE and Firefox. thanks for heads up | |
|
| 
onDvine
Premium
join:2005-01-29
So. CA, USA
clubs:
 ·Verizon Online DSL
| Re: Comodo Continues to Damage It's Reputation I'm still using Comodo version 2.4.18.184. Should I disable anything in Firefox? If so, where do I find the certs you referred to?
Don't use IE, but access one PhotoBucket account using Avant Browser (which is IE-based) to keep its cookies separate from another PhotoBucket account.
--
Be content with your lot; one cannot be first in everything. ▪Aesop | |
|
| | 
Its a Secret
Whatever
Premium
join:2008-02-23
U B Funny
1 edit | Re: Comodo Continues to Damage It's Reputation In FF, it's under Tools|Options|Advanced|Encryption and then view certificates. Find Comodo, and click edit for each of them and uncheck the boxes. | |
|
| | | 
MarkAW
Barry White or lil bratt
Premium
join:2001-08-27
Canada
1 edit | Re: Comodo Continues to Damage It's Reputation I unchecked and deleted all Comodo certificates in Opera, Seamonkey and IE7 and haven't had any problems. | |
|
| | | KoRnGtL15
Premium
join:2007-01-04
Grants Pass, OR
| Thanks for the tip! I need to do the same with IE8. But not sure how to?
said by Its a Secret :In FF, it's under Tools|Options|Advanced|Encryption and then view certificates. Find Comodo, and click edit for each of them and uncheck the boxes. | |
|
| | | Mele20
Premium
join:2001-06-05
Hilo, HI
| Simply unchecking Comodo certs is not enough. You must also uncheck for Add Trusted, Be Trusted and User Trust Network. They are all owned by Comodo. In Fx you cannot delete them. Well, you can but Fx will replace them next time you open the browser. Instead, disabling them as you have described is the correct and only effective way to do it in Fx.
In IE, UTN is User Trust Network. Click on Advanced tab and uncheck everything on each of them. Uncheck the Comodo one. Uncheck all A-Trust ones also.
In Opera, they are Add Trust, Comodo and UTN. You can uncheck both boxes or you can check both boxes. If you check both boxes then Opera will warn you before using the cert.
Fx3 is a mess for dealing with certs compared to earlier versions. In 1.5 if you have unchecked a cert, and you encounter a web site that uses a cert from that root issuer, Fx gives you a straightforward warning and asks if you want examine the cert, choose to never accept that cert, choose to accept it one time or always accept it. Fx3 is a great deal more complicated and you have to navigate through a bunch of windows designed to terrify the average user before Fx3 will allow you to examine the cert which is the first thing it should do like it does in 1.5. You need to examine the cert but Fx 3 thinks users are too dumb to do that (and a lot are).
Fx3 also is extremely misleading and lies to the user as it tells you that something is wrong with the web site. That is not true if you have unchecked all Root certs from Comodo! There is nothing necessarily wrong with the website. The user chose to uncheck those certs and unchecking them is the "problem". There could be something nasty at the website that uses one of those certs but not always. I keep GoDaddy unchecked because a lot of sites that are sleazy use GoDaddy because it is the cheapest. I want to know before I go to a secure site secured by GoDaddy. Fx 1.5 handles this correctly. Fx3 goes nuts. I just need to look at the cert (partly because I need to see who the issuer is) which Fx 1.5 understands and shows it to me immediately. Fx3 freaks out and makes it a hassle for me to examine the cert.
Mozilla is still seriously discussing yanking Comodo certs but the stumbling block appears to be that since that has never been done before they don't know how best to do it while causing the least disruption to users. At this point, I think they just need to yank them even if it causes some initial problems. I get chills every time I think about how Eddy Nigg was able to buy a cert for mozilla.com from a Comodo reseller with no attempt to check his identity. I think they should have yanked them back in January instead of the immense amount of discussion in the news group and the filing of bugs, etc. which is still ongoing.
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason | |
|
| | | |
| | | |
Its a Secret
Whatever
Premium
join:2008-02-23
U B Funny
 ·Shaw
| Re: Comodo Continues to Damage It's Reputation said by onDvine : Is it possible that since they're already unchecked, they have no ability to authorize anything? "Authorities" is the only tab that has anything in it at all. Yes, as confirmed by Mele20 , unchecking seems to be the only way. And yes, they won't be used to verify a site.
