Comodo Group

Comodo Group, Inc. is a privately held group of companies providing good computer software and SSL digital certificates , based in Clifton, New Jersey in the United States . It has international offices in the United Kingdom, Japan, China, India, Romania, Turkey and The Philippines. [2] As of 3 February 2017, Comodo is the largest issuer of SSL certificates with a 44% market share on 13.9% of all web domains. [3]

History

The company was founded in 1998 in the United Kingdom, [1] by Melih Abdulhayoğlu , who remains its CEO. The company relocated to the United States in 2004. Its product line is focused on computer and internet security. The firm operates a Certificate Authority that issues SSL certificates, and offers information security products for both enterprises and secure endpoints, networks and boundaries against cyber threats using cloud-based offerings. [4] The company also helped to set the Internet Standards Task Force ( IETF ) Certification Authority Authority Authorization (CAA) Resource Record. [5]

Companies

  • Comodo CA Limited : Based in City of Salford , Greater Manchester , UK, [6] is a digital certificate authority that issues SSL and other digital certificates. According to W3Techs.com, Comodo is the largest digital certificate provider. [7] [8]
  • Comodo Security Solutions, Inc . : Based in Clifton, NJ, develops and markets security software for commercial and consumer use. This includes web site vulnerability and penetration scanning, corporate and consumer security systems and other networks security products. Comodo AntiVirus Labs supports all versions of their security systems. [9]
  • DNS.com : Based in Louisville, Kentucky , the company provides DNS services. [10]

Products

Consumer Security Products

  • Comodo Internet Security (CIS) is a suite of security products for the desktop, provided with additional features available for a fee. [11] Support requires a subscription. It includes a personal firewall , Host-based intrusion detection system and antivirus program . [12]
  • Comodo Antivirus – A free Antivirus product that supports all major OS including Mac, (from OS X 10.4), [13] Linux (from Ubuntu 12.04) [14] and Windows (from XP S2, including Windows 10). [15]
  • Comodo Mobile Security – A free Android application that protects mobile devices against viruses, worms and scripts. In addition, it also features SMS & Call Blocking, a software & process manager, data and apps backup and data traffic Monitor.
  • Comodo email certificate – S / MIME-enabling certificates, for personal use, per-year fee for corporate use. [16]

Enterprise Products – Digital Certificates and Certificate Management

  • Comodo SSL – Comodo was founded as a Certificate Authority selling Comodo SSL and digital certificates. Its primary source of revenue comes from related products to business and enterprises. [17] Related E-Commerce products include PCI Compliance Scanning and Web Site Vulnerability Scanning.
  • Comodo Certificate Manager (CCM) is a cloud-based digital certificate management product allowing companies to manage certificates. [18]

Enterprise Products – Security

  • Comodo Advanced Endpoint Protection (AEP) provides next-generation endpoint protection, combining Comodo Client Security, ITSM, and Valkyrie file analysis. [19]
  • Valkyrie Cloud File Analysis Platform – The Valkyrie cloud-based file analysis platform
  • Comodo Client Security is the client application used by AEP to provide endpoint security.
  • IT and Security Manager (ITSM) – ITSM is the management console used by AEP, providing a single consolidated management of IT and IT solutions. It allows for the configuration of security policies and visibility into the security posture and health of enterprise endpoints (PCs and mobile devices).
  • Comodo Dome (cDome Shield, cDome Enterprise, cDome Data Protection) – a family of products providing a secure web-based platform providing various security functions including web security, anti-spam, secure VPN, and next generation firewall. [20] In May 2014, the Comodo Group acquired MyDLP , an open source data loss prevention system and integrated functionality Comodo Dome Data Protection.
  • Comodo Securebox was released in July 2014 and was jointly developed with Western Union with the intention of solving the problem of the application of such transactions. Securebox containment technology protects the application and its activities even if the computer is infected with malware [21] [22]
  • Comodo Mobile Device Management – Comodo MDM software could be called a powerful tool in the hands of IT administrators. Using this tool they can manage and maintain the security of a large number of mobile devices, both of which are part of a corporate network. [23] [24]
  • Comodo cWatch a breach prevention and threat detection managed by SaaS.
  • Comodo Korugan – In 2014 Comodo introduced the Korugan line of Unified Threat Management Appliances that provide a bundle of network security solutions such as firewall, gateway antivirus and end security management. [25] [26]

Web browsers offered by Comodo

  • Comodo Dragon – A Chromium -based browser with enhanced privacy and security [27]
  • Comodo IceDragon – a Firefox -based browser, both with enhanced privacy and security features

