Saturday, May 31, 2008

Bad Advice from Comodo and Loss of Trust

How does a security vendor lose trust? It likely begins when the company CEO becomes overly defensive and posts rants such the one at the end of this post:
"You know what pisses me off the most: Its ill-informing, mis-informing doing a disservice to users, because of our own agendas!!!! I have no problem with people liking or disliking what we have, we respect opinions, however people in the position to make a difference, abusing the trust that users have bestowed upon them by ill-informing is just plain wrong!!!"
Please pay particular attention to the words in bold in the above quotation while you consider the explanation on the Comodo website for providing a free firewall:
"You must be wondering - how can we stay in business by giving away high quality solutions that all other software vendors sell. Simply, Comodo's main revenue comes from authenticating web business with SSL certificates (e.g. we put the padlock on websites)."
Apparently that source of revenue must not be as lucrative as one might expect since Comodo has found it necessary to add to their revenue base by including the IAC/Ask Toolbar to the most recent version of the firewall.

Circling back to the subject of a vendor losing trust and considering the above text in bold, it seems that Comodo is indeed abusing trust when, in defense of including a toolbar provided by a known adware vendor, they are suggesting that users turn off their antivirus software!
NOTE: This "Toolbar" is being detected by various Anti-virus software as Adware/Malware *THIS IS A FALSE POSTIVE!!!*, There is NO Adware, Spyware etc in this Toolbar WHAT SO EVER. If you are having problems installing the Toolbar, turn off your AV if this is the case.
Edit Note, 04June08:
Comodo Support Forum Moderator deleted the above quote from the linked topic. See the comments for the evolution of this change. Interestingly, as of the last check of Comodo BOClean, Anti-Malware Version 4.26 continues to include both AskJeeves Toolbar and MySearch in the list of Current Covered Malware.
Indeed, Comodo is ill-forming, mis-informing and providing a major disservice to users. As illustrated at Calendar of Updates, when the Comodo toolbar was installed and the toolbar .dll scanned at virustotal and virusscan.jotti, the following were the results:
ASKSBAR.DLL
MD5...: ccc67b6b51bf3b004c6186c2da2faa2e

A-Squared Found Adware.Win32.MySearch.i
ArcaVir Found Adware.Mysearch.I
CAT-QuickHeal 9.50 2008.05.29 AdWare.MySearch.i (Not a Virus)
ClamAV 0.92.1 2008.05.29 Adware.Mysearch-1
Fortinet 3.14.0.0 2008.05.29 Adware/MySearch
Panda 9.0.0.4 2008.05.29 Suspicious file
Sunbelt 3.0.1139.1 2008.05.29 AdWare.Win32.MySearch.i
VBA32 3.12.6.6 2008.05.29 AdWare.Win32.MySearch.i

Everyone must decide for themselves. Personally, any vendor that not only condones but also recommends turning off users' antivirus software and intentionally includes known adware in their software is not one that I trust. As a result, I annotated the Comodo listing in Vista Compatible Firewalls as not recommended.

The full text of Comodo's ill-informing advice which is not only doing a disservice to users, but is also an abuse of trust has been preserved at Info: COMODO SafeSurf Toolbar.

Related Post: Comodo Disappointment

Update 01June08: via Donna at CoU, note that as of the time I checked, even Comodo's BOClean version 4.26 product detects Ask. Preserved at Comodo BOClean Detection of Ask.



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

16 comments:

Anonymous said...

Hi,

My name is Josh. I am known as 3xist on the Comodo Forums, I can see you mentioned my "Red Witting" Relating to False Positives, and the thread I started at the Comodo Forums too "Info: COMODO SafeSurf Toolbar."

I would just like the point out- I am NOT an Comodo Employee. I don't get paid in anyway, So I believe your interpretation is wrong- All Global Moderators on the Comodo Forums are volunteer. We help users in the most friendliest & fundamental ways possible. So "Bad Advice from Comodo and Loss of Trust" is wrong- Because you are relating to what I HAVE SAID- Not Comodo.

Now, Relating to "Turning off AV'S during installation" is NOT in anyway harmful- It is simply a small "suggestion" for those having problems who WANT to install the Toolbar with there AV'S running- Off course, You can enable your AV after installation- TURNING OFF IS TO AVOID POSSIBLE CONFLICTS. That's all. We have also contacted an Security Center about the FP found in SafeSurf Toolbar, and they fixed it immediately.

For those who don't know the SafeSurf Toolbar is powered by COMODO Memory Firewall- Which protects against Buffer Overflow attacks- INSIDE THE BROWSER. Why didn't we implement the full COMODO Memory Firewall into CFP 3 then? Because CMF still has quite a few bugs- Yes, All Software has bugs, But we need to resolve some serious ones. If we were to implement CMF (Whole thing) inro CFP, It would be like transferring bugs- This scenario would be much more serious.