The other tabs should be empty unless you've added a cert to them.
--
"In the future, that which is not mandatory will be illegal"
"Nobody knows the age of the human race, but everybody agrees that it is old enough to know better" - Anonymous | |
|
| | | | | |
| | | | |
| | | | | |
| | | 
Pentangle
With our thoughts we make the world.
Premium
join:2006-06-01
Vancouver BC
·Shaw
| said by Its a Secret :In FF, it's under Tools|Options|Advanced|Encryption and then view certificates. Find Comodo, and click edit for each of them and uncheck the boxes. What about the very large number of certificate authorities that are built into Firefox? Are they all considered to be safe?
--
Knowledge is learning something new every day. Wisdom is letting go of something every day.
| |
|
| | | |
Its a Secret
Whatever
Premium
join:2008-02-23
U B Funny | Re: Comodo Continues to Damage It's Reputation That's a good question. I guess we'll find out if the worm turns to bite us. | |
|
| | | | |
| | | | |
Its a Secret
Whatever
Premium
join:2008-02-23
U B Funny
·Shaw
| Re: Comodo Continues to Damage It's Reputation said by onDvine :I don't speak Spanish or go to Spanish language sites but hesitated to uncheck them because I don't understand what the heck any of the certificates are about/for.  Does anybody know if they're needed? Try this for an explaination: »translate.google.ca/translate?hl···26sa%3DG
It looks like this cert issuer can verify ONLY web sites and email (i.e. encrypted or signed email), not software.
I tend to think this may be getting a bit overblown as an issue, however, you never know, do you?
You can always view the certificate though, if you have any doubts.
--
"In the future, that which is not mandatory will be illegal"
"Nobody knows the age of the human race, but everybody agrees that it is old enough to know better" - Anonymous | |
|
| | | | | |
onDvine
Premium
join:2005-01-29
So. CA, USA
clubs:
·Verizon Online DSL
| Re: Comodo Continues to Damage It's Reputation Thank you.  It looks like a very good explanation, if only I understood it. Am not among DSLR's more tech-savvy members.
... however, you never know, do you? ... Some others here might; I don't. I see so many unfamiliar names that are tempting to disable if checked, but experience has taught me not to check or uncheck stuff without knowing WTF I'm doing. 
... You can always view the certificate though, if you have any doubts. I did and as with the linked explanation, don't understand it. Maybe one of these days I'll ask about certificates in the Mozilla section. Thanks again for your time and attention. | |
|
| | | | | | |
Its a Secret
Whatever
Premium
join:2008-02-23
U B Funny
·Shaw
| Re: Comodo Continues to Damage It's Reputation Always a pleasure.
All a certificate issuer does is verify that a person or organisation is who they say they are. Most have strict rules around that including lawyers, Notary Publics etc. and when, and only when, they are verified is a cert issued. Commercial certs are not cheap and for good reason.
There is a multitude of trust placed in these companies, and we can only hope the trust is not misplaced.
--
"In the future, that which is not mandatory will be illegal"
"Nobody knows the age of the human race, but everybody agrees that it is old enough to know better" - Anonymous | |
|
SUMware
Premium
join:2002-05-21
| Another thank you!
said by VikingBob :Comodo really needs to smarten up... It's called 'producing profits' instead of 'providing protection'. | |
|
| 
siljaline
mind that delimiter
Premium
join:2002-10-12
Montreal, QC | Re: Comodo Continues to Damage It's Reputation Perhaps "layered" malware SUMware | |
|
| | SUMware
Premium
join:2002-05-21
2 edits | Re: Comodo Continues to Damage It's Reputation said by siljaline :"layered" malware  layered security insecurity | |
|
Trel
Good Evening
Premium
join:2002-10-08
Hillsborough, NJ | Isn't EVERY issuer doing this, and the only reason Comodo's come under fire for it because they also have a line of security products?
