Privdog is Superfish all over again

Status
Not open for further replies.

Cats-4_Owners-2

Level 39
Verified
Honorary Member
Top Poster
Well-known
Dec 4, 2013
2,800
What is Superfish?

An adware called Superfish is making big waves currently on the Internet after news spread that PC manufacturer Lenovo shipped some -- it is still not clear which devices are affected -- consumer PC models with the software preinstalled.

The core purpose of Superfish is to display advertisement to users based on what they are looking at in web browsers. It injects advertisement on web pages that users visit in browsers.

While that is bad enough, it is only part of the reason why Superfish is universally condemned currently. What is even more problematic than that is that the program installs a root certificate on the system. This is done by the software to gain access to https traffic as well, something which it would not otherwise be capable of.

Source: http://www.ghacks.net/2015/02/20/microsoft-lastpass-and-others-post-solutions-to-handle-superfish/
 
  • Like
Reactions: Kent and Tony Cole

Tony Cole

Level 27
Verified
May 11, 2014
1,639
Thanks for the explanation Cats-4_Owners-2 - hope you and your cats are okay! I would never trust Comodo, especially after this. But then again I am sure Melih will have an answer about how good Privdog is blah, blah, blah!!!! Melih is a bit like a politician, they never answer the question, they always ask another....
 

Janl92l

Level 7
Verified
Nov 7, 2014
339
i dont want to bash comodo now,i have used/tested it since years,started with the amazing! comodo v4/5 i gues. But after all this im done with this company. this privdog "issues" was not the only one in the last years. It was just to much for a security company. i ditch it name for all time now,its just enough Melih,i cant trust ur company anymore and ur "statements" are a big joke. I was a big fan of comodo times ago.
 
  • Like
Reactions: Kent

Cats-4_Owners-2

Level 39
Verified
Honorary Member
Top Poster
Well-known
Dec 4, 2013
2,800
Thanks for the explanation Cats-4_Owners-2 - hope you and your cats are okay! I would never trust Comodo, especially after this. But then again I am sure Melih will have an answer about how good Privdog is blah, blah, blah!!!! Melih is a bit like a politician, they never answer the question, they always ask another....

I'd thought you might have, like myself, filed some of these news details away ..as I'd done with Privdog. Security & privacy should move in the same directions, but advertising (esp. within this online dimension) may be the bane of many previously good ideas & software; and politicians will always generate followers. Cats (on the other hand) may not always follow ones lead, but they are a good example for us all. They march to a different drum, their own, and eat only what's good!:p
They don't like Privdog either..:rolleyes:

Our cats, thank you for asking @Tony Cole, must know it's Springtime because they are unusually happy & all are purring!:D
 
Last edited:
  • Like
Reactions: Kent

Vipersd

Level 6
Verified
Dec 14, 2014
285
So much noise about vulnerability that is fixed and worked on.

Microsoft dragged Windows vulnerability for 19 years and only recently fixed it and I didn't hear so much yelling about it or losing trust in Microsoft. Every software has vulnerabilities it is just question of time to discover them, look at heartbleed bug and others like recently Linux bash shell vulnerability.

And what is this about copy-paste journalism where nobody shows tests and proof of anything to verify what they claim and write.

I wonder who will profit the most from this lies about Comodo, always follow the money trail and you will see who is yelling the Wolf.
 

Enju

Level 9
Verified
Well-known
Jul 16, 2014
443
So much noise about vulnerability that is fixed and worked on.
Looks like we found the fanboy, a fixed vulnerability you say? Comodo intentionally decrypts your https traffic and sends urls plaintext to adtrustmedia (you can find it on Hanno Böcks blog), you call that fixed? They even sell freaking SSL Certificates! Haha, they can't be trusted, they lie about everything and their CEO is a joke.
 
  • Like
Reactions: Cats-4_Owners-2

Vipersd

Level 6
Verified
Dec 14, 2014
285
Actually I don't use any Comodo products currently, loved their Firewall but had some issues with it and I'm using Online Armor for 4 years now, I do have portable Comodo Dragon but haven't used it in months, so I'm hardly the Comodo fan-boy.