Other Products

  1. Comodo System Utilities – PC Magazine reviewed the product concluding “it is an effective system-enhancing utility that is as potent, if not more so in certain cases, as paid apps”. [28]
  2. SurGate Labs – In 2014 Comodo acquired SurGate Labs, a Turkish Software company that specializes in secure email and messaging systems. SurGate only recently began marketing its products outside of Turkey and Eastern Europe. [29] [30] [31]
  3. Comodo Backup – In 2014 Comodo introduced Secured backup for Online Storage. [32]
  4. Comodo Penetration Testing – Comodo Penetration Tests will identify critical attacks in the network. [33]

Industry affiliations

Comodo is a member of the following industry organizations:

  • Certificate Authority Security Council (CASC): In February 2013, Comodo became a member of this industry advocacy organization dedicated to addressing industry issues and educating the public on internet security. [34] [35]
  • Common Computing Security Standards Forum (CCSF): In 2009 Comodo was a founding member of the CCSF, an industry organization that promotes industry standards that protect end users. Comodo CEO Melih Abdulhayoğlu is considered the founder of the CCSF. [36]
  • CA / Browser Forum : In 2005, Comodo was a founding member of a new consortium of Certificate Authorities and web browser vendors dedicated to Internet standards. [37] [38] Melih Abdulhayoğlu invited top traitor providers and certification authorities to a round table to discuss creation of a central authority responsible for delivering digital certificate issuance best practice guidelines. [39]

Controversies

Symantec

In response to Symantec ‘s comment on the effectiveness of free Antivirus software, on September 18, 2010, the CEO of the Comodo Group challenged Symantec to see which products can defend the consumer better against malware . [40] GCN’S John Breeden understood Comodo’s stance on free Antivirus software and distressing Symantec: “This is actually a smart smart move based on the previous review of AV performance we’ve done in the GCN Lab. In the past, you have to make a lot of money, and it’s been a long time ago. [41]

Symantec responded by saying that if they are interested they should have their product included. [42]

Comodo volunteered to a Symantec vs. Comodo independent review. [43] Though this showdown did not take place, Comodo did not include AV-Test, [44] PC World, [45] Best Antivirus Reviews, [46] AV-Comparatives, [47] and PC Mag. [48]

Certificate hacking

On March 23, 2011, Comodo has posted postponement That 8 days Earlier, we 15 March 2011, user account with an affiliate registration authority HAD beens Was Compromised and used to create a new user account Issued nine That certificate signing requests . [49] Nine certificates for seven domains were issued. [49] The attack was traced to IP address 212.95.136.18, which originates in Tehran, Iran. [49] Though the report states that the breach is the result of a “state-driven attack”, it is stated that the origin of the attack may be the “result of an attacking attempt at a false trail.” [49] [50]

The attack was immediately thwarted, with Comodo revoking all of the bogus certificates. Comodo also stated that it is actively seeking to improve the security of its affiliates. [51]

In an update on March 31, 2011, Comodo stated that it was detected and intruded into a consumer account on March 26, 2011. The new controls implemented by Comodo following the incident on March 15, 2011, removed any risk of the fraudulent issue of certificates. Comodo believed to be the perpetrator of the same incident on March 15, 2011. [52]

In this second incident, Comodo stated, “Our CA infrastructure was not compromised.” “We have not compromised our credentials. [53]

On March 26, 2011, a person under the username “ComodoHacker” made several posts to Pastebin.com claiming to be an Iranian responsible for the attacks. [54] [55]

Such issues have been widely reported, and issued to revoked. [56] [57] [58] [59] As of 2016, all of the certificates remain revoked. [49] Microsoft issued a security advisory and updated the issue at the time of the event. [60] [61]

Such attacks are not unique to any particular country, but they are so many of these entities, all of which are deemed to be inevitable. [62]

Association with PrivDog

In February 2015, Comodo was associated with a man-in-the-middle as well as PrivDog, which claims to protect users against malicious advertising. [63]

PrivDog issued a statement on February 23, 2015, saying, “A minor intermittent defect has been detected in a third party library used by the PrivDog standalone application which potentially affects a very small number of users. This potential issue is only present in PrivDog versions, 3.0.96.0 and 3.0.97.0. The potential issue is not present in the PrivDog plug-in that is distributed with Comodo Browsers, and Comodo has not distributed this version to its users. there are potentially a maximum of 6,294 users in the USA and 57,568 users globally that this could potentially impact. The third party library used by PrivDog is not the same third party library used by Superfish….The potential issue has already been corrected. There will be an update tomorrow which will automatically update all 57,568 users of these specific PrivDog versions.” [64]

