COMODO 6.3.300670.2970

[illumination]

Is this recent behavour which can be verified.?

Read before you post..

Littlebits, could you tell more about Comodo's past of shady and/or unethical behavior? I never heard of such things.

I believe the keyword here is "past"

Regardless, i remember the firewall being licensed to rogue vendors..
Many have complained of the trusted vendors list for some time now, stating they would like a way to remove it "and not have it come back upon next update" or a way to disable it..

 

[Chiron]

Littlebits, could you tell more about Comodo's past of shady and/or unethical behavior? I never heard of such things.

The Ask Toolbar incident has already been mentioned which wasn't as bad as some of the other things they did.

1. They knowingly sold trust certificates to malware domains then gave lame excuses for it.

This sort of mistake happens to all certificate issuers. Actually, from what I am aware of, Comodo has not mistakenly given these to malware vendors as often as most other companies. Also, as mentioned by Amiga500, Melih has in fact been suggesting that all certificate issuers issue only Extended Validation Certificates. However, as he mentioned, Comodo cannot currently do that as the other companies offer the less secure certificates. Thus, although this sounds like a cop-out, I see it as merely being a realist.

However, I do not hold Comodo responsible for the mistakes of the industry.

2. They licensed their firewall to rogue vendors that scam users into buying it. Some of these rogue vendors are still selling Comodo Firewall clones today.

Can you please provide a link for this? I'd like to look into this.

Thanks.

3. They added all of the ad-partners to their whitelists to avoid detection by CIS. Some of the things included in their whitelists are toolbars, dodgy vendors products, adware, many PUA's and maybe some of the malware domain products that they sold to trust certificates to.

I am aware that some adware vendors/products are in the whitelist. However, I was of the opinion that the vendors got into the whitelist because they used to produce trustworthy products, but then changes their ways. Thus, there is a period of time before they are identified and removed.

As for individual products, I believe this is likely due to small errors in the automatic white-listing procedures which it appears are in place on the backend.

I have not seen any evidence of them intentionally adding bad products into the whitelist. In fact, I haven't seen discussion of anything like this at all. Can you please provide a link to the discussion which I assume you are referring to?

Thanks.

4. Shady EULA and privacy policy on all of their products, all of their products collect user data and there is no way to opt-out. It is not clear what they collect or how they use your collected data. For the legal point, the way they worded their privacy policy it is like a legal form of spyware.

Agree. I do not like the EULA for many products. However, for legal purposes (as for some crazy reason Comodo does not want to be sued) I believe that they have made their EULA this vague so that the cloud-upload, which is used for identification of dangerous and safe software, cannot be used by individuals as a way to try and sue Comodo for money.

I have not looked into it personally, but I assume that you will find similar language for almost any cloud-based anti-malware product.

Thank you.

 

[jim lin]

@Chiron

"Can you please provide a link for this?"

if i remember right they licensed their firewall to for one PcSecurityShield

http://www.pcsecurityshield.com/



James

 

[jim lin]

"please do not shoot the messenger"

i'm not trying to flame Comodo or PcSecurityShield at all but it was asked for the info

i know it's old but some info about pcsecurityshield is at spywarewarrior

http://www.spywarewarrior.com/rogue_anti-spyware.htm#products

Privacy Defender pcsecurityshield,com

"false positives work as goad to purchase; poor, misleading scan reporting; deceptive advertising/"scan" on home page (1); advertises through adware (1); recruits affiliates
through spam (1); dubious corp. associations (1); same app as Spyblocs 3.0, MySpyFreePC, iSpyKiller, SamuraiSpy, & Spy Crusher; also from this domain: The Shield 2004, PC Security Shield - (Note: other domains associated w/ Privacy Defender include: clixtrader,net, pcsecuritysheild,com, pcsecuritywall,com, pctoolworks2004,com,
pctoolworks2005,com, threatlevel,com) [A: 6-26-04 / U: 9-7-05]"




James

 

[Geni]

Many fail to understand what Comodo really is...

Once Comodo do this I might start considering it as a serious contestant,
otherwise it's meaningless.

 

[Chiron]

@Chiron

"Can you please provide a link for this?"

if i remember right they licensed their firewall to for one PcSecurityShield

http://www.pcsecurityshield.com/



James

Thank you for the link. I was able to find this link:
http://forums.comodo.com/how-can-i-help-comodo-please-we-need-you/what-is-this-the-shield-firewall-50-t21274.0.html
in the Comodo forums.

It looks like a mistake to me. Obviously one which shouldn't have happened, but since it was so long ago, I'm willing to assume Comodo has learned its lesson.