Do you think other AV companies are any better and do not intercept and use your data? Every browser has option to send feedback to its maker, many addons are doing the same, it is the way to collect data from user usage of internet to improve their products, some of them strip user ID data before sending report back, some don't do that. Log to Gmail and see what adds Google is offering to you, especially if you constantly browse the internet while loged to Google account.

And what is Verisign (Symantec) doing if not selling SSL certificates?
 

Enju

Level 9
Verified
Well-known
Jul 16, 2014
443
Actually I don't use any Comodo products currently, loved their Firewall but had some issues with it and I'm using Online Armor for 4 years now, I do have portable Comodo Dragon but haven't used it in months, so I'm hardly the Comodo fan-boy.

Do you think other AV companies are any better and do not intercept and use your data? Every browser has option to send feedback to its maker, many addons are doing the same, it is the way to collect data from user usage of internet to improve their products, some of them strip user ID data before sending report back, some don't do that. Log to Gmail and see what adds Google is offering to you, especially if you constantly browse the internet while loged to Google account.

And what is Verisign (Symantec) doing if not selling SSL certificates?
You can disable every call home function of Firefox, Chrome and so on, you also have to manually enable SSL scanning in almost every home user AV software! But oh well, didn't know that Privdog is an Antivirus Software that strips userinformation /s haha.
Selling SSL certificates is no problem, but Comodo is selling them whilst not using any encryption sending your visited URLs (with your data, not striped of it) unencrypted, that is a HUGE problem. Also what does Google have to do with it? They provide other services, not an antivirus.
 
  • Like
Reactions: Cats-4_Owners-2

Nico@FMA

Level 27
Verified
May 11, 2013
1,687
Actually I don't use any Comodo products currently, loved their Firewall but had some issues with it and I'm using Online Armor for 4 years now, I do have portable Comodo Dragon but haven't used it in months, so I'm hardly the Comodo fan-boy.

Do you think other AV companies are any better and do not intercept and use your data? Every browser has option to send feedback to its maker, many addons are doing the same, it is the way to collect data from user usage of internet to improve their products, some of them strip user ID data before sending report back, some don't do that. Log to Gmail and see what adds Google is offering to you, especially if you constantly browse the internet while loged to Google account.

And what is Verisign (Symantec) doing if not selling SSL certificates?

Actually there is a difference between statistic's gathering which is commonly used by most major brands, and then there is statistical gathering or in some cases harvesting.
The case i made when i started on this forum and got myself into a fight with Comodo fanboys, i did proof them that Comodo products are not as free as one would think? They gather so much info and i am not talking about statistical info, they gather creditcard details up to keystrokes.
Obviously this will never be admitted, and neither is there any description in their terms of use.
But external testing and other reliable sources have confirmed beyond the reasonable doubt that Comodo is harvesting huge amounts of data and in return they are able to provide you with free software. So one could say that your online profile is the payment your making to keep their products free. And sure one could make a case about Symantec or some of these other brands, as all of them do statistical data.
Yet the one and only difference is that for example Symantec and Kaspersky (Just to name a few) have a clear written EULA and Privacy policy which states exactly what is going to happen with that data. And if in doubt phone them up and they will spell it out for you.
Comodo does this NOT, Qihoo does this NOT and that other asian AV program does it NOT either.
Look enough bitching about products and such but free is not as free as they do label it. Free can be interpret in many ways yet it really depend on what they consider free and how they formulate that. Same goes for Google... they are probably the worse big data harvesters in the world next to facebook and twitter, yet one needs to realize that they are very open about it, they tell you that your online habits are being stored. Leaving you the choice if you want to use their services or not.
But that's something completely different then claiming: Don't worry we just gather installation statistics and bug reports.... while infact when you have a hot talk to a girl on skype and she says: O hunny bunny let me tell you what cloth i wear, or not wear LOL and suddenly you hear a different voice (third-party) O yes tell me more..