--
/chown -R us:us /yourbase | |
|
| |
| |
Trel
Good Evening
Premium
join:2002-10-08
Hillsborough, NJ
1 edit | Re: Comodo Continues to Damage It's Reputation said by danny9 :said by Trel :Isn't EVERY issuer doing this, and the only reason Comodo's come under fire for it because they also have a line of security products? Can you honestly say you would trust Comodo to protect you when at the same time they are issuing certificates to malware sites? Sounds like they're trying to have their cake and eat it too which is philosophically impossible. They have been told about this but continue to ignore it hoping it will go away. It won't. I am one of those users, I was running CIS, that will no longer use any Comodo product on my computers. They may have started out with the right idea but money became the name of the game. Well to be completely honest, I couldn't care less about that link, as I highly doubt the programmers are the same that issue the certs. I use Comodo 2.4 (never liked 3), but either way, it irks me to see JUST Comodo being bitched at for this when all cert issuers do it.
Don't get me wrong, I don't approve of this, but to me the problem isn't that Comodo is doing this. The problem is that ANY cert issuer does this. And they all do. Singling out Comodo seems to just confuse the issue.
--
/chown -R us:us /yourbase | |
|
| | | |
| | | | 
hayc59
VoodooChild
Premium
join:2001-02-26
David R.I.P.
1 edit | Re: Comodo Continues to Damage It's Reputation said by danny9 :Many cert issuers are in that business. That's what they do. Comodo is in the security business, the others are not. They are supposed to be protecting us from the very sites they are selling certificates too. That's the difference. Instead of trying to contol malware they are adding to it. I have to wonder how many users have been infected by these sites certified by Comodo. This is exactly the point no matter what company or programmers, its what they allow to be included in their software and being in the security sector is just not cool!
--
ãrê ¥Øu êxpêriêncêD
Microsoft® MVP Consumer Security 2007-09
"Greater love has no one than this, that he lay down his life for his friends."
9/11/01 Never Forget | |
|
| | | |
MarkAW
Barry White or lil bratt
Premium
join:2001-08-27
Canada
·Bell Sympatico
·Cogeco Cable
1 edit | said by danny9 :Many cert issuers are in that business. That's what they do. Comodo is in the security business, the others are not. They are supposed to be protecting us from the very sites they are selling certificates too. That's the difference. Instead of trying to control malware they are adding to it. I have to wonder how many users have been infected by these sites certified by Comodo. Well said danny9 and i totally agree with what you say, and have unchecked removed everything and anything that deals with Comodo in the three Browsers i mentioned earlier in this thread.
Edit: i have never used Comodo products and never will, i never trusted that company for some reason.
--
The greatest mistake you can make in life is to be continuously fearing you will make one.
Next to knowing when to seize an opportunity, the most important thing in life is knowing when to forego an advantage. | |
|
| | 
CylonRed
Premium,MVM
join:2000-07-06
Bloom County
| said by danny9 :said by Trel :Isn't EVERY issuer doing this, and the only reason Comodo's come under fire for it because they also have a line of security products? Can you honestly say you would trust Comodo to protect you when at the same time they are issuing certificates to malware sites? Sounds like they're trying to have their cake and eat it too which is philosophically impossible. They have been told about this but continue to ignore it hoping it will go away. It won't. I am one of those users, I was running CIS, that will no longer use any Comodo product on my computers. They may have started out with the right idea but money became the name of the game. I have had zero issues with malware for the years I have run Comodo - somehow I doubt they are ant different than any other provider as Trel points out.
--
Brian
"It drops into your stomach like a Abrams's tank.... driven by Rosanne Barr..." A. Bourdain | |
|
| | 
Grail Knight
Who Dares Wins
Premium
join:2003-05-31
·Verizon Online DSL
| quote:
Can you honestly say you would trust Comodo to protect you when at the same time they are issuing certificates to malware sit
Why yes I will. I doubt developers at Comodo sell certs any more then a non-music devision at Sony had anything to do with rootkits on CDs not that long ago or MS waiting seven years to fix a critical security issue (Update, MS08-068).
quote:
They have been told about this but continue to ignore it hoping it will go away. It won't.
Do you know for a fact Comodo is doing what you said or just assuming this to be the case?
--
One good conspiracy theory deserves another. | |
|
| | |
See 6 replies to this post |
|
|
|
ashrc4
join:2009-02-06
australia
| Ok let me understand this.
Comodo is a security company and an issuer of certs.
A compeditor (cough) Malware destructor 2009 asks for a cert.
Am i missing something here!!