Certificates issued to known malware

In 2009 Microsoft MVP accused Michael Burgess Comodo of issuing digital certificates. [65]

Comodo responded when notified and revoked the issued certificates that contained the malware rogue. [66]

Chromodo browser, ACL, ASLR, VNC weak authentication

In January 2016, Tavis Ormandy reported that Comodo’s Chromodo browser exhibited a number of vulnerabilities, including disabling of the same-origin policy . [67]

The vulnerability was not in the browser itself, which was based on the open-source code behind Google’s Chrome browser. Rather, the issue was with an add-on. As soon as Comodo became aware of the issue in early February 2016, the company released a statement and a fix: “As an industry, software in general is always being updated, patched, fixed, addressed, improved – it goes hand in hand with any development cycle … What is critical in software development is how to address an issue if a certain vulnerability is found? Those using Chromodo immediately received an update. [68] The Chromodo browser was subsequently discontinued by Comodo.

Ormandy noted that Comodo received a “Excellence in Information Security Testing” award from Verizon despite the vulnerability in its browser, despite having its VNC delivered with a default of weak authentication, and despite using access control lists (ACLs) throughout its product. Ormandy has the opinion that Verizon’s certification methodology is at fault here. [69]

Let’s Encrypt trademark registration application

In October 2015, Comodo Applied for “Let’s Encrypt”, “Comodo Let’s Encrypt”, and “Let’s Encrypt with Comodo” trademarks. [70] [71] [72] These trademark applications were filed almost a year after the Internet Security Research Group, parent organization of Let’s Encrypt , started using the name “Let’s Encrypt” in November 2014, [73] and despite the fact Comodo’s ” “Let’s Encrypt” as a brand.

On June 24, 2016, Comodo posted in their forum that they had filed for “express abandonment” of their trademark applications. [74]

Comodo’s Chief Technical Officer Robin Alden said, “Comodo has filed for express abandonment of the trademark applications of this trademark and is now resolved. We’d like to thank you for your help. ” [75]

Dangling markup injection vulnerability

On July 25, 2016, Matthew Bryant showed Comodo’s website is vulnerable to dangling markup injection and can send emails to system administrators Comodo’s 30-Day PositiveSSL product. [76]

Bryant reached out in June 2016, and on July 25, 2016, Comodo’s Chief Technical Officer Robin Alden has been appointed to the position of the Chief Information Officer. [77]

See also

  • Comparison of antivirus software
  • Comparison of computer viruses
  • Internet Security
  • Antivirus software
  • Comparison of firewalls

