Comodo Antivirus Tech Support Feature Lets Anyone Connect to Your PC
- Thread starter Tempnexus
- Start date
- Status
LOL... 
I knew there was a VNC associated with GeekBuddy, so I never installed it.
Even with the fix - don't install GeekBuddy - nor Chromodo, Dragon or Ice Dragon; a user doesn't need any of them.
A lot of the controversy associated with the above due to dodgy practices.
Other than that, COMODO Internet Security is decent security soft using Proactive Security at default settings.
I knew there was a VNC associated with GeekBuddy, so I never installed it.
Even with the fix - don't install GeekBuddy - nor Chromodo, Dragon or Ice Dragon; a user doesn't need any of them.
A lot of the controversy associated with the above due to dodgy practices.
Other than that, COMODO Internet Security is decent security soft using Proactive Security at default settings.
- May 26, 2014
- 1,339
Another case of antivirus software gone horribly wrong
Google Project Zero security researcher Tavis Ormandy has discovered that one of Comodo's tech support tools packed with many of the company's security products leaves the door open for attackers to connect with admin privileges on the user's PC.
Ormandy noticed users complaining online about a VNC server that started on their Windows systems where they installed Comodo Antivirus, Comodo Firewall, or Comodo Internet Security.
Comodo tech support tool at the core of the problem
The researcher investigated the issue further and discovered that to blame for this problem was a remote desktop tool called GeekBuddy, which Comodo was bundling with its security software.
GeekBuddy was used by its tech support staff to debug problematic computers from afar. The application allowed Comodo staff to connect from remote locations by opening a VNC server on the user's PC.
If the user was connected to the Internet, anyone could access the user's computer using this backdoor. If the computer was offline, anyone could do the same from a local network.
GeekBuddy versions had no password, or used a weak one
In GeekBuddy's first iterations, the tool didn't even include a password, meaning anyone could just connect to the victim's PC using an IP port combination.
Users complained about this problem, and in later GeekBuddy versions, Comodo introduced a password. The Google researcher says that this password is easy to guess, being composed of data stored in each computer's Windows Registry.
"The password is simply the first 8 characters of SHA1 (Disk.Caption+Disk.Signature+Disk.SerialNumber+Disk.TotalTracks)," Ormandy revealed.
Since Comodo installed GeekBuddy with full admin privileges, any attacker connecting through Comodo's support tool would have had full control over the system.
To prove his point, Ormandy provided a simple three-line exploit that discovered a workstation's SHA1 string, cut the first eight digits, and supplied them to the attacker.
The researcher informed Comodo of the issue on January 19, and subsequently released GeekBuddy 4.25.380415.167 to address the reported issues.
Mr. Ormandy had previously probed Comodo's software when it discovered that the antivirus maker was also shipping an insecure version of the Chromium browser, dubbed internally Chromodo. Mr. Ormandy is famous for discovering security issues in many high-profile security companies like Avast, AVG, Malwarebytes, Trend Micro, FireEye, and many others.
Article source
Google Project Zero security researcher Tavis Ormandy has discovered that one of Comodo's tech support tools packed with many of the company's security products leaves the door open for attackers to connect with admin privileges on the user's PC.
Ormandy noticed users complaining online about a VNC server that started on their Windows systems where they installed Comodo Antivirus, Comodo Firewall, or Comodo Internet Security.
Comodo tech support tool at the core of the problem
The researcher investigated the issue further and discovered that to blame for this problem was a remote desktop tool called GeekBuddy, which Comodo was bundling with its security software.
GeekBuddy was used by its tech support staff to debug problematic computers from afar. The application allowed Comodo staff to connect from remote locations by opening a VNC server on the user's PC.
If the user was connected to the Internet, anyone could access the user's computer using this backdoor. If the computer was offline, anyone could do the same from a local network.
GeekBuddy versions had no password, or used a weak one
In GeekBuddy's first iterations, the tool didn't even include a password, meaning anyone could just connect to the victim's PC using an IP port combination.
Users complained about this problem, and in later GeekBuddy versions, Comodo introduced a password. The Google researcher says that this password is easy to guess, being composed of data stored in each computer's Windows Registry.
"The password is simply the first 8 characters of SHA1 (Disk.Caption+Disk.Signature+Disk.SerialNumber+Disk.TotalTracks)," Ormandy revealed.
Since Comodo installed GeekBuddy with full admin privileges, any attacker connecting through Comodo's support tool would have had full control over the system.
To prove his point, Ormandy provided a simple three-line exploit that discovered a workstation's SHA1 string, cut the first eight digits, and supplied them to the attacker.
The researcher informed Comodo of the issue on January 19, and subsequently released GeekBuddy 4.25.380415.167 to address the reported issues.
Mr. Ormandy had previously probed Comodo's software when it discovered that the antivirus maker was also shipping an insecure version of the Chromium browser, dubbed internally Chromodo. Mr. Ormandy is famous for discovering security issues in many high-profile security companies like Avast, AVG, Malwarebytes, Trend Micro, FireEye, and many others.
Article source
Last edited:
- May 26, 2014
- 1,339
Comodo is a joke, I dont know why people still care about this company or their alpha products.