How long have they been in business and how stupid do they take (us)
--
It's one thing to be sure of yourself. It's another to confuse people. If they weren't related to each other we wouldn't have a problem;~) | |
|
|
|
|
See 21 replies to this post |
|
ashrc4
join:2009-02-06
australia
| »forums.comodo.com/general_discus···3.0.html
"Endymion
Comodo's Hero
*****
Reality is subordinate to perception"
Good to see all the different parties over a comodo can get together and resolve their issues.
Perhaps they could help those wishing to persue what they see as a company not taking their responsibilty in the public arena seriusly enough and lead by example.
The thread mentioned above is aptly titled "HERE WE GO AGAIN"
Some might prefer that this threads title becomes "Comodo CONTINUES to damage peoples reputation"
--
It's one thing to be sure of yourself. It's another to confuse people. If they weren't related to each other we wouldn't have a problem;~) | |
|
|
|
hayc59
VoodooChild
Premium
join:2001-02-26
David R.I.P. | LOL
Melih is the company!!! | |
|
| 
Cudni
La Merma - Vigilado
Premium,MVM
join:2003-12-20
Someshire
| Re: Comodo Continues to Damage It's Reputation said by hayc59 :Melih is the company!!! and that is the potential issue if the some of the public equates his personality negatively to the whole company. It damages their good work and sullies their reputation.
cudni
--
"what we know we know the same, what we don't know, we don't know it differently."
Help yourself so God can help you.
Microsoft MVP, 2006 - 2009 | |
|
|
Grail Knight
Who Dares Wins
Premium
join:2003-05-31 | So Comodo has one person in the entire company and only one department?
--
One good conspiracy theory deserves another. | |
|
| |
MarkAW
Barry White or lil bratt
Premium
join:2001-08-27
Canada
·Bell Sympatico
·Cogeco Cable
| Re: Comodo Continues to Damage It's Reputation said by Grail Knight :So Comodo has one person in the entire company and only one department? No Comodo does not have one person in the company, but the company was started by Melih and the problem is how Melih has been handling all this. Like Cudni says and quote "and that is the potential issue if the some of the public equates his personality negatively to the whole company. It damages their good work and sullies their reputation."
--
The greatest mistake you can make in life is to be continuously fearing you will make one.
Next to knowing when to seize an opportunity, the most important thing in life is knowing when to forego an advantage. | |
|
| | |
Grail Knight
Who Dares Wins
Premium
join:2003-05-31
·Verizon Online DSL
| Re: Comodo Continues to Damage It's Reputation Still does not mean to much to me other then someone made an off color remake.
Wow! The end of the world is near now because of that.
Note my sarcasm because it appears some people have evidently never seen a president of a company get pissed or make rude comments and customers that overheard it then either move on or stay out of because they do not know the whole story.
--
One good conspiracy theory deserves another. | |
|
jp10558
Premium
join:2005-06-24
Willseyville, NY
| Maybe it's just me, but the sudden and continued attacks on Comodo (and not other cert vendors, or other toolbar bundlers) smell like some sort of smear campaign to me. Heck, Java is now trying to install a McAffee trial.
And so far, most of the so called trust violations seem to me to be
a) normal business practice in the industry they are related to
and
b) simple enough to deal with
I know this isn't a popular view here, but I still recommend Comodo Internet Security, and have yet to see a better free app for layered security.
--
Opera 9.62(Build 10467); Windows XP Pro SP3;Intel C2Q6600; 3GB DDR2 1066; 1M/128k DSL; Antivir Personal; Comodo Firewall Pro 3;Proxomitron 4.5j Sidki 2008beta,GPG ID:0x0A1C6EE3 | |
|
| Surfinusa
Premium
join:2001-02-08
| Re: Comodo Continues to Damage It's Reputation said by jp10558 :I know this isn't a popular view here, but I still recommend CIS, and have yet to see a better free app for layered security. Agreed I still use and like Comodo. | |
|
| | 
poppster
Tell the truth and then run.
Premium
join:2003-12-23
Midwest
clubs:
| Re: Comodo Continues to Damage It's Reputation said by Surfinusa :said by jp10558 :I know this isn't a popular view here, but I still recommend CIS, and have yet to see a better free app for layered security. Agreed I still use and like Comodo. Use it on my wife's machine and it's great!
Light on resources, tons of options, and no nag screen!
--
What else would you do?
