[ALERT] Can You Trust These Tech Firms?
The Comodo Group is a well-known Internet security company founded in 1998. Its slogan is, “Creating Trust Online.” Comodo actually sells trust - the firm is the world’s largest vendor of digital security certificates, with one-third of the market. But now, Comodo has betrayed every one of its customers. And it’s not the only tech firm that has done so recently. Read on for the surprising details... |
Comodo And Other Untrustworthy Companies
Comodo’s Internet Security Suite installs a customized version of Google’s Chrome browser that breaks one of the cardinal rules of browser security, according to Tavis Ormandy of Google’s Project Zero security research team. Chromodo ignores the industry-standard “same-origin policy” that prevents a script downloaded at one site from modifying another site’s script. So, a malicious script you picked up on a rogue Web site could hack the scripts on your bank’s site, allowing all sorts of mischief.
Chromodo, as this Chromium perversion is called, looks so much like the Chrome browser that users may not even notice the change. Chromodo imports Chrome’s settings, bookmarks, cookies, etc., and replaces Chrome shortcuts and icons with its own. Chromodo also changes a user’s DNS settings to use Comodo’s Secure DNS service.
On February 3, Comodo finally responded publicly to Google’s alert. Comodo says there’s nothing wrong with Chromodo; the culprit was an add-on that was released with Chromodo (released by Comodo, we should note). That add-on has been removed from existing Chromodo installations and future releases.
But this isn’t Comodo’s first sleazy product. In 2015, it promoted a browser called PrivDog which effectively rendered all digital security certificates useless, and installed a proxy server on a user’s machine that enabled “man in the middle” attacks. PrivDog wasn’t developed by Comodo; it’s a product of AdTrustMedia, and its purpose is to replace ads on every Web site with ads from AdTrustMedia.
Interestingly, AdTrustMedia uses nearly the same words to describe PrivDog as Comodo uses to promote Chromodo; both are supposed to provide "... safer, faster and more private web browsing." It’s almost as if Comodo is in partnership with the bad guys. In fact, Ormandy’s last public comment was, “There's plenty of evidence of the shadiness of Chromodo, it gets pushed via the kind of PUP bundler networks that also push winlocker trojans of Indian origin.”
The Rogues' Gallery
At this point, I wouldn’t touch anything bearing Comodo’s name with a 39-and-a-half-foot USB cable. The company that sells trust has lost all trustworthiness. The same goes for AVG, which not long ago sacrificed 9 million users’ security just to promote its brand. (See This Antivirus Plugin Makes You LESS Secure.)
Other security software vendors are on thin ice. Ormandy has found serious flaws in Avast’s Chromium port, Avastium, Malwarebytes Anti-Malware, and the password manager component of Trend Micro AntiVirus. Unlike AVG and Comodo, these companies seem to have made dumb mistakes, not conscious decisions to betray their users. But dumb mistakes are not what I need from a security software supplier.
I also don’t need companies that promote themselves at my expense. Avast does it by inserting its self-promoting email signature in all of my emails by default; never mind that it fouls up my outgoing Gmail messages. I turned off that signature in the General tab of the Avast settings console, but it was re-enabled with the next Avast update.
Microsoft has stopped pushing Windows 10 and is now ramming it down every holdout’s throat. The Windows 10 “time to upgrade” nagware is now a “recommended update,” not merely an “optional” one. Many users have Windows Update configured to install recommended updates automatically along with critical updates. Those users now face a devious popup that offers a false forced choice: “Do you want to upgrade to Windows 10 now, or later tonight?”
If you don’t want to upgrade to Win 10 at all, just click the X button on that popup to close it. Then follow the instructions in my article, Is Microsoft Forcing Windows 10 On You? to put an end to the nagging.
Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 4 Feb 2016
For Fun: Buy Bob a Snickers. |
Prev Article: Geekly Update - 03 February 2016 |
The Top Twenty |
Next Article: Can Online Voting Ever Work? |
There's more reader feedback... See all 32 comments for this article.
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin Subscribe to AskBobRankin Updates: Free Newsletter Copyright © 2005 - Bob Rankin - All Rights Reserved About Us Privacy Policy RSS/XML |
Article information: AskBobRankin -- [ALERT] Can You Trust These Tech Firms? (Posted: 4 Feb 2016)
Source: https://askbobrankin.com/alert_can_you_trust_these_tech_firms.html
Copyright © 2005 - Bob Rankin - All Rights Reserved
Most recent comments on "[ALERT] Can You Trust These Tech Firms?"
(See all 32 comments for this article.)Posted by:
Robert
04 Feb 2016
I hope Comodo's firewall is ok, I have used it 4 years and it seems to work very well.
But why the panic about Avast putting an icon on the bottom of a mail, it shows that the sender has a responsible anti virus or email checker
EDITOR'S NOTE: It's an option in Avast, to add the "signature" to outgoing emails. I've turned it OFF twice, not just because I object to it being there, but because it garbles the message. But Avast keeps turning it back on. It's an annoyance, but I continue to use Avast.
Posted by:
Andy
04 Feb 2016
Just like Robert, I also have Comodo's Firewall.