 

[Littlebits]

"please do not shoot the messenger"

i'm not trying to flame Comodo or PcSecurityShield at all but it was asked for the info

i know it's old but some info about pcsecurityshield is at spywarewarrior

http://www.spywarewarrior.com/rogue_anti-spyware.htm#products

Privacy Defender pcsecurityshield,com

"false positives work as goad to purchase; poor, misleading scan reporting; deceptive advertising/"scan" on home page (1); advertises through adware (1); recruits affiliates
through spam (1); dubious corp. associations (1); same app as Spyblocs 3.0, MySpyFreePC, iSpyKiller, SamuraiSpy, & Spy Crusher; also from this domain: The Shield 2004, PC Security Shield - (Note: other domains associated w/ Privacy Defender include: clixtrader,net, pcsecuritysheild,com, pcsecuritywall,com, pctoolworks2004,com,
pctoolworks2005,com, threatlevel,com) [A: 6-26-04 / U: 9-7-05]"




James

The rogue software vendors that owns pcsecuritysheild is is3.com which also promotes many other rogue products like STOPZilla, they were one of Comodo's partners and Comodo did license their firewall and AV engine to them and so did BitDefender. I'm not sure if Comodo still has an active partnership with is3.com, maybe someone can check their whitelists for is3.com products.

http://msmvps.com/blogs/donna/archive/2008/04/07/comodo-licensed-their-firewall-to-rogue-company.aspx

http://www.dslreports.com/forum/r20290613-Comodo-Firewall-Free-No-More

http://forums.comodo.com/how_can_you_help_comodo_please_we_do_need_you/what_is_this_the_shield_firewall_50-t21274.0.html

For security products collecting user data, most vendors have opt-outs and clear understanding of what is collected and how it is used, this doesn't apply to Comodo products, they have no opt-outs and it is not clear how they use your data or what they collect. They could collect about anything they want and sell it to whoever they want to legally according to their privacy policy. (I"m not making accusations this is what they are doing with your data but they could if they wanted to).

http://dottech.org/10032/paying-a-price-to-use-free-software-the-dark-side-of-comodo-products/

Trust Certificates are sold to malware domains by other venders as well, but the main difference is that Comodo is a security software vendor which has more knowledge in the malware field and should know better. Their lame excuses are not acceptable for a company that uses the motto "Creating Trust Online".

http://www.calendarofupdates.com/updates/index.php?showtopic=19279

Thanks.

 

[MrXidus]

Interesting discussion.

Sadly it looks like I've lost trust for Comodo for now simply because I just can't take the chance after reading such various information and sources.
Misleading, false, once true or still true one thing is for sure I'm now wary of Comodo products because what has been seen cannot be un-seen and there's just no way to be 100% guaranteed assured as to what is happening under the hood.

Unless someone goes ahead and reads every word and line of their latest TOS/EULA/Privacy Policy etc and lists what exactly they can do with our information to show they're not shady, define what information they can collect, share or use by installing their products.

If potential data collection is not a concern for you, by all means use Comodo products (I have stated time and time again, at face value, Comodo programs are great). However me, and many others, deplore this practice of data collection without clear notification and/or opt-out option and will probably never use Comodo products again.

They are providing you a great free product, who cares if they get a little of your information and besides what have you got to hide anyway.

My view could be changed, just with the right proof or information.

Thanks.

 

[cruelsister]

Obviously one can like/dislike a product for any reason at all, and I won't go into comparative Privacy Policies here- but they all are about the same- actually some exactly the same. But I would like to ask just what kind of information do you think Comodo can or would transmit that would constitute a privacy breach?

As a free product they don't require name, address, credit card info. And if the worry is the dissemination of websites visited, just about every company is a client of either Google Analytics and/or Adobe SiteCatalyst (I won't even mention the massive data breach of the latter) for marketing purposes so that's pretty much a wash.

So I would think that the only concern would be the direct lifting of emails/passwords/documents, etc. As any evidence of this (which would destroy a company) has never been even intimated, just what is the issue?

 

[kjdemuth]

That's why I encrypt just about every personal document on my system. They can scroll through anything they want. Not going to find too much that isn't encrypted.

 

[Jaspion]

I think the problem is with the vague description of the policy. IP is personal information, legally speaking. So they can say they have personal information on you which may be sold or used any other way. But that personal information might be just IP and non-personally-identifying statistics. The problem is this "might", or "might not" be.

Read, if you will:
http://www.comodo.com/repository/privacy-policy.php

@ kjdemuth: Seriously, what do you think they'd want with your personal files?

 

[Jaspion]

Maybe this whole clash is with the double life some people like to live on the internet, or at least partly motivated by it. "This IP likes et cetera and some more, so let's display the right ads for this guy." So this means, basically, that some company knows your "secret" desires. If that's your concern, you might want to reconsider more than just your AV/FW solution.

