Author Topic: Comodo insecurity suite  (Read 4142 times)

0 Members and 1 Guest are viewing this topic.

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35167
Comodo insecurity suite
« on: Wednesday, 03 February, 2016 @ 11:47:12 »
Quote
Google calls out Comodo's Chromodo Chrome-knockoff as insecure crapware
Installed it for free? Costs the same to uninstall it

Google security boffins have thrown the book at Comodo for turning off Chrome security...  users who install Comodo Internet Security may not realize that their Chrome installation is replaced with Comodo's own browser, Chromodo.

That little bit of crapware isn't secure at all: it's set as the default browser, and "all shortcuts are replaced with Chromodo links and all settings, cookies, etc are imported from Chrome. They also hijack DNS settings, among other shady practices," Google's Tavis Ormandy notes.

Chromodo is promoted as a "private browser" on Comodo's website, but it's not only not private, it's not remotely safe to use.
http://www.theregister.co.uk/2016/02/02/google_disses_chromodo/

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35167
Re: Comodo insecurity suite
« Reply #1 on: Friday, 19 February, 2016 @ 21:53:28 »
Quote
When installing Comodo Anti-Virus, Comodo Firewall, or Comodo Internet Security on a Windows PC, you'll get a program called GeekBuddy, which Comodo staff can use to carry out remote technical support on people's PCs (in exchange for money).

GeekBuddy allows this by installing a VNC server that has admin-level privileges, is enabled by default, and is open to the local network. At one point the server had no password protection at all – so anyone could connect and commandeer a system. That was fixed by enabling password protection, although Ormandy discovered the passwords were predictable.

If you're running Comodo's software, [then] malware on your PC,  miscreants on your network, or perhaps anyone on the internet, could have potentially gained control over your computer.
http://www.theregister.co.uk/2016/02/18/comodo_flaw/


A patch was issued about a week ago so it should be safe(r) to use now, but it doesn't look good for Comodo (or their users)
« Last Edit: Wednesday, 16 March, 2016 @ 00:32:29 by Maik »