back to article Comodo's 'security' kit installed a lame VNC server on PCs on the sly

Google's Project Zero has found yet another blunder in Comodo's internet "security" software – a VNC server enabled by default with a predictable password. Earlier this month, Googler Tavis Ormandy pointed out that Comodo's custom web browser, dubbed Chromodo, was about as unsafe as a lace condom thanks to terrible security …

  1. Keef

    Their slogan:

    Creating Trust Online

    At least I got to have a giggle at something tonight.

    Not that it's funny really, but you know...

    1. David 132 Silver badge
      Facepalm

      Re: Their slogan:

      Cratering Trust Online

      FIFY.

  2. MrDamage

    3 strikes and you're out.

    Even though I have never allowed PrivDog, Chromium or GeekBuddy to install themselves when I installed their AV and Internet *cough* Security suite, I no longer trust Comodo to have my back when it comes to my digital security.

    Add on top of this their problems with digital certificates back in 2011, they are more than welcome to go sodomise themselves with a length of barbed wire.

  3. Crazy Operations Guy Silver badge

    Upgrade by uninstalling

    No security software is far better than this piece of crap. At least by going bare, the user would be a bit more cautious rather than relying on the AV to protect them.

    Really, remote support should be relayed through an SSH connection with the support person sending their public key to the user to be supported. The support application would then add that to the authorized_users file, which is normally left completely blank. The support certificate would be created by a CA set up for that purpose and its public key added to the AV product. This way, the VNC server remains fully secure until its needed, and when they do connect, bot ends can be validated. No passwords to deal with, just secure connections. And the certificate the support person is using could be made single-use by revoking it once the end user confirms the ticket is closed and the issue fixed.

  4. Anonymous Coward
    Anonymous Coward

    When Commode goes bust...

    These software geniuses will start programming self-driving cars.

    WE'RE ALL GONNA DIE.

    1. channel extended
      Trollface

      Re: When Commode goes bust...

      Nah, they'll all go work for Adobe. Again.

  5. Destroy All Monsters Silver badge
    Facepalm

    How junior do you need to be....?

    I can't imagine the kind of internal management structure that could give rise to such shit.

    Actually, I can, but it's for 6-people startups of pimply-faced nerds plus a freshly-baked CEO with delusions of adequacy.

    How can I trust any certchain with "COMODO" certs near the root?

    Well, at least you get a "free trust logo" with your horribly expensive SSL cert.

    1. Robert Moore

      Re: How junior do you need to be....?

      Well, at least you get a "TRUST FREE logo" with your horribly expensive SSL cert.

      FTFY!

  6. JCitizen Bronze badge
    Coffee/keyboard

    I never install Geek Buddy..

    Any IT security technician knows you never leave any program or application on the PC that is not needed. When installing Comodo's firewall, I always uninstall the ridiculous Geek Buddy. Say what you will about Comodo's products, but their Dragon browser is the most reliable browser I've used in Vista x64, and easily outperforms them all. On newer MS OSs, not so much. Also where are you going to find a free firewall that passes all GRC leak tests. Last I checked ,On-Line Armor isn't free any more. I trust Zone Alarm even less that Comodo's firewall. So there you have it, their certificate system and anti-virus suck, but we still need some of the other things they provide.

  7. Pascal Monett Silver badge

    Well whaddya know ?

    With all the news about AV products revealing the stupendous stupidity that is lurking in their code, it would seem that Microsoft's Windows Firewall is actually not a bad product - provided you don't poke it full of holes with some so-called "security suite".

    So Comodo joins the Symantec club of AV products I will never use. Another tear is shed on what Comodo used to be before it bloated itself beyond all usefulness. And life goes on.

  8. Nerunexus

    What's up with you all?

    I have to admit they shit the bed on there geekbuddy system. I like the firewall and av but there geekbuddy vnc thing has been an issue since like 2007 or 08. It's our responsibility as users to maybe port scan and test our shine new security package?!?! They make littleraly zero effort to hide the vnc server so if you are concerned you should uninstall it. It's kinda funny though, the people most likely not to understand what is happening here are the ones more likely to need geekbuddy and more likely to get hacked in the first place lol.

    1. Destroy All Monsters Silver badge
      FAIL

      Re: What's up with you all?

      It's our responsibility as users to maybe port scan and test our shine new security package?!?!

      It's also our responsibility to test our yogurth for Anthrax.

      NO, FUCK YOU!

  9. scudcraft

    Very likely not a blunder, but a business plan. Comodo's been sliding bad actors into their products for years.

  10. Sandtitz Silver badge

    GeekBuddy?

    Is it related to BonziBuddy? Seems about as useful.

  11. DannyOfComodo
    Thumb Up

    Already Fixed And Adressed

    Recently, it was reported by Google Security that there might be a small local vulnerability in Comodo GeekBuddy that allowed a local attacker to gain another locally logged-on user’s privilege.

    The minor potential vulnerability was fixed and addressed back on February 10, prior to it being made public by Google Security.

    https://blog.comodo.com/comodo-news/10747/

    1. Down not across

      Re: Already Fixed And Adressed

      Recently, it was reported by Google Security that there might be a small local vulnerability in Comodo GeekBuddy that allowed a local attacker to gain another locally logged-on user’s privilege.

      The minor potential vulnerability was fixed and addressed back on February 10, prior to it being made public by Google Security.

      Small? Local? Logged-on user's privilege?

      From the article:

      GeekBuddy allows this by installing a VNC server that has admin-level privileges, is enabled by default, and is open to the local network.

      Looks more like anyone on local network can get admin (not just logged-on user) privileges and depending on their router configuration the vulnerability could be open to the internet.

      Bit more than "minor potential vulnerability".

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020