Wikileak documents show Governments couldn't penetrate Comodo Internet Security

Status
Not open for further replies.

vivid

Level 5
Verified
Dec 8, 2014
206
Theoretically there are several ways to attack such default deny approach that the government can undertake (easily?) if they want.

1. Steal/Get a bogus certificate. COMODO's trust list contains literally tons of certificates, sometimes I don't even know if they actually check what is on their list. This was what happened to the Bit9 hack incident. COMODO users you can open your trusted certificate list and look at what COMODO has been trusting. I don't think you would know more than 10% of them :D

2. Find a vulnerability/exploit in COMODO itself. I don't really know how well designed is the COMODO code base, so we won't know how easy is this. But with each release fixing 300+ bugs is not helping my confidence.

3. Use a kernel exploit to own practically any security. Not sure how COMODO's new hypervisor based security layer is going to fare against this though, I haven't had the time to test it. This has to be tested in a real system, not VM because of conflicts.
1. Almost every machine is affected by that (human error?). Microsoft is constantly shipping a certificate revocation list (it seems to be used somehow by Comodo).
https://en.wikipedia.org/wiki/Revocation_list
Viruscope technology might come in handy here in the future.
You can find a list of deleted vendors here (which I was able to get by utilizing Wireshark ; not sure if the method is accurate): https://cdn.download.comodo.com/av/tvl/deletedvendors.txt

2. Joxean Koret has performed a recent audit. http://joxeankoret.com/download/breaking_av_software_44con.pdf
There are some minor vulnerabilities regarding Comodo. The number is quite low (lowest?) compared to other vendors.
I've tested some and these appear to be alleviated (although some are still existent). One example is the bzip2 decompresion bomb vulnerability which does not crash the scanner-- instead, the scanner is timed out for approximately 10 minutes and is aborted automatically.
Overall, the new version is better in terms of fixed flaws (although these were not mentioned but discovered by individuals).

3. Does anyone offer such degree of protection for free? I don't know of any.
The number of fixed issues represent the ones in the tracker. If you've noticed, the changelog usually contains issues reported by the community (publicly, privately).
 
Last edited:

Nico@FMA

Level 27
Verified
May 11, 2013
1,687
1. Almost every machine is affected by that (human error?). Microsoft is constantly shipping a certificate revocation list (it seems to be used somehow by Comodo).
https://en.wikipedia.org/wiki/Revocation_list
Viruscope technology might come in handy here in the future.
You can find a list of deleted vendors here (which I was able to get by utilizing Wireshark ; not sure if the method is accurate): https://cdn.download.comodo.com/av/tvl/deletedvendors.txt

2. Joxean Koret has performed a recent audit. http://joxeankoret.com/download/breaking_av_software_44con.pdf
There are some minor vulnerabilities regarding Comodo. The number is quite low (lowest?) compared to other vendors.
I've tested some and these appear to be alleviated (although some are still existent). One example is the bzip2 decompresion bomb vulnerability which does not crash the scanner-- instead, the scanner is timed out for approximately 10 minutes and is aborted automatically.
Overall, the new version is better in terms of fixed flaws (although these were not mentioned but discovered by individuals).

3. Does anyone offer such degree of protection for free? I don't know of any.
The number of fixed issues represent the ones in the tracker. If you've noticed, the changelog usually contains issues reported by the community (publicly, privately).

Let me address your points one by one ok?
1: In terms of the certificate thing, its not Comodo or any brand that is slacking behind as the certificate at its core is pretty much the same.
So the security of such certificate is pretty much ok.
Yet its the infrastructure supporting the Certificate and more specific Comodo its infrastructure is truely bad, no control no restrain nothing.
You can get a certificate just like that no questions asked.
With parties like Verisign this does not happen. And the thing is that Certificates them self as secure as they can be, but the purpose their being used for is another. This is a really big thing i am sure others will explain you.

2: "Joxean Koret has performed a recent audit" Sure whatever. Anyone using Comodo specially the older generation can provide you with a list of exploitable bugs that still at the present day are not fixed, Comodo is so flawed its unreal, now i am not going to advocate other brands, but please take my word for it Comodo equals less then average security.
Looks good on paper, performs crap in real world.

