Google calls out Comodo's Chromodo Chrome-knockoff as insecure crapware

[Solarquest]

Content source

http://www.theregister.co.uk/2016/02/02/google_disses_chromodo/

Installed it for free? Costs the same to uninstall it
2 Feb 2016 at 21:06, Richard Chirgwin
Google security boffins have thrown the book at Comodo for turning off Chrome security.

As explained in this advisory today, users who install Comodo Internet Security may not realize that their Chrome installation is replaced with Comodo's own browser, Chromodo.


That little bit of crapware isn't secure at all: it's set as the default browser, and "all shortcuts are replaced with Chromodo links and all settings, cookies, etc are imported from Chrome. They also hijack DNS settings, among other shady practices," Google's Tavis Ormandy notes.

Chromodo is promoted as a "private browser" on Comodo's website, but it's not only not private, it's not remotely safe to use, because it also disables Chrome's same-origin policy.

The same-origin policy enforces a rule that one script can only access data in another script if they're both from the same site. Without it, users are exposed to malicious sites sniffing private data.

Google went public with the feature bug because Comodo was unresponsive, we're told.

It's not the first time Comodo's been called out for crapware. In 2015, its PrivDog browser was slapped down by the US Department of Homeland Security for man-in-the-middling users' SSL sessions.

Given that Comodo is also a certificate authority, bypassing end user security is a serious breach of trust. If you've got Comodo's browser installed on your machine, get rid of it. ®

 

[Deleted member 178]

That is a big slap on Melhi's face

I'm not surprised at all. more and more comodo goes down , i gave a last chance to Comodo, had to spent hours to make CIS very very secured, seems to be worked, just to find out that all my tweaks were gone few days after because a bug. Comodo should stop making crapwares and 100% focuses on CIS, fixing cross-versions bugs and flaws.

 

[Deleted member 178]

Seems comodo's forum mods locked threads about the topic and Melhi , out of the blue, posted a thread about Google removing adblockers extensions from their store

 

[Atlas147]

Well if the glove fits...

Honestly a pretty stupid move on comodo's part, unsure if this was a bug or something intentional, whatever the case Comodo lacks beta testers or else this probably wouldn't have happened. Especially that Comodo is a security based company

 

[Deleted member 178]

Well if the glove fits...

Honestly a pretty stupid move on comodo's part, unsure if this was a bug or something intentional, whatever the case Comodo lacks beta testers or else this probably wouldn't have happened. Especially that Comodo is a security based company

Comodo doesn't lack of Beta-testers, they have plenty of guinea pigs, all of them are mostly fanboys, unfortunately for Comodo , many of them have no clues about security, they just install CIS, follow some guides written in the some forums and after get amazed by their new "aptitudes" then fall in love with Comodo and claims to be Comodo experts, and deny every flaws/bugs real experts show them ...

 

[Deleted member 178]

Haha, the beauty of censorship .

i wouldn't call it censorship since the posts are not deleted , i was pointing a extremely opportunistic coincidence between the Google's criticism then Melhi's post few days after.
Not saying i corrected a wrong information about Adguard being removed from Google Store.

 

[Deleted member 2913]

At one time I was using 4-5 Comodo software. Then it came down to 1 i.e CIS. Then to 0 & wait for CCAV. Now after CCAV poor release with much hype it seems a good strong security software is not their cup of tea i.e look at Norton, Kaspersky, etc... they have good layered effective & easy tech implemented. And Comodo hides behind AutoSandbox...remove the sandbox & the software will fall like house of cards...just AutoSandbox & nothing good for protection in Comodo software & that too not easy to use/not for everyone.

Now my visits to Comodo forums will be next to none...precious online time saved there.

 

[hjlbx]

COMODO Engineering stated they were investigating.

Guess they didn't investigate.

LOL...

 

[Deleted member 2913]

COMODO Engineering stated they were investigating.

Guess they didn't investigate.

LOL...

You mean Chromodo issue.

After look at Umbra posted screenshot I checked at Comodo forums & they mentioned its been fixed & update was issued.

 

[Deleted member 178]

Honestly what was the goal of making both Chromodo and Dragon...? one is enough, they should merge both browsers into one.

 

[Soulbound]

I will be the devil's advocate here. Comodo is not the only one that should be called out, but most other chromium browsers that claim to be secure.

DNS highjacking? sure if you do not know what your doing, you can claim that.

Was chromodo a good project? It worked for some users. Some fanboys loved it while had no idea what was under the hood.

Does Comodo focuses its time in developing and improving one solution? No they don't but at the same time, chromium project is Open Source. Was to be expected Comodo would try to develop something with more security in mind.

Not to say Chromodo is perfect nor the way it is installed in the system, but to be honest, if Google is going to call out on one, should call out on all others. Just install the so called "secure" chromium clones and look under the hood.

 

[Deleted member 178]

The problem is not that they do, but the way they do. It is like all comodo abandoned softwares, introduced with lot of bling and applause then fell to the dark few months later.

Comodo should focus on one or two products and makes them rock-solid; then everybody will be happy.

 

[hjlbx]

You mean Chromodo issue.

After look at Umbra posted screenshot I checked at Comodo forums & they mentioned its been fixed & update was issued.

I did not know that since I do not participate at COMODO forum much any more.

 

[davetenay]

I totally agree with Umbra about Comodo. The biggest problem is the way they do everything. A lot of hype around their new projects, fanboys who celebrate before those projects are even released in beta, if you show any kind of criticism you risk to be banned from their forum and so on.
Look at the new "awesome" CCAV for example: at the end it is just pure sandbox. Its detection is horrible, consumes a lot of bandwith and is very slow compared to other pure cloud solutions. Its strongest and most advertized feature should have been the Valkyrie automatic check up, but there is no sign of that. I asked about Valkyrie integration on their forum two times and nobody answered (I guess they realized that they couldn't implement it properly and silently abandoned the project).

 

[upnorth]

Not the first time Comodo get's trashed...starts from 5:15.

 

[jamescv7]

Obssessed in providing strong features for prevention mechanism but not interestedto fix the flaws? Very illogical output.

 

[Soulbound]

Not the first time Comodo get's trashed...starts from 5:15.

What happened to comodo? Nothing <-- that sums it up for what happened until 2011.

That is what happens when you have a CEO which needs more knowledge. That is all i can say about that video.

Something new? No.

Did comodo learn since 2011? yeah they did, but then fanboy base just grew as said before: they have tons of testers who have no idea about fundamentals of security.