Just saying reports like this proof enough anyone not mature enough to see the implications needs a wake up call.
And by saying this, did you know your online profile is worth anywhere between 5000 euro up to a big fat 50000 euro a person?
If you take these average figures into account, and you look at the services that for example Comodo does provide, then one could make the case that you just did pay 5 grand for a rather so so services as there are much cheaper alternatives that are not free yet with 29 euro a year you got much better protection, kick ass services and no worries about harvesting...

Again some companies do offer free and great products with no or almost no hidden tricks, sadly Comodo is no such company.
I will keep making this case as i know i am right.

Cheers
 

Tony Cole

Level 27
Verified
May 11, 2014
1,639
Hi Nico@FMA I never knew Comodo did all of the above, that surly must be illegal? Thanks for such info, it should be made public that Comodo are doing this as that amount to fraud, he could do some serious damage with such info about individual people!

I am sure Melih and their fans will defend such tactics and try to get way with it, I hope, in time people will find out and see Comodo for what it truly is - a crap, terrible product!
 

DrySun

Level 1
Verified
Jul 8, 2014
23

Linking some sources would help. The only source I found that makes any attempt to figure out what Comodo is doing is http://dottech.org/10032/paying-a-price-to-use-free-software-the-dark-side-of-comodo-products/

The others that talk about it just link to this article. The problem I have with this article is it is pure speculation as to what they are sending to their servers. http://www.wilderssecurity.com/threads/the-dark-side-of-comodo-products.254334/#post-1548425
In that thread the admin of Wilder'sSecurity closes the thread because it is just speculation. I read Comodo's privacy policy and EULA and it doesn't look any different from any other privacy policy and EULA.

they gather creditcard details up to keystrokes.
Where is your proof? If they were collecting keystrokes would the anti keystroke programs not notify you that Comodo is accessing the keyboard?

But external testing and other reliable sources have confirmed beyond the reasonable doubt that Comodo is harvesting huge amounts of data and in return they are able to provide you with free software.
Possibly link us to these reliable sources? If you're so worried about huge data collection then why use Windows? Why use the internet?
 
Last edited:

Vipersd

Level 6
Verified
Dec 14, 2014
285
@ Nico@FMA

That was my point all along. Everybody is doing it, and as Nico@FMA wrote it is only matter how honest this companies are about their privacy policies. It is not the first time nor it will be the last time someone tries to make big money in the grey zone. Calling just one company a big bad wolf one time and then be quiet about it isn't helping if we neglect that others are doing it as well all the time.

I'm going to ask Melih for some lifetime licenses as I'm now certified Comodo fanboy. :D
 
  • Like
Reactions: Kent

Tony Cole

Level 27
Verified
May 11, 2014
1,639
Good luck with that! I use to be on the Comodo forum, but they are just a bunch of idiots, that, when you disagree with something, or have a critical approach towards Comodo they beat you down with a stick. They never listen; even constructive criticism towards Comodo thrown out the window, and Melih is just pathetic, he honestly believes he is always right, and all other companies are wrong. Personally, I believe Kaspersky who has over 300 million customers, knows a lot more than Comodo.
 
  • Like
Reactions: FleischmannTV

Nico@FMA

Level 27
Verified
May 11, 2013
1,687
Linking some sources would help. The only source I found that makes any attempt to figure out what Comodo is doing is http://dottech.org/10032/paying-a-price-to-use-free-software-the-dark-side-of-comodo-products/

The others that talk about it just link to this article. The problem I have with this article is it is pure speculation as to what they are sending to their servers. http://www.wilderssecurity.com/threads/the-dark-side-of-comodo-products.254334/#post-1548425
In that thread the admin of Wilder'sSecurity closes the thread because it is just speculation. I read Comodo's privacy policy and EULA and it doesn't look any different from any other privacy policy and EULA.


Where is your proof? If they were collecting keystrokes would the anti keystroke programs not notify you that Comodo is accessing the keyboard?


Possibly link us to these reliable sources? If you're so worried about huge data collection then why use Windows? Why use the internet?

