CF/CS Settings/ - Trusted Vendors List - A Vulnerability?

Status
Not open for further replies.

SearchLight

Level 13
Thread author
Verified
Top Poster
Well-known
Jul 3, 2017
625
I have setup CF according to Cruel Sister's settings.

In the course of installing the new KAF, I posted questions about using it in conjunction with CF and a BB and came across a posting by Umbra referencing the Trusted Vendors List being the weakest link of CIS in his opinion. That posting is here:

Comodo Internet Security Setup/configuration thread (Setting Only)

Now Cruel Sister does not reference this in her video in terms of unchecking the option, and I would not think to question Comodo being a top notch security firm, and left this feature activated in File Ratings.

However, after reviewing this list I came across the following which gave me pause. There were three vendors listed entirely in Chinese, which I can neither read, nor speak. Should I trust these unknown vendors? If this be the situation, and Comodo is able to list these as supposed "Trusted Vendors", any vendor could be listed, in any language, compromising one's security by allowing software written by them to operate if one were not a linguist to try and interpret it, and decide whether it could then be trusted.

Maybe Trusted Vendors should be unticked?

I am hoping Cruel Sister weighs in on this, too.

Maybe this is of no concern but listing an indecipherable unknown as a Trusted Vendor could be considered a vulnerability in my opinion.

(See Thumbnails below)

Your thoughts?
 

Attachments

  • TVL1.png
    TVL1.png
    30.8 KB · Views: 528
  • TVL.png
    TVL.png
    30.8 KB · Views: 526
Last edited:

woodrowbone

Level 10
Verified
Dec 24, 2011
480
I am also a bit confused why they not translate the list so all can read it?
The first thing i do is to remove the Chinese and Russian certificates in that list.

/W
 

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
Difficult debate. Looks really like Comodo is defending the certificate portion of their business by trusting so many developers (keep the devs happy and buying). Not a good idea imo, as the considerations should be completely separate from each other. What they SHOULD do is publish a strict set of requirements for publishers for being whitelisted in CFW/CIS and then review it and update it constantly. Make it clear to devs what is required.

Even using the TVL, Comodo seems very powerful to me. On the main PC I went with a trimmed list for awhile and then went back to compare. Conclusion...list should be better but at least Comodo is on the hot seat with the list. I will probably stick with the full list now. Would help if TVL lists could be imported separately from other settings though.

Could the Chinese vendors be big purchasers of certificates? Seems kind of likely to me.
 

SearchLight

Level 13
Thread author
Verified
Top Poster
Well-known
Jul 3, 2017
625
Hi SearchLight! I actually did a video on modifying the TVL a while ago. Also, it is not a good idea to delete all vendors as you will have everything sandboxed on your system!


Cruel Sister, I just followed your video as described using your deselection procedure and selections in my CF v10, and now those deselected, disappeared.

I am having trouble with v10 again because your videos are geared to v8, and some of the configurations like you describe in your videos have been either removed, or renamed in

For example, in v10, there is a Select All box in the TVL. When you start deselecting, at some point, the Select All box deselects itself, so after making selections, you press remove button, and the other buttons stay unselected.

I have debated this awhile, and for the sake of good prevention, and security, I will revert back to v8 which you have tested and proven to be bulletproof. Just because something is newer, does not make it better in my particular case.

Just an update, I re-installed v8 with your FW settings, and was able to configure the TVL with your TVL settings.
 
Last edited:

Morphius

Level 1
Sep 13, 2011
47
What they SHOULD do is publish a strict set of requirements for publishers for being whitelisted in CFW/CIS and then review it and update it constantly.

Actually that's the policy of Comodo's TVL. It was reviewed few times for shady vendors, and if you look up at comodo's forums you will see that many times a request to add a vendor to TVL/add file to trusted list is rejected due to not fulfilling the criteria.
 

l0rdraiden

Level 3
Verified
Jul 28, 2017
108
Actually that's the policy of Comodo's TVL. It was reviewed few times for shady vendors, and if you look up at comodo's forums you will see that many times a request to add a vendor to TVL/add file to trusted list is rejected due to not fulfilling the criteria.
I doubt they review the list periodically since they don't have a way to do it, or resources to do it manually
 

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
Actually that's the policy of Comodo's TVL. It was reviewed few times for shady vendors, and if you look up at comodo's forums you will see that many times a request to add a vendor to TVL/add file to trusted list is rejected due to not fulfilling the criteria.

Thx. Anyone know if Comodo has any hard qualifications for applying tor trust? Like is there a years with a signed application requirement or verified distribution numbers or company earnings or something?
 

SearchLight

Level 13
Thread author
Verified
Top Poster
Well-known
Jul 3, 2017
625
After all the back and forth with the now infamous TVL, I uninstalled CFv10, and re-installed CFv8, and was able to configure the TVL like cruel sister describes in her video. I hate when a software vendor rather than improve on features, starts removing them, and then makes a program more user complicated by omission. Anyway, v8 of CF/CS Settings is also working well with KAF. I have established rules in the Sandbox to Ignore KAF, as well as the Firewall.

Maybe the solution is to eliminate the TVL upon installation, and test each program for trustworthiness via the Cloud. In other words, start with a blank TVL, and build one based on what is on a user's machine.
 

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
Maybe the solution is to eliminate the TVL upon installation, and test each program for trustworthiness via the Cloud. In other words, start with a blank TVL, and build one based on what is on a user's machine.

Good idea. I might try this at some point :). Thx.

Sorry to hear you had troubles with 10. Didn't have a problem using CS' method for trimming the TVL in 10 myself. There is a small magnifying glass that you click on to type a search in the column header. I had a hard time seeing it when I was looking around the first time. It's grey, so it's hard to see on the white GUI.
 

SearchLight

Level 13
Thread author
Verified
Top Poster
Well-known
Jul 3, 2017
625
Just as an fyi, v8 started to update the recognizers but it also updated itself to v10, as well. Lo and behold, all my settings in v8 including my customized TVL per cruel sister's settings migrated over to v10. What a surprise, after all my aggravation! Maybe this is the better way, upgrade and your all set but not all programs always keep the original settings.

It is like getting a new car customized to your own tastes.

Thanks to all again for your suggestions. Always a learning experience on this forum.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top