References

  1. ^ Jump up to:b “How US entrepreneur’s global internet security firm started life in Bradford” . Telegraph & Argus . Sep 3, 2014 . Retrieved 3 Sep 2014 .
  2. Jump up^ “Comodo Company Locations” . Retrieved 14 August 2015 .
  3. Jump up^ “Usage of SSL certificate authorities for websites” . W3Techs . Retrieved 2017-02-03 .
  4. Jump up^ “Comodo Company Overview” . Retrieved 14 August 2015 .
  5. Jump up^ “DNS Certification Authorization Authority – Comodo” . Retrieved 14 January 2013 .
  6. Jump up^ “Comodo – Contact Us” .
  7. Jump up^ “W3Techs – extensive and reliable web technology surveys” . w3techs.com .
  8. Jump up^ Admin TOA. “- Comodo Named Fastest Growing SSL Certificate Authority” . Turkofamerica.com . Retrieved 2015-03-30 .
  9. Jump up^ “Comodo Security Solutions, Inc.” . Icsalabs.com . Retrieved 2015-03-30.
  10. Jump up^ Joe Callan. “Domainers Magazine – DNS.com: The Next Geo-Targeting Solution – Jul-Aug (Issue 22)” . Domainersmagazine.com . Retrieved 2015-03-30 .
  11. Jump up^ “Comodo Products – PC Security, Security Site, Prevention Software” . comodo.com .
  12. Jump up^ “Proactive Security Challenge: Results and comments” . matousec.com . Difinex Ltd . Retrieved 2010-12-25 .
  13. Jump up^ “Comodo Antivirus for Mac details” . Retrieved 14 August 2015 .
  14. Jump up^ “Antivirus Comodo for linux Overview” . Retrieved 14 August 2015 .
  15. Jump up^ “Antivirus for windows 10” . Retrieved 2010-12-25 .
  16. Jump up^ Comodo free secure email certificate
  17. Jump up^ Natasha Miranda. “How To Get Powerful Website Protection – SSL Certificate” . www.valuewalk.com . Retrieved 22 Dec 2016 .
  18. Jump up^ Linda Musthaler. “Comodo Certificate Manager relieves the burden of managing security certificates manually” . www.networkworld.com . Retrieved 21 Dec 2016 .
  19. Jump up^ Linda Musthaler. “Comodo’s” “default deny” . www.betanews.com . Retrieved 29 Dec 2016 .
  20. Jump up^ Ian Barker. “Comodo Dome delivers cloud-delivered security solution” . www.betanews.com . Retrieved 21 Dec 2016 .
  21. Jump up^ “Comodo SecureBox always assumes the worst to strengthen endpoint security” . BetaNews . Retrieved 2015-03-30 .
  22. Jump up^ “About Comodo Securebox” . Retrieved 14 August 2015 .
  23. Jump up^ “Comodo MDM User Guide” (pdf) . Retrieved 18 May 2016 .
  24. Jump up^ “MDM Comodo End User Guide” (pdf) . Retrieved 20 June 2016 .
  25. Jump up^ “Korugan Unified Threat Management” . MalwareTips.com .
  26. Jump up^ “Failure IT-Tiefenverteidigung: Korugan von COMODO schließt internal and external Sicherheitslücken” . Pressbox.de . Retrieved 2015-03-30 .
  27. Jump up^ Comodo Dragon,Download.com
  28. Jump up^ “Comodo System Utilities Review” . Pcmag.com . Retrieved 2015-03-30.
  29. Jump up^ “SurGate OutlookDAV” . iDNES.cz . 14 June 2014 . Retrieved 2015-03-30 .
  30. Jump up^ “SurGATE Labs yurtdışına açılıyor!” . TeknolojiOku.com . February 4, 2014 . Retrieved 2015-03-30 .
  31. Jump up^ “Surgate Labs” . Surgate.com . Retrieved 2015-03-30 .
  32. Jump up^ “Comodo Backup” . Retrieved 14 August 2015 .
  33. Jump up^ “Comodo Penetration Testing” . Retrieved 11 May 2016 .
  34. Jump up^ Ellen Messmer (14 February 2013). “Multivendor power council formed to address digital certificate issues” . Network World . Archived from the original on 2013-07-28.
  35. Jump up^ “Authentication Security News, Analysis, Discussion, & Community” . Darkreading.com . Retrieved 2015-03-30 .
  36. Jump up^ “SecurityPark” . SecurityPark . Retrieved 2015-03-30 .
  37. Jump up^ “CA / Browser Forum” . Cabforum.org . Retrieved 2013-04-23 .
  38. Jump up^ Wilson, Wilson. “CA / Browser Forum History” (PDF) . DigiCert . Retrieved 2013-04-23 .
  39. Jump up^ “Round Table Industry May 17th 2005 – New York” (pdf) . Retrieved 17 May 2005 .
  40. Jump up^ Abdulhayoğlu, Melih (18 September 2010). “Challenge to Symantec from Comodo CEO” . Comodo Group . Retrieved 2010-09-22 .
  41. Jump up^ John Breeden II. “Is free virus protection inferior?” . gcn.com . Retrieved 23 Dec 2016 .
  42. Jump up^ Rubenking, Neil J. (22 September 2010). “Comodo Challenges Symantec to Antivirus Showdown” . PC Magazine . Ziff Davis, Inc. . Retrieved 2010-09-22 .
  43. Jump up^ “Challenge to Symantec from Comodo CEO!” . Retrieved 23 Dec 2016 .
