How to clear Comodo's Trusted Vendor List

[Deleted member 178]

for the ones who didnt know it, if you think the Trusted vendor List of comodo is too huge or not so safe; this is what you need to do:

1. Go to the CIS install directory and open the 'database' folder:
C:\Program Files\COMODO\COMODO Internet Security\database

2. Now, delete the file named "vendor.n". Alternatively, create a fake file with the same name (you can use Notepad) and replace it.

Repeat this whenever the program is updated.

 

[D Bone]

RE: how to clear the Trusted Vendor List

Why would someone need to do this? I would hope that Comodo knows what they're doing?

 

[Deleted member 178]

RE: how to clear the Trusted Vendor List

because if you go on Comodo "submit vendor" page on their official forum, you will see that they allow many many unknown and useless vendors (like the Uniblue drama for Avira) , it happens in the past they trusted a vendor who finally was flagged as untrustful (if not malicious, forgot the name of that vendor).

 

[HeffeD]

RE: how to clear the Trusted Vendor List

To the best of my knowledge, there have never been any malicious applications discovered that are on the whitelist. The ones people are flagging have been more of the gray area type applications, such as rogues. Possibly questionable marketing techniques, but not harmful.

 

[Deleted member 178]

RE: how to clear the Trusted Vendor List

The ones people are flagging have been more of the gray area type applications, such as rogues. Possibly questionable marketing techniques, but not harmful.

that is the problem, rogues should not be in the trusted list !

you surely know that the main wish for CIS 6 is a tweaking option for the vendor list (like selecting the one we want and deleting the others), many comodo users complains about it. im still astonished by how fast a unknown vendor is added to that list ^^ (even if comodo team check it before, but sometimes i feel they are overwhelmed by the number of submissions)

 

[HeffeD]

RE: how to clear the Trusted Vendor List

I think part of the problem is that everyones definition of a rogue is different. I personally consider a rogue to be a piece of software that will run a bogus scan and tell you that you have hundreds of issues to fix and want you to purchase the software to fix them. Basically asking you to pay for useless software by using scare tactics. Or software that will adversely affect your systems performance.

However, I've seen people classify software that runs a valid scan but then asks for money to make the repairs as a rogue. I definitely don't like that type of software, but it is actual valid, working software. There was a discussion about a registry cleaner on the whitelist a few months ago that was this type of software. LanGuy was calling it a rogue, yet Umesh (developer at Comodo) personally checked it out and it was completely legit, it just had a pretty aggressive marketing strategy.

As I mentioned before, it's a bit of a gray area...

That said, I've never been happy with the way the trusted vendor list functions. Some of my earliest posts on the Comodo forums are in regards to the fact that I'm not happy with Comodo putting things on my trusted software vendors list. After all, it is called My Trusted Software Vendors! How could I possibly trust a vendor that I've never even heard of? I really don't care if someone else uses their software and trusts it. It's all about who I trust. And the fact that vendors removed from the list are automatically replaced is head scratcher. Ummmm... I took that off for a reason, don't keep putting it back...

This was years ago of course, and there have been no changes. In fact, the TVL is growing at an astonishing rate! I have high hopes for version 6, but I'm not holding my breath... :s

I understand Comodo's concept behind it. Too many people want the security a HIPS provides, but then they scream that the HIPS is too chatty. Ummmm.... That is what a HIPS does! Any software that tries to do something on your computer must be approved by the user. If you can't deal with that, then perhaps a HIPS isn't for you... So the TVL is an attempt to quiet down the complaints by putting every developer possible on the list.

The TVL definitely has its uses, so deleting it entirely isn't a very enticing option. I just wish the list was more user configurable.

Edit: typos...

 

[Deleted member 178]

RE: how to clear the Trusted Vendor List

we agree, but clearing it is the only available fast option (i dont have time to delete every vendor one by one ^^)

ah v6 sound like the St. Graal ^^ lot of hope...

 

[D Bone]

RE: how to clear the Trusted Vendor List

Wow, I had no idea. I don't want to have to edit my security software that's for sure.

 

[HeffeD]

RE: how to clear the Trusted Vendor List

You don't need to edit anything...

 

[bogdan]

Comodo should allow users to edit the TVL. Some users might want to allow only vendors they trust.

 

[Deleted member 178]

Comodo should allow users to edit the TVL. Some users might want to allow only vendors they trust.

it is the one of the most wished feature asked for CIS v6

 

[HeffeD]

Comodo should allow users to edit the TVL. Some users might want to allow only vendors they trust.

Yep.

However, it's not the security hole that some people seem to think it is...

 

[Valentin N]

I have suggested that comodo should have two TVL, one that has the essential vendor, such ast ATI, AMD, Nvidia and so on, and the other should be apart of the cloud (lets call it Cloud TVL) and be optional.

 

[HeffeD]

It doesn't even need to be as complex as that. Just a users list and the list that Comodo provides. That way, the users that enjoy the convenience of every vendor under the sun is happy, as are the users that prefer just the bare essentials on their list.

 

[bogdan]

It might not be a big security risk but it would be nice for future versions of CIS to have this feature. It is the same flawed notion of "trust" that is forced on us by registration agencies giving away certificates -> they are telling us who we must trust.

 

[HeffeD]

It might not be a big security risk but it would be nice for future versions of CIS to have this feature.

Absolutely! As I've already mentioned, I've been wishing for something like this for years. More user control is always a good thing.

 

[Jack]

I see that in Comodo Cleaning Essentials you can manage the Trusted Vendors ...

Doesn't CIS have the same option?

 

[Deleted member 178]

yes CIS has the same too but you must select them one by one if you want remove them... more tweaking will be more convenient like "remove all" or "add from file" etc.

does anyone know any of the vendors in the screenshots? ^^ and the first one really look like a malware name ^^