Another reason why we have the Toolbar is for promotional reasons- If you use the Toolbar to search or purchase online, Comodo can get some $$, I see NO harm in this at all- & For all due respect, COMODO Firewall Pro 3 is 100% Free- There is no strip-downed version or whatever.

In the future, YES- CMF will be fully implemented into CFP 3, We have a great support Forum, with friendly users & Global Moderators interacting every day. All questions/concerns relating too the Toolbar can be asked there.

We understand Toolbars do have a history- You CAN opt out SafeSurf during installation- You don't have to install it AT ALL.

I am not trying to create an argument or debate here, This is my personal point off view- But if you believe I am giving bad advice, Deal with me, Not Comodo. I am just an Normal Computer user, Doing Volunteer work & helping in every day situations as much as I can. I have all respect for all options, I hope you can understand.

Thank you for your time.

Best,
Josh. Comodo Global Moderator.

Anonymous said...

Josh,

You totally do mis the point here. Read again above:

"...and intentionally includes known adware in their software is not one that I trust."

On a side note: Comodo does have problems beside that as long as amateurs on behalf of Comodo are allowed giving very bad advice. They will be better of hiring pro's in helping out their public.

panther

Anonymous said...

Reading this Blog entry named "Bad Advice from Comodo and Loss of Trust" I noticed that it got an "Ethics" tag and I got the feeling the author has matured a strong opposition toward Comodo.

While the truth behind this opposition is not revealed in this article(even if I would like to know more about it), I write this comment to point out some contradictory behaviour I noticed in regards to ethics.

I may have mis-interpreted this sentence worded "it seems that Comodo is indeed abusing trust when, in defense of including a toolbar provided by a known adware vendor, they are suggesting that users turn off their antivirus software!".

First and formemost I would like to know if the author of this article considered that optionally deployed toolbar an adware because Ask.com is a known adware vendor, because those multi AV scan results marked it as adware or because the author himself consider sponsored search toolbars as ADWARE.

Is the real nature of that Comodo search toobar to show ADs?

One thing that cannot be misinterpreted is however the author's will of placing the blame on Comodo for that post found on their Forums

I wonded if the author of this article contacted Josh123 (originary author of that post) or 3xist (who edited that post later) to verify if these instructions were written with the intent of "abusing trust" or and I wonder why he did not verify that nor Josh123, nor 3xist are Comodo's employees.

In this regard Comodo Forums Policy states "Forum participants should not impersonate or represent Comodo, its employees or other industry professionals. We have several (well-loved) moderators helping us maintain the forum - and, as well-informed as they may be about Comodo's products and related information, they are not employees of Comodo. If you have questions about a specific user's affiliation with Comodo, please address them to one of the Administrators of the site."

As of 3 June 2008, that Policy was written on August 2006 and was later edited by panic around 20 May 2008 (due time before another related article, Comodo Disappointment was written.


While I respect the blogger disposition toward Comodo I have to admit that IMHO this article is quite lacking in the attempt of provinding informations that could let me agree on that and I guess that ethics tag don't suit this way of addressing facts.

I would expect that the author of this article is going to address all neglected points in order to really provide a service to his readers and dig further in this matter.

Regards,
a Comodo Forum Member

Corrine said...

Hi, Josh.

I know what it is like to be a "volunteer" on a vendor support forum as I was Forum Administrator on the former Lavasoft Support Forums. In that volunteer position, when providing responses on the Lavasoft Support Forums, said responses were indeed taken as representing the views of the company. In fact, I discovered that when I posted on other support forums, what I wrote was read as representing Lavasoft.

With that in mind, I also know that if any of the Lavasoaft volunteers posted any inappropriate responses or misrepresented company information, it would either have been edited or a correction provided by a company employee. Coincidentally, it is well known that Melih is active on the Comodo forums.

Considering that your update to that post included "Added information from our lead firewall developer (egemen).", it is apparent that you do have access to Comodo employees. As a side note, consider also your choice of words. Not "the lead firewall developer" but rather our.

With regard to the toolbar, even Comodo's own product BOClean still lists IAC in the "Current Covered Malware" list at http://www.comodo.com/boclean/trolist.html.

Josh, in a bold, red font, users were instructed to turn off their A/V software. IMO, this is unconscionable advice by a "Global Moderator" on a security forum.

I will stick by Ben Edelman's analysis of IAC/Ask. Could it be that Comodo's primary business of selling Digital Certificates isn't doing so well if it is necessary to resort to a pre-checked toolbar with a questionable reputation? (See Comodo website and Comodo CEO Melih's explanation.)