  44. Jump up^ Ms. Smith. “AV-test Lab tests 16 Linux antivirus products against Windows and Linux malware” . www.networkworld.com . Retrieved 23 Dec 2016 .
  45. Jump up^ Erik Larkin. “Comodo Internet Security Free Antivirus Software” . www.pcworld.com . Retrieved 23 Dec 2016 .
  46. Jump up^ Daniele P. “Comodo 2016 Review: Malware Protection & Online Security” . www.bestantivirus.com . Retrieved 23 Dec 2016 .
  47. Jump up^ “Independent Tests of Anti-Virus Software” . www.av-comparatives.org . Retrieved 23 Dec 2016 .
  48. Jump up^ Neil P. Rubenking. “The Best Free Antivirus Protection of 2016” . www.pcmag.com . Retrieved 23 Dec 2016 .
  49. ^ Jump up to:e “Report of incident is 15-MAR-2011: Update 31-MAR-2011” . Comodo group . Retrieved 2011-03-24 .
  50. Jump up^ Hallam-Baker, Phillip (March 23, 2011). “The Recent RA Compromise” . Comodo Blog . Retrieved 2011-03-24 .
  51. Jump up^ “Iran accused in ‘say’ net security attack ‘ . Retrieved 23 Dec 2016 .
  52. Jump up^ “Update 31-Mar-2011” . Retrieved 23 December 2016 .
  53. Jump up^ “Update 31-Mar-2011” . Retrieved 23 Dec 2016 .
  54. Jump up^ Bright, Peter (28 March 2011). “Independent Iranian Hacker Claims Responsibility for Comodo Hack” (WIRED) . Wired . Retrieved 2011-03-29 .
  55. Jump up^ “ComodoHacker’s Pastebin” . Pastebin.com . Retrieved 2015-03-30 .
  56. Jump up^ Eckersley, Peter (March 23, 2011). “Iranian hackers get fraudulent HTTPS certificates: How to close a web security meltdown did we get?” . EFF . Retrieved 2011-03-24 .
  57. Jump up^ “Iran accused in ‘say’ net security attack ‘ (BBC) . BBC News . March 24, 2011 . Retrieved 2011-03-24 .
  58. Jump up^ “Detecting Certificate Authority compromises and web browser collusion”. TOR . March 22, 2011 . Retrieved 2011-03-24 .
  59. Jump up^ Elinor Mills and Declan McCullagh (March 23, 2011). “Google, Yahoo, Skype targeted in attack linked to Iran” . CNET . Retrieved 2011-03-24 .
  60. Jump up^ “Microsoft Security Advisory (2524375)” (Microsoft) . March 23, 2011 . Retrieved 2011-03-24 .
  61. Jump up^ “Microsoft Security Advisory: Fraudulent Digital Certificates Could Allow Spoofing” . Microsoft . March 23, 2011 . Retrieved 2011-03-24 .
  62. Jump up^ “Iranian Independent Hacker Claims Responsibility for Comodo Hack” . Retrieved 23 Dec 2016 .
  63. Jump up^ http://www.pcworld.com/article/2887632/secure-advertising-tool-privdog-compromises-https-security.html| title = PrivDog Security Advisory (Threat level: LOW) | accessdate = 2016-12 -30
  64. Jump up^ “Private Security Advisory (Threat level: LOW)” . Retrieved 23 Dec 2016.
  65. Jump up^ http://www.cnet.com/forums/discussions/comodo-continue-to-to-issue-certificates-to-known-malware-343022/
  66. Jump up^ “Microsoft MVP Mike Burgess Responds To Comodo’s CEO On Comodo Certificates Issued To Malware Distributors” . Retrieved 23 Dec 2016 .
  67. Jump up^ https://code.google.com/p/google-security-research/issues/detail?id=704| title = Comodo “Chromodo” Disable browser same origin policy, Effectively turning off web security
  68. Jump up^ “Comodo will fix major flaw in knock-off Chrome browser” . Retrieved 23 Dec 2016 .
  69. Jump up^ Why Antivirus Standards of Certification Need to Chang, tripwire, 2016-03-23.
  70. Jump up^ “Trademark Status & Document Retrieval” . tsdr.uspto.gov . Retrieved 2016-06-23 .
  71. Jump up^ “Trademark Status & Document Retrieval” . tsdr.uspto.gov . Retrieved 2016-06-23 .
  72. Jump up^ “Trademark Status & Document Retrieval” . tsdr.uspto.gov . Retrieved 2016-06-23 .
  73. Jump up^ Tsidulko, Joseph. “Let’s Encrypt, A Free And Automated Certificate Authority, Comes Out Of Stealth Mode” . CRN . Retrieved 2016-06-23 .
  74. Jump up^ “Topic: Trademark registration” . Retrieved 2016-06-24 .
  75. Jump up^ “Comodo Stands Down From Trademark Tussle with Let’s Encrypt” . Retrieved 23 Dec 2016 .
  76. Jump up^ “Keeping Positive – Obtaining Arbitrary Wildcard SSL Certificates from Comodo via Dangling Markup Injection” . thehackerblog.com . Retrieved 2016-07-29 .
  77. Jump up^ “Keeping Positive – Obtaining Arbitrary Wildcard SSL Certificates from Comodo via Dangling Markup Injection” . Retrieved 23 Dec 2016 .

Leave a Reply

Your email address will not be published. Required fields are marked *