PrivDog Compromises Your Security

[Petrovic]

The aftermath of the Superfish scandal, which saw Lenovo hauled over the coals for installing adware on many of its laptops, has thrown up a new threat. PrivDog, which replaces random ads on websites with ads from “trusted sources,” could be putting thousands of users at risk of hacking.

In order to replace ads on secure websites, PrivDog installs a self-generated root certificate and works as a man-in-the-middle proxy. This certificate is trusted by browsers, which means it would be possible for a hacker to issue their own certificate, which PrivDog would then copy, leading to the browser accepting rather than rejecting it as it would had PrivDog not been present.

This issue was discovered on Hacker News when a user running the test for Superfish discovered he was at risk due to having PrivDog installed instead. It’s thought around 57,000 users are at risk from PrivDog, which is closely linked to security software Comodo, with versions 3.0.96.0 and 3.0.97.0 affected. The company has already issued an update fixing the affected versions of PrivDog.

Full Article

 

[Kent]

Why Comodo why ? The most unfaithful priv"Dog" ever

 

[frogboy]

This was posted yesterday here http://malwaretips.com/threads/privdog-is-superfish-all-over-again.42720/#post-352893

 

[Tony Cole]

I really do not know why people bother with Comodo - this is the reason I do not trust free software. They always say "you get what you pay for, if something sounds too good, it usually is!"

 

[omidomi]

i remove comodo dragon from my laptop.

 

[Nico@FMA]

Well one could say that me and several other have been saying this all along.
I remember myself saying several times that Comodo products are not as good as advertised and that there are some shady things going on.
But then again the average Comodo fanboy tried their hardest to make me feel bad about my words.
In the end if a product claims epic hips, then you have to ask yourself are they talking about shakira hips? or some technology that looks good on paper (as granted their feature list looks impressive) yet even their basic firewall module is far from industry grade despite testing results.
Same goes for their other products, their idea's are great their actual results not so.
But thats why i am a comodo hater according to some, good side is that this article proofs exactly what i have been saying for years.

 

[Infrared]

Some crazy stuff now, That just goes to show you not many companies you can trust.

 

[Tony Cole]

That is why I like Kaspersky, there are no such things as adverts and possible adware. Melih will come up with some answer about how Privdog replaces malicious ads with their own. Personally, who wants that, I certainly would not! It’s about time Comodo was abandoned, just like most of his ideas….

 

[LabZero]

OK,we all know the story : a Comodo Registration Authority has been compromised,has anyone produced certificate requests that have been processed (in part Comodo does not know it) by issuing certificates.The problem has been detected and the certificates have been revoked.
All that most users this doesn't know it!

 

[ZypKode]

I really do not know why people bother with Comodo - this is the reason I do not trust free software. They always say "you get what you pay for, if something sounds too good, it usually is!"

I read somewhere that When the Product is Free.The Product is You.