Corrine said...

To the anonymous "a Comodo Forum Member":

I believe I have made my points abundantly clear and will not get into a debate on my choice of terminology.

With regard to volunteer responses on a vendor support forum, see my reply to Josh. Further, if Comodo staff had issues with the information provided, it is their responsibility to edit the post or advise users in a responsible manner. It is, after all, their product, their website and support forums, regardless of whether they have paid staff running the forums or volunteers.

An optionally-deployed toolbar is opt-in and is not pre-checked. I again refer readers to Ben Edelman's report on IAC/Ask, linked above. I also refer readers to this Secunia Advisory.

Anonymous said...

Hi Corrine,

I read your reply to John's comment and I started reading "Ben Edelman's analysis of IAC/Ask" article you referenced.

It is quite disappointing to realize that you are still following your original article mood objecting that Forum moderators are to be considered
official Comodo representatives and that Melih Abdulhayoglu has to "proofread" every post made by volunteers.

This is expecially true considering that since comments to this blogs are moderated you had a chance to read Comodo Forums policy which states that moderators are not employees of Comodo and that invites everyone who got questions about a specific user's affiliation to contact an admin.

You never mentioned that part of Josh123 (edited by 3xist on 27 May 2008): "If you have any question's or concern's, Please don't hesitate to PM me." which is unchanged as of 3 June 2008.

You continue saying that "users were instructed to turn off their A/V software" but I don't understand if you misinterpreted the poster advice to disable AV during the installation process of CFP + COMODO SafeSurf Toolbar or you consider that it is absolutely wrong to disable AV even for a moment.

I wonder why you didn't contact 3xist to point out that somenting misleading was written and instead you wrote this article.

In regard of Ben Edelman article you referenced I see the only applicable part would be "Excessive Sponsored Links" that every reader could be able to quantify trying Comodo Search site.

I don't know more that this since you chose to point out nothing more than those elements and you neglected to address specifically what Comodo Safesurf Toolbar really does.

You really make clear your disposition writing "Could it be that Comodo's primary business of selling Digital Certificates isn't doing so well if it is necessary to resort to a pre-checked toolbar with a questionable reputation?"

You say this but I don't know if you intend to make a point that Comodo Safesurf Toolbar search results show an amount of sponsored links you consider questionable or that you cannot consider Comodo Firewall Pro really free if the user can chose to not install that Comodo Safesurf Toolbar or it he can uninstall it later if he didn't opt-out.

I guess I'll have to test this myself, afterall that toolbar can be uninstalled if I don't like it and I can test if the sponsored links are this much of a burden when I choose to use the Comodo Search.

About that Secunia Advisory you referenced, I'm sorry to say I cannot apply that to Comodo Safesurf Toolbar (like Ben Edelman's article it is not specifically tailored againt it) because Comodo Safesurfer toolbar got a Buffer Overflow detection engine borrowed from Comodo Memory Firewall.

It would have been really nice to read somehting about this beforehand if someone specifically addressed it, though.

I have to admit that advertising links are almost everywere on internet and there is also one on this site. IMHO textual advertising or affiliation links are not much of concern to me nor, I have to admit, legit adware apps.

Not long time ago adware apps were installed without user consent and did not have an uninstaller.

In this case it looks that the only scary thing Comodo Safesurf Toolbar does is to show search results with a variable number of sponsored links and like google it adds the "Sponsored Results" heading.

Forgive me if you are willing to consider part of this comment a debate of terminology but since I don't really want to cause misinformation I had to actually add few details to make it easy to point out any error I did or to question my viewpoints.

Taxonomy alone sometimes is not descriptive enough.

Regards,
a Comodo Forum Member

Anonymous said...

I agree with most of Josh's points, perhaps all of them. In addition I am impressed by the fact that Comodo did not conflate its SafeSurf buffer-overrun protector with the dubious toolbar -- each can be uninstalled individually.

But ... the bottom line for me is that a security vendor needs to be above suspicion. Partnering with a company with Ask's reputation among security professionals can only hurt Comodo.

Anonymous said...

Hi Guys,

I respect all off you. Including the author off this post.

I am not a Security Expert- I HONESTLY have nothing to do with Comodo's Employees.

Yes, Josh123 & 3xist are both myn, My Josh123 account got hacked (Personal Reasons). I am a normal computer user like you, I will admit to you now, I am still in School, I appreciate the comments, If ANYONE feels my advice given on the COMODO Forums need to be re-written, Please tell me now- I am not on anyones side, Just a simple Global Mod, Who loves sport and girls :-).

Anyway... I hope I haven't offended anyone. But as soon as I read this blog I was a bit scared because info from me has never been published on the internet- So as a School Kid, I took a step back and posted here.

