Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Bug Security

Comodo Antivirus Tech Support Feature Lets Anyone Connect To Your PC (softpedia.com) 33

An anonymous reader writes: Google Project Zero security researcher Tavis Ormandy has discovered that one of Comodo's tech support tools packed with many of the company's security products leaves the door open for attackers to connect with admin privileges on the user's PC. He discovered that to blame for this problem was a remote desktop tool called GeekBuddy, which Comodo was bundling with its security software. This tool either used no password, or used a simple system to create the password which tech support staff would use to connect to user PCs. Ormandy previously discovered a similar issue in Comodo software, related to the company's Chromodo browser.
This discussion has been archived. No new comments can be posted.

Comodo Antivirus Tech Support Feature Lets Anyone Connect To Your PC

Comments Filter:
  • by OOSCARR ( 826638 ) on Saturday February 20, 2016 @06:15AM (#51547751) Homepage Journal
    It's not a bugd, it's a feature!
    • What really grinds my gears is when companies sell you a product that duplicates features that are already built into the Operating System. Why use GeekBuddy, when Windows already has Remote Assistance built right in, and is more secure.

      It boggles the mind!
      • by PRMan ( 959735 )

        Have you tried to use Remote Assistance? Trying to get a non-techie user to set it up so you can get in takes an hour if at all.

        I use Join.me, which people can generally do in about 5 minutes.

      • Perhaps because the developer believe that they can do better than Microsoft. This is something that might not be all that high of a bar to hurdle generally speaking.

  • by Alain Williams ( 2972 ) <addw@phcomp.co.uk> on Saturday February 20, 2016 @06:35AM (#51547793) Homepage

    Comodo Anti-virus on all iPhones, "it is irresponsible of Apple to not protect its users using this fine software" -- next week's news.

  • by Anonymous Coward

    Their certificate booboo wasn't their fault? I don't believe it. They just successfully dodged the blame.

    Instead of a three strikes law against consumers, I want one against obviously incompetent security companies.

  • by Anonymous Coward

    Comodo was also plagued with security issues on both their so called secure browsers based either on Firefox or Chrome. Neither of them stay up to date with the browser versions. I called them out on this a year or more ago. I said, how can you call these browsers secure? When it takes you weeks to update to the latest version release? After a dismal response I decided their motives were not genuine in protecting users. Stay away.

    • by Somebody Is Using My ( 985418 ) on Saturday February 20, 2016 @09:12AM (#51548107) Homepage

      Wasn't there a thing where Comodo was issuing false certificates for Google, Microsoft, etc. too a few years ago? I think their servers got breached too... Oh yeah, there was.

      These guys have repeatedly been in the news for having problems like this. It certainly does not make for a very compelling reason to trust your security to them.

      • Re: (Score:3, Informative)

        by Win0ver ( 613215 )
        They're a scummy company to say the least. They routinely call my company about our 'expiring SSL certificates', trying to make us renew with them, while pretending they issued our current certificates (which they obviously haven't).

        They basically crawl the whole web looking for expiring certificates and call everyone, pretending to be the issuer.

        Telling them to fuck off doesn't do anythying; they're still calling every time we have a certificate due to expire within a few months.

        Oh and they're th
  • by Anonymous Coward

    Comodo's firewall program is pretty nice for blocking things that you don't want to phone home, things that just shouldn't need internet access, or things that you want to disable automatic updates on.

    I've used it for a long time, although after struggling with a recent UI update that made things more naggy and less useful, I recommend searching for "old version" and getting version 5.3.

    One of the things the newer versions nag about is installing the antivirus and "GeekBuddy" crap.

    So, assuming that this sec

  • I don't understand how a company that claims to be in the security business, can screw up so much, and so often, and still be in the security business.

    They severely botched their browser, their support tools, their certificates.... You couldn't trust these people to warm up a pre-cooked hot dog without giving you salmonella.

    It's amazing how instead of taking companies like these to task over their continual screw ups, they are either ignored at best, or rewarded at worst.

"If value corrupts then absolute value corrupts absolutely."

Working...