Worse than Superfish? Comodo-affiliated PrivDog compromises web security too
Google calls out Comodo’s secure web browser as anything but | Apps and Software | Geek.com
The Demise of the Antivirus Industry (Kevin McAleavey insights about Comodo's "internal operation")
How the Comodo certificate fraud calls CA trust into question
http://www.fark.com/comments/8610301/Comodo-goes-SuperFishing
There is so much wrong about Comodo that isnt funny, actually the way they develop and abandon software is funny
Worse than Superfish? Comodo-affiliated PrivDog compromises web security too
Google calls out Comodo’s secure web browser as anything but | Apps and Software | Geek.com
The Demise of the Antivirus Industry (Kevin McAleavey insights about Comodo's "internal operation")
How the Comodo certificate fraud calls CA trust into question
http://www.fark.com/comments/8610301/Comodo-goes-SuperFishing
There is so much wrong about Comodo that isnt funny, actually the way they develop and abandon software is funny
Comodo is a joke, I dont know why people still care about this company or their alpha products.
Worse than Superfish? Comodo-affiliated PrivDog compromises web security too
Google calls out Comodo’s secure web browser as anything but | Apps and Software | Geek.com
The Demise of the Antivirus Industry (Kevin McAleavey insights about Comodo's "internal operation")
How the Comodo certificate fraud calls CA trust into question
http://www.fark.com/comments/8610301/Comodo-goes-SuperFishing
There is so much wrong about Comodo that isnt funny, actually the way they develop and abandon software is funny
You will get 1000+ likes from @Umbra for your comments...
- Dec 30, 2012
- 4,809
The irony is that he used to love the product!!You will get 1000+ likes from @Umbra for your comments...
The only redeeming feature about Comodo is that it's "free"
I used to use it years ago when it was somewhat okay,but the product now is unusable,at least for me!!
The irony is that he used to love the product!!
The only redeeming feature about Comodo is that it's "free"
I used to use it years ago when it was somewhat okay,but the product now is unusable,at least for me!!
COMODO needs to fix some long-standing, serious bugs.
If they can accomplish that, then it will be a much better product.
It's not like other vendors haven't experienced the same with their products, it is just that they have somehow managed to fix the reported issues - whereas COMODO has not.
Despite all of this, COMODO in default Proactive Security settings is decent physical system protection.
COMODO & fanboys mis-treated and\or ignored @Umbra, so his attitude toward COMODO, Melih and their products is understandable.
Besides, he sees that COMODO product fixes are much slower than average and the bloat is completely unnecessary.
I think those are his main gripes.
Biggest understatement of the century.Comodo is a joke, I dont know why people still care about this company or their alpha products.
Worse than Superfish? Comodo-affiliated PrivDog compromises web security too
Google calls out Comodo’s secure web browser as anything but | Apps and Software | Geek.com
The Demise of the Antivirus Industry (Kevin McAleavey insights about Comodo's "internal operation")
How the Comodo certificate fraud calls CA trust into question
http://www.fark.com/comments/8610301/Comodo-goes-SuperFishing
There is so much wrong about Comodo that isnt funny, actually the way they develop and abandon software is funny
Honestly, the one software I don't mind using is their firewall. Almost everything else doesn't have my interest.
He is not the only one. Other users speak but get ignored...some even get banned for questioning their methods.
Comodo community is weird...
Comodo and how not to be a fanboy
- May 11, 2014
- 1,639
I got banned and a lot of (well) arrogant comments, I think their forum is byfar the worse. The all think they run the AV/malware world, and Melih is god.
cruelsister has the firewall figured out to where anyone can use it and it is all you could want with her settings, no popups and no infections. Coupled with adguard using her advice and my 4 yr. old twins don't have problems. I don't have to deal with comodo dev. or support ,simple protection must be to boring . It doesn't need micro-managed in my opinion. I rarely open comodo threads anymore unless cruelsister is involved because she is the only one who seems to be able to make it work . The rest seems to be salt in a wound.
- Dec 30, 2012
- 4,809
Indeed!!
A forum administered by "fanboys" that can do no wrong!!
COMODO says some time during 1st quarter 2016.
I say June...
I just can't wait for all the bugs that will be endemic to the "new" version!!
@above
Some like to configure COMODO to "set-and-forget."
However, COMODO attracts some that like to take full advantage of its ability to be tweaked.
There is no right or wrong way to do it.
It depends upon the user's goals and desires - and COMODO can satisfy both.
Some like to configure COMODO to "set-and-forget."
However, COMODO attracts some that like to take full advantage of its ability to be tweaked.
There is no right or wrong way to do it.
It depends upon the user's goals and desires - and COMODO can satisfy both.
exactly !
- no-skill fanboys telling you that what you said i false...
- bugs/flaws present across versions since years...
- bloats coming from the same no-skill fanboys, they have no skills so of course asking for bloat features...
- false promise/announcement of so-called revolutionary products...
- childish reactions from the CEO...
- forum mods locking "embarrassing" topics.
The list is long...
GeekBuddy has been an on-going annoyance, once it was HopSurf, PrivDog and now this. I would applaud Comodo for the discontinuation of GeekBuddy greyware, but I doubt it.
(It's been resolved and can now able to view the forums).
Banned for no reason.
(It's been resolved and can now able to view the forums).
- Sep 22, 2014
- 1,767
- Status