Again, No offense to anyone. I much appreciate responses. I am learning.

Thank you,
Josh

Anonymous said...

Hi Guys,

I removed the RED Witting and mis information.

I ask the blogger to please re write his blog, With all due respect.

Thanks,
Josh

Corrine said...

Josh,

I edited the post to reflect the change to the forum post. However, there is nothing I can do about Google's cached pages or quotes at other locations, including addendum and ongoing discussions, such as:

"Comodo has been well known to provide software publishing certificates to malware authors such as the WinFixer Group Amaena.com). While the do revoke the certificates when notified, they provide publishing certificates w/o vetting the company. Having malware have a legitimate software publishing certificate is one way to thwart the security in Windows Vista."
Google Groups

Anonymous said...

Hi corrine,

I understand your values & especially your job as a MS Most Valuable Professional.

It was a misunderstanding post, So I deleted the misinformation, & Yes, I know I have nothing to do with any other stuff. Just wanted to get my post sorted.

Thanks,
Josh

Corrine said...

Hi, Josh.

Just to clarify, being a Microsoft MVP is not a job. It is an award from Microsoft. See Microsoft Most Valuable Professionals.

Anonymous said...

I am a member of the Comodo forum. I am not an employee, nor connected with Comodo in any way. I am not a computer "expert," yet I fix them everyday in my work. Comodo's firewall is the best one I have ever used. It is free (no one is holding me down and taking my wallet, like other security software vendors). My job involves a service that is free to the public, yet we have to eat--therefore we sell advertising. The folks at Comodo provide some free security items, along with their regular paid for items. The folks at Comodo have to eat also. So, okay, they want to recoup some of their expenses on their firewall with this gimmick.. This toolbar stuff is much ado about nothing. If you don't want the toolbar don't install it. If you don't want Comodo's firewall don't install it. This seems to be all about "he said this, and he said that..." Tonight I, and others in my profession, are dealing with life and death. I don't see this as being all that relevant.

Anonymous said...

grayhair,

Looks like you missed the point here enterily. Comodo has (in still is) doing business with rogue companies.

No one should ever trust a company persisting in doing so and its software. Please read back all the proof provided over here.

panther

Unknown said...

"I am a member of the Comodo forum. I am not an employee, nor connected with Comodo in any way. I am not a computer "expert," yet I fix them everyday in my work. Comodo's firewall is the best one I have ever used. It is free (no one is holding me down and taking my wallet, like other security software vendors). My job involves a service that is free to the public, yet we have to eat--therefore we sell advertising. The folks at Comodo provide some free security items, along with their regular paid for items. The folks at Comodo have to eat also. So, okay, they want to recoup some of their expenses on their firewall with this gimmick.. This toolbar stuff is much ado about nothing. If you don't want the toolbar don't install it. If you don't want Comodo's firewall don't install it. This seems to be all about "he said this, and he said that..." Tonight I, and others in my profession, are dealing with life and death. I don't see this as being all that relevant.'

Grayhair, I think youj are loosing your marbles.

There is only one reason why Comodo would even countenance a piece of toolbar shit like that in an update (and the update doesn't ask permission), and that Mehli has got himself in too deep; promised what he can't deliver.

Ive been on the forums and a user since the damn thing came around as CPF. But then I watched with intense misgivings as support (real support, like fixing things), dwindled.

I watched with misgivings as I saw Mehli allow "what is the next product we should develope?" on the forums (or even encourgaed or started it).

Real support was replaced by bullshit from unpaid volunteers like yourself who knew sweet-f-all.

I felt ready to heave up my stomach.

There is only one word for it. Meglomania.

The idea was good, the implementation was good, the support was good.

Now we get to the black hole. And Mehli is nowhere to be seen.

He will probably abandon the entire effort, abandon bullshit, and go and live somewhere where people don't know Comodo ever existed.

Rather than telling the truth. But that has always been Mehli's problem. Telling the truth.

Bullshitter supreme, with a good idea, a good heart.

But it isn't enough to wish. You have to deliver. Now he has realised he can't, he's like GONE.

Anonymous said...

I agree Comodo is a joke and I actually think they are a terrorist company seeing all there programs have merely wasited my computer or almost waisted my computer where have to use restore cd's and when asked for help denied sorry can't help you. They create a program without a failsafe backup plan and when program goes south no password resets you ask me there works are to screw peoples computer up and why there is no reset as every other company out there i've seen or tried have a password reset option so your not screwed wow crappy comodo the company who will give you attitude and a head ache and oh yes very non educated help that truly sucks almost like they are complete retards!!!!!!!!!!!! I plan on taking legal action against them. reimbursement for my stress caused.