Hello DrySun,

First of all thank you for your reply, secondly you have not been around here on MT when the whole Comodo fanboy thing started.
If you would have been here then you would know a bit more about Comodo. Comodo staff has repeatedly denied any allegations, while the truth is out there for everyone to see. Now i am not the person to debunk their marketing strategy.
I am just voicing my opinions, my experiences as a computer user and as a professional with many years of experiences (As everyone here can tell you) Its not just my word, but many of MT's best users have similar info that all leads to the same conclusion.
In regards to the EULA of Comodo..its just a piece of paper that means exactly NOTHING.
Yet i am not worried about data collection as everyone does it, the point that i was making is the difference between saying you are NOT but in the background collect all you can. I do not mind data collection as i am well aware that there is no escaping it.
Yet there is a difference between, profiling a client, and store it on a server for your own marketing strategy, or actually using the data in order to generate revenue. Specially the last part is outright harmful.
Now i do not expect you to understand what i am saying but let me try to make a small effort in showing you some stuff:


Information Collection
Personal information is collected from customers only after obtaining consent, which is obtained when customers are prompted for information when subscribing to the services, by using a Comodo website, downloading a product, or requesting further information. Personally-identifiable information is not collected when a user simply browses the website. Comodo may contact customers about offers and opportunities from Comodo or its business partners, to conduct surveys, and gather feedback. This privacy statement does not extend to any information that is beyond the control of Comodo.

In California, IP addresses are considered personally identifiable information.

In the event that third party features and functionalities are incorporated in or made available in or through Comodo products, then the policies of those third parties apply. Please visit each third party’s license agreement and privacy policy to better understand their terms of use and data collection practices.

This comes directly from their online privacy policy. Read the highlighted part.

Re-Targeting
Comodo permits the operation of a retargeting consumer marketing program, including, but not limited to, the provision of anonymous consumer information to a third-party provider of such a program. A link to the Network Advertising Initiative’s consumer opt-out page is located at www.networkadvertising.org/managing/opt_out.asp and allows the consumer to opt-out of such retargeting programs.

This pretty much says it all does it not? Where did they get the data from? How about your Comodo programs, services and other applications? Also may i note that "the provision of anonymous consumer information" is not as anonymous as it sounds? Keep in mind that lets say for example google, uses IP and such do ID you, your pc/network and browser habits (AKA Profile).
So one day you a browsing the internet to buy a new car, next day Google ads show ads about cars based upon your profile.
Comodo does it exactly the same way but then less well documented, and potentially harmful.

Another one is:
Sharing
Comodo will share aggregated demographic and other information with our partners and affiliates. Information provided to Comodo will be protected by Comodo and not sold or rented to any unrelated third parties without the express consent of the information provider (Edit you already gave that when you accepted remember?), except that Comodo may disclose data to its affiliates and business partners who have established similar privacy standards, when legally obligated to do so, or if disclosure is required to protect the rights over Comodo, Comodo's customers, or the users of Comodo's services. Comodo may also share aggregate demographic data that does not contain any personally identifiable information.

Validation is an essential step in receiving a Certificate from Comodo CA. This validation may require verifying your information with a third party as described in the Comodo CPS. Comodo CA may disclose the information provided to the extent necessary to verify the certificate application

So your info will not be shared outside Comodo networks and partners..GREAT.
Problem however is that they do partner up with advertising companies and as such they are allowed to transmit your data.
Thats as far as i go with proving what already is public knowledge.

Its all in the letters...
And i am by no means trying to make Comodo look bad, or single them out..the problem is that everytime on the forum of Comodo things are being subject to censorship and things are being beaten down with a stick when people make up their own mind and encounter problems.
Comodo claims they have the best product in the world and bla bla bla thats all fine.... everyones opinion is theirs right?
But do not say you are not doing anything, and do not claim to keep your clients safe as you are yourself involved in profiling and making money based upon that profile.
Thats the issue.

Just be wise tell the world: Yes we do collect your data, we make money out of it and in return we give you a free product.
But do not hammer down every client who finds evidence of this, or makes a case out of it on their forums.
That being said ask around here on the forum there are many ex comodo users who can tell you their own stories...
This is as far as i go in providing some credible info.

Cheers
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top