3. "Does anyone offer such degree of protection for free?" maybe not as a single software package, but then again comodo is actually a modular software package and as such it is made out of different addons that fit into eachother and make up one program.
And with that in mind i can come up with at least 10 combo's of free alternatives that do a 100 times better job then Comodo and any computer geek here on MT will agree with that.

My point here is Comodo is a fantastic piece of software it really is, but its just not finished and it never has.
Ask the true Comodo fans that have been supporting Comodo from the first hour (like myself) we all walked away after version 7.
That says alot.

Cheers
 

Tony Cole

Level 27
Thread author
Verified
May 11, 2014
1,639
I actually liked version 5-6 of Comodo and used their internet security suite for a few months, but the reality is that Comodo offers little protection. Look for instance at Kaspersky (which I have used for 5-6yrs) the individual components i.e., file antivirus, anti-spam, mail antivirus, firewall, webcam protection need I list anymore - Comodo offers none of this. The introduction of a web filter which they never update.

As for them to state they can (for free) protect user(s) from government hacking is ridiculous and unfounded.
 

vivid

Level 5
Verified
Dec 8, 2014
206
In order to "address" my points, you have to exemplify. I prefer not to throw with mud at anyone.
I cannot talk about trusted vendors as I did not deal with the whitelisting process and the mentioned infrastructure.

Do prove that I'm wrong with real examples regarding "exploitable bugs".
 

Nico@FMA

Level 27
Verified
May 11, 2013
1,687
In order to "address" my points, you have to exemplify. I prefer not to throw with mud at anyone.
I cannot talk about trusted vendors as I did not deal with the whitelisting process and the mentioned infrastructure.

Do prove that I'm wrong with real examples regarding "exploitable bugs".

You tcan review older Comodo topics, i remember myself proving beyond the reasonable doubt that Comodo is slacking behind by miles, and there are loads of of people including other well known members who did contribute their share to those topic's proving Comodo is bad.
I understand that there are people that are diehard supporters and thats ok.
In the end Comodo is a nice product that in time will earn its place but right now or better said since version 5,6,7 Comodo has lost all its glory and is a mere shadow of what it ones was.

Cheers
 
Last edited by a moderator:
  • Like
Reactions: Kuttz and Tony Cole

Matthews

New Member
Jul 10, 2015
8
COMODO Internet Security proved itself against government malware that it has solid protection and no infection!!! This is what the creator of the malware says according to wikileaks. Nice ! I have been using comodo internet security since they first come on the market and have been very happy it. Now i have it on all our PCs, tablets and mobile devices as well. Great work guys !
 

Anupam

Level 21
Verified
Well-known
Jul 7, 2014
1,017
I don't believe either in WiKi Leak and COMODO. These are special paid promotions.
 

eXPerience

Level 1
Mar 7, 2011
248
Let me address your points one by one ok?
1: In terms of the certificate thing, its not Comodo or any brand that is slacking behind as the certificate at its core is pretty much the same.
So the security of such certificate is pretty much ok.
Yet its the infrastructure supporting the Certificate and more specific Comodo its infrastructure is truely bad, no control no restrain nothing.
You can get a certificate just like that no questions asked.
With parties like Verisign this does not happen. And the thing is that Certificates them self as secure as they can be, but the purpose their being used for is another. This is a really big thing i am sure others will explain you.

2: "Joxean Koret has performed a recent audit" Sure whatever. Anyone using Comodo specially the older generation can provide you with a list of exploitable bugs that still at the present day are not fixed, Comodo is so flawed its unreal, now i am not going to advocate other brands, but please take my word for it Comodo equals less then average security.
Looks good on paper, performs crap in real world.

3. "Does anyone offer such degree of protection for free?" maybe not as a single software package, but then again comodo is actually a modular software package and as such it is made out of different addons that fit into eachother and make up one program.
And with that in mind i can come up with at least 10 combo's of free alternatives that do a 100 times better job then Comodo and any computer geek here on MT will agree with that.