I hope Bob can set us straight on that, otherwise maybe I'll look for a new Firewall. Over to you Bob!!!
EDITOR'S NOTE: Comodo Firewall may be a great product. But given their repeated underhanded actions, I'm inclined to stay away from anything that produce, for now. I personally do not use or recommend a software firewall, because that function is built into most routers.
Posted by:
Kirk
04 Feb 2016
Thanks Bob, so which antivirus program DO you recommend now? I thought you liked Avast or AVG, can't remember which but sounds like those are a no-no now?
EDITOR'S NOTE: I still use and recommend Avast. The issue I mentioned was not security-related.
Posted by:
Len
04 Feb 2016
Andy says:
Just like Robert, I also have Comodo's Firewall.
I hope Bob can set us straight on that, otherwise maybe I'll look for a new Firewall.
Over to you Bob!!!
I too HAD comodo fw many years ago. And then I read about the issues that comoco had.
It took me three HOURS to finally erase every last vestige of comodo (and it's related malware) from my system.
It can be done but you must check and re-check and double check to make sure all is gone. Use 3 or 4 erase/delete type programs to do this as just like with av sw, not all programs catch all aspects.
Google "comodo sucks" for an eyefull.
BTW, if you're using a router, just make sure you have a really good password. You don't need a software firewall as the router is a hardware firewall . Modems generally don't have firewalls so in that case you would need a sw fw.
Posted by:
Larry
04 Feb 2016
Hey Bob,
Been reading your newsletter for several years, but my first time to write. First, I thank you for all the helpful information you give. I have bought my first Apple computer because of Windows 10. No more Microsoft for me. Really like Windows 7 and will use it as long as I can. Again, thanks for all you do!
Posted by:
Michael
04 Feb 2016
Howdy Bob!
Like some others, I have been running the Comodo Internet Suite (free version(s)) for over 5 years and I have never had any problems with it. I have had Google Chrome for a few years, as well, and no problems encountered. Never even heard of "chromodo" until now.
I have reinstalled CIS a few times, for various reasons like a new computer/hard drive (but *not* due to anything "bad" happening with CIS), and the only browser I have ever seen in CIS is the Comodo Dragon browser, and even that can be easily avoided by making sure to uncheck the box when installing CIS.
I guess this is something that just came up with the new version of CIS(?), since I have yet to see any problems with my systems. Even the updates of CIS have been clean - at least that is what Spybot and Malwarebytes tell me, and continue to tell me.
Thanks for the info, though! I will do some research. as well.
Oh, just a bit more - I, personally, have installed CIS on 7 (seven) currently operating computers (4 desktops and 3 laptops running Win 7 and up) and not even a "badware/badbug burp" from any of them. And all running Spybot and Malwarebytes, as well.
Maybe I'm just "lucky", eh? ;>
Posted by:
g.w.
04 Feb 2016
Wendyl
04 Feb 2016,said Malewarebytes Anti-Malware problem has been fixed. ???
FEBRUARY 1, 2016 | BY MARCIN KLECZYNSKIhttps: //blog.malwarebytes.org/news/2016/02/malwarebytes-anti-malware-vulnerability-disclosure/
"now internally testing a new version (2.2.1) to release in the next 3-4 weeks to patch the additional client-side vulnerabilities."
My (free) version is (2.2.0)
Posted by:
MmeMoxie
05 Feb 2016
MBAM(Malwarebytes) probably "fixed" the issue with the paid version first. It does make sense that the paid customers should be the first to get the most recent updates & fixes. Especially, for those who only have a 1-year license.
I happen to have a Lifetime license. I purchased the MBAM Pro version when it did have a Lifetime license. Less than 6 months after my purchase, ABAM released the Premium version. This is the one that you can only purchase a 1 year coverage.
I must say, Malwarebytes Anti-Malware developers, HONORED the Lifetime license!!! This is rare indeed. I now have the MBAM Premium version, with a Lifetime license.
As for the Windows 10 bothersome nags - I use GWX Control Panel. It really is a blessing and STOPS the nagging, etc.. It is easy to set up and works. It will also, notify you if a Windows Update happens to include some Windows 10 nag updates. I really like that, then I can re-set the Control Panel. :)
Posted by:
Andy
05 Feb 2016
Hi again Bob,
You replied to my last posting about Comodo Firewall.
As I have a router, I turn off the Firewall when I'm at home. However when I have to go to work in one of many schools I teach, I turn it back on before leaving home.
As I need a software Firewall, which would you suggest instead of Comodo?
I have looked at your "Free Firewall Protection" but maybe that is outdated now (2009).
Thanks Bob.
Posted by:
George
05 Feb 2016
Thanks Bob.
Our devices should be more and more just like easy personal appliances, but they are moving in the other direction... just when email is universal and a must-have even for seniors.
Software that forces us to protect against them, make us learn how to avoid their devious options, force us to guard against their automatic renewals and fight to defeat their own fear-tactic ad-spamming pop-ups - this stinks - they sell us out AFTER we have paid full pop and "agreed to" a one-way contract.