--
There is hope! | |
|
| | | Surfinusa
Premium
join:2001-02-08
| Re: Comodo Continues to Damage It's Reputation said by poppster :said by Surfinusa :said by jp10558 :I know this isn't a popular view here, but I still recommend CIS, and have yet to see a better free app for layered security. Agreed I still use and like Comodo. Use it on my wife's machine and it's great! Light on resources, tons of options, and no nag screen! Light on resource is one of the main draws for me, that and a very configurable firewall.
Uninstalling is also a snap, try uninstalling NIS or KAV takes a while and tons of junk left in registry.
While the anti-virus in CIS might not be ground breaking it doesn't hurt to use common sense when looking around on the net and downloading files.
CIS updates frequently also. | |
|
| |
mvdu
Premium
join:2003-07-28
Collegeville, PA
| Not all CEOs act unprofessional and not grown up like Melih does, though.
I'll never be convinced to use Comodo unless changes are made. That's my prerogative. There are plenty of good reasons why Comodo isn't upholding "trust online." There's no smear campaign. | |
|
|
Grail Knight
Who Dares Wins
Premium
join:2003-05-31
·Verizon Online DSL
1 edit | Re: Comodo Continues to Damage It's Reputation quote:
Not all CEOs act unprofessional and not grown up like Melih does, though.
Did I say all CEOs were like this? That answer would be no.
Edit* If you were not replying to me disregard.
--
One good conspiracy theory deserves another. | |
|
maximusqb
join:2005-02-21
| I still use and like Comodo firewall with D+. I am not concerned that they have an option to install the toolbar during install as it is easy enough to uncheck it. I have multiple home computers and Comodo Firewall is what I use on the majority of them b/c it seems to work best with whatever other software I use. I have a lifetime 3 user license of Outpost firewall pro too, but I am not even using all licenses b/c I find I prefer Comodo and use that instead. As far as the Certs issue goes, I guess it doesn't bother me too much as I still use their product. | |
|
|
| Mele20
Premium
join:2001-06-05
Hilo, HI
| Re: Comodo Continues to Damage It's Reputation This is why users have to block ALL Comodo certs in all their browsers. I did this from the blog and click where it says and "here":
"You can see the Comodo certificate for freemjlitho.com both in the screenshot top left, and here."
You can see from my screenshots what happened. There is no way I would go to that site and fall for a phishing scheme after Fx warned me. But if I had not blocked all Comodo and GoDaddy certs last year ....well, if I was a big Michael Jackson fan, I might have fallen for it.
Mozilla really needs to yank the Comodo certs. I don't think any other solution will be satisfactory. Mozilla needs to step up to the plate and bite the bullet. I single out Mozilla and their browsers because it was Mozilla that was made to look the fool last December when Eddy Nigg of StartCom was able to buy a Mozilla.com cert from a Comodo reseller and he has nothing to do with Mozilla organization. Mozilla should be the leader here and do the right thing.
I don't know if it is allowable to quote an entire news group message in a forum like this or not but "Facts about Comodo Resellers and RAs" by Eddy Nigg on December 24, 2008 in the mozilla.dev.tech.crypto News Group is educational. One thing he states in this message is that not only has Mozilla, before the incident in December regarding him buying the mozilla cert, expressed considerable concern regarding Comodo certs in Mozilla browsers but MICROSOFT has received MANY complaints about Comodo being allowed as a root cert authority in Internet Explorer. Microsoft has even more clout and ability to yank certs. Why are they doing nothing? Why don't Mozilla and Microsoft get together on this and act jointly?
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason | |
|
hayc59
VoodooChild
Premium
join:2001-02-26
David R.I.P. | Thanks Mele20!! | |
|
Tordurbar
join:2009-07-12
1 edit | Why are they doing nothing? Why don't Mozilla and Microsoft get together on this and act jointly?
Because half a dozen misguided FUDsters repeating and spreading the same lame "problem", hardly constitutes a groundswell of opposition.
If people truly understood the values, implications, inherent weaknesses, of the various types of certs, and of the certification system itself. And gave up on the holier than thou bunk.
They may find that until DV certs are no more, user education is the key.
Oh well, at least the passion with which the haters bash away at Comodo is inspiring.
Perhaps put some of that energy into lernin n such. | |
|
|
See 7 replies to this post |
|
|
|
|
Comodo Continues to Damage It's Reputation
Re: Comodo Continues to Damage It's Reputation
·
·