My point here is Comodo is a fantastic piece of software it really is, but its just not finished and it never has.
Ask the true Comodo fans that have been supporting Comodo from the first hour (like myself) we all walked away after version 7.
That says alot.

Cheers
Oh you made it till version 7
 

eXPerience

Level 1
Mar 7, 2011
248
Do you still use Comodo?

I stopped using Comodo Firewall after 3.xx. Version 4 had that terrible red user interface.
Djee, it´s been ages *sigh*. I can´t exactly remember what version I used, but I think it was v4 or v5. But then again, I never got along with Egemen, and knew the problems they were having, so I never felt the need to use it anymore.
 
  • Like
Reactions: Ink

Rolo

Level 18
Verified
Jun 14, 2015
857
Of course it will protect you from malicious logic. What they don't tell you is that it also protects you from non-malicious logic!
I could stop everything too if I didn't care about false positives and, well, using the computer.
I would guess that is why you don't see CIS on the widely-recognised mass-media tests.
 

vivid

Level 5
Verified
Dec 8, 2014
206
Djee, it´s been ages *sigh*. I can´t exactly remember what version I used, but I think it was v4 or v5. But then again, I never got along with Egemen, and knew the problems they were having, so I never felt the need to use it anymore.
What problems?

Of course it will protect you from malicious logic. What they don't tell you is that it also protects you from non-malicious logic!
I could stop everything too if I didn't care about false positives and, well, using the computer.
I would guess that is why you don't see CIS on the widely-recognised mass-media tests.
Makes no sense. Sorry. :rolleyes:
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Its probably a 'lame' excuse where you will complain Comodo due to confusing configuration except bugs of course, which equivalent of not using UAC due to be 'annoying popups'.
 
  • Like
Reactions: darko999
D

Deleted member 2913

Version 8 has improved a lot. I would say good for majority i.e average users with occasional alert now. People watch Youtube tests & say autosandbox protected the system but thats too much popups. In real life scenario on average users system with version 8 default settings its excellent protection with occasional alert. On experts system there would be more alerts & experts can handle those alerts.

I do wish they provide an alert option for autosandbox in settings for expert users. It would be very useful for experts & make things easy.

Way back a user had started a thread on Comodo forum. That on Comodo alert there should be recommendation something like probability if the file is malicious or not based on advanced scans or whatever, etc... to help average users decide to take action on alerts. That would be good instead of random allow/block by average users.
Dont know what happened to Valkrie? It was great technology from Comodo. And was excellent on malware detection old or 0-day. They should have used it with other technology & have Comodo Anti-Malware Network & the result should be shown on alerts. Valkyrie use to show results as Safe/Malicious/Unknown & was excellent at it.

A version with fixes/improvements is going to be released at the end of this month.

Version 9 beta is expected to be released in the initial week of this August. Lets see what all it brings.
 

Rolo

Level 18
Verified
Jun 14, 2015
857
I don't know what was confusing. Claiming to "stop all malware", et. al. is one thing and out of context as it doesn't include false positives, of which there are many. Do that with a minimal, reasonable false-positive rate and you'll have bragging rights.

UAC is annoying and desensitises the user (proof = how many infected PCs with UAC set at default). UAC would be usable with a "remember my response" ability.

Security is always about trade-offs: your goal may be to never, ever be vulnerable to malware at any cost (if that is the case, then why are you running Windows?); my goal is to use my PC effectively without excessive/unnecessary overhead. I would also prefer my executive function be used for less frivolous pursuits. The miniscule increase in security simply isn't worth the hassle in this case.
 
H

hjlbx

On experts system there would be more alerts & experts can handle those alerts.

When you learn how CIS works and how to fully configure it, you do not need all the alerts - and soon disable them.

On "expert's" system there are few, if any, alerts. If there is an alert, something is wrong... :D
 
D

Deleted member 178

When you learn how CIS works and how to fully configure it, you do not need all the alerts - and soon disable them.

but CIS always gives alerts

On "expert's" system there are few, if any, alerts. If there is an alert, something is wrong... :D

true :D

on my systems the only alerts i got are from the firewall after using a new soft
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top