 

[Littlebits]

I think the problem is with the vague description of the policy. IP is personal information, legally speaking. So they can say they have personal information on you which may be sold or used any other way. But that personal information might be just IP and non-personally-identifying statistics. The problem is this "might", or "might not" be.

Read, if you will:
http://www.comodo.com/repository/privacy-policy.php

@ kjdemuth: Seriously, what do you think they'd want with your personal files?

Please note that the privacy policy has amendments which is listed on the EULA on the installers of each Comodo product which maybe different than the privacy policy posted on their website. It is recommended to ignore the privacy policy posted on their website and read the ones that are included with each Comodo product.

There are two basic views to consider good and bad:

The good- Comodo is only collecting user data to improve their products and their privacy policy is riddled to protect them legally.

The bad- Comodo is collecting user data to make money, possibly to sell to ad-partners, their privacy policy is riddle to confuse users because they can continue to collect what they want and sell your data to whoever they want to.

There is no proof of either view which leaves it up the the user to decide if they trust or don't trust Comodo.

Looking back at Comodo's other bad actions, it just doesn't look good at all. I don't trust Melih, I believe he cares more about making money than he does about his users. In a way he reminds me of a false prophet leading people astray.

Thanks.

 

[Striker]

The Discussion about this is absolute useless. Better dont trust anybody than, simple. Paranoids all over the World. Privacy simply just dont exist on the Web, thats a fact.

 

[3link9]

I don't trust Melih, I believe he cares more about making money than he does about his users.

I don't fully agree with that statement, If Melih was truly about Money, Comodo and most of its products wouldn't be free.
He also tries to be the cheapest of everyone else but he does push things like Geekbuddy and charge an arm and a leg for the smallest problems, But hey, hes a typical business guy, No different then anyone else.

 

[MalwareVirus]

What i can say on this all thread ,it brings the fact that everyone should know not only about comodo but about all the softwares.You can easily point out about microsoft too but it is only our faith on these vendors that we are using these softwares now.Recent eg. Window 8 backdoor by Germen Gov.

 

[aztony]

When you untick all the objects, the "agree and install button" is greyed out, unable to click upon, normally, refusing to agree by canceling, would not install the product. To me, this is a little shady.. First time i have ever felt this way about anything they have done, but yes, i do feel that way now.

+1 I can confirm this very thing happened with me tonite. Got a msg in the GUI that an update was ready for download. Did so, when I unchecked the box to change my home page 'agree and install' tab grayed out. I hit cancel and was prompted to reboot anyway. Very annoying.

 

[kjdemuth]

I think the problem is with the vague description of the policy. IP is personal information, legally speaking. So they can say they have personal information on you which may be sold or used any other way. But that personal information might be just IP and non-personally-identifying statistics. The problem is this "might", or "might not" be.

Read, if you will:
http://www.comodo.com/repository/privacy-policy.php

@ kjdemuth: Seriously, what do you think they'd want with your personal files?

Please note that the privacy policy has amendments which is listed on the EULA on the installers of each Comodo product which maybe different than the privacy policy posted on their website. It is recommended to ignore the privacy policy posted on their website and read the ones that are included with each Comodo product.

There are two basic views to consider good and bad:

The good- Comodo is only collecting user data to improve their products and their privacy policy is riddled to protect them legally.

The bad- Comodo is collecting user data to make money, possibly to sell to ad-partners, their privacy policy is riddle to confuse users because they can continue to collect what they want and sell your data to whoever they want to.

There is no proof of either view which leaves it up the the user to decide if they trust or don't trust Comodo.

Looking back at Comodo's other bad actions, it just doesn't look good at all. I don't trust Melih, I believe he cares more about making money than he does about his users. In a way he reminds me of a false prophet leading people astray.

Thanks.

What would they want? Lets not be naive. How about for advertising, who you use for a bank, have a mortgage with, what you use for tax software....I'm not saying that they are but why give anyone a reason to be able to look.

 

[Jaspion]

I finally got the "forced" Yahoo/PrivDog thing. It's not forced. But it is a little sneaky if you ask me.

During the program update, a window does come up, with an "Accept and Install" button that grays out if you don't select either PrivDog or changing your homepage to Yahoo. That happens because this window is offering you both products, if you accept neither then there's nothing to agree to install — you already agreed to the installation of CIS/CAV/CFW when you first installed it, now it's just an update and for the program update there's no "Agree and Install" button for that.

If you deselect both, have the said button gray out, and click cancel, you'll cancel PrivDog and Yahoo, but the program update will go smoothly.

So it's not totally absurd, although it's a practice that I cannot condone, because it's misleading.

 

[NSG001]

So it's not totally absurd, although it's a practice that I cannot condone, because it's misleading.

Dumb idiotic coding/designing.
They need to start shaping up, lots of disillusioned people reporting this.