Yes, It's time to fight back- but we do not know how and are thus easily outmaneuvered by the thuggish tactics of those who we actually PAY to protect us.
Nobody knows who can be trusted anymore. Imagine a company that sells trust (like security software) yet forces us into automatic multi-year credit card renewals for machines that will likely become lost and forgotten some day.
Posted by:
Ron
05 Feb 2016
Hi Bob,
I am have been using MBAM for some time now and have been happy with it. However, I downloaded AOL Shield. Do I really need this? Will there be conflicts if both of these are running? I also have AVAST free.
EDITOR'S NOTE: Sounds like a "too many cooks" situation there. I would drop the AOL Shield.
Posted by:
Randy
06 Feb 2016
Bob:
I enjoy your articles. Keep up the good work.
Based on your advice, I began using Avast about a month ago and I'm having the same problem with the unwanted outgoing email tag, despite turning it off in the options. If Avast's updates are responsible for changing the options, I think this is a breach of trust. What can we do to get Avast to stop changing our options with each update?
Lastly, I do have a small complaint for you and hope you can do something about it. I know you have to put advertisements in your articles to help with revenue, but lately I'm having trouble. You see, I read your articles on my iPad and the screen keeps jumping around and resizing as the ads load and change. The ads that show up at the bottom of the screen seem to be the worst offenders and sometimes are double-layered. I can close some of them, but not all of them. Every time I scroll the screen everything jumps around and resizes. It is quite unnerving and makes reading your excellent material much more difficult.
Posted by:
treebinky
06 Feb 2016
Can't say I'm happy with the Avast issue, but it is a small one. I don't mind having the logo on my email. However, if I were unhappy with it, I just bought the Avast Internet Security package for a year. Bought it cause I thought that would be better than the free version. Now I don't know if I want to keep it and move to yet another product, or stay with Avast. I don't trust that there will be any completely sin free company out there. That being said if I change products, I will again and again, as there will be something found that makes each unsavory.
Posted by:
Gina
07 Feb 2016
I have malwarebytes, deleted Avast over 2 years ago because it kept 'advertising' at me:) Figured something was wrong there, so out it went.
My question about MalwareBytes, should we uninstall it? I have replacements that run in the background and only run it maybe once a month, if that. But then again, I do not keep sensitive information on the same system I use for the internet - safer that way rather than trying to stay ahead of the scammers and hackers.
Posted by:
Bob Greene
07 Feb 2016
One of your better columns-- reader response is clearly so positive because you have hit an important user concern. Defense against malware is critically important, yet few of the major players are reliable enough to recommend.
Like many others, I have been curious about Comodo, since Comodo's (free) internet product of firewall, real-time resident protection and system scanner seems capable enough on closer inspection-- if also a bit feature-complex.
And I have found Comodo users quite helpful on user forums, with a great depth of expertise. Nonetheless, I eventually decided on a simpler malware scanner and firewall system, instead.
Since the latest Comodo crisis ia also a management failure, the only solution for Comodo is to clean house of all those involved in past devious schemes, and work hard to recover customer trust.
Posted by:
intelligencia
08 Feb 2016
Hello Mr. Rankin and fellow Rankinites!
I tell ya!
This is a Wonderful article BUT reading it gave me heartburn and a headache!
What with these deceptive security programs and the Microsoft Windows 10 fiasco I AM SO GLAD THAT I SWITCHED TO Linux Mint (17.3) last year.
The Linux Mint Kernel has Nothing to do whatsoever with any of the above-described applications or the Windows Operating System!
GOOD Riddance to ALL!!!
The Linux Mint Distribution (Distro): NO Worries; No Fuss No Muss!
i
Posted by:
Clairvaux
13 Feb 2016
I just checked :
In Avast, Settings / General / Enable Avast email signature is unchecked. Active protection / Mail shield is on.
I sent a mail to myself, and there's no Avast advertisement included. Update is permanent, so I have to assume my setting is not reset by updates.
I have Avast Free Antivirus.
I agree that legitimate software acting as malware / adware is a worrying trend.
To prevent unwanted upgrade to Windows 10, install GWX Control Panel. It's regularly updated, free, legitimate, vetted and endorsed by such reliable experts as Woody Leonhard.
Posted by:
Dan
15 Feb 2016
What flaws if any do you see in the Kasperskys security software?
Posted by:
Bill
16 Feb 2016
Bob,
Thanks for the ongoing advice columns. Your response to Kirk's comment about using Avast was that the issue you mentioned was not security related. In the article you said: "Other security software vendors are on thin ice. Ormandy has found serious flaws in Avast’s Chromium port, Avastium, Malwarebytes Anti-Malware, and..." What is the serious flaw if it is not security related?
Posted by:
Martin B
21 Feb 2016
Has this Chromodo vulnerability been adequately fixed and does it also apply to Comodo's Chromium-based Dragon and Firefox-clone IceDragon?
What is the problem with Chromodo changing DNS settings to Comodo DNS, which are supposed to be more secure than most. IceDragon offers the option to change to Comodo DNS. What are the other most secure DNS?