Comodo's 'security' kit installed a lame VNC server on PCs on the sly Google's Project Zero has found yet another blunder in Comodo's internet "security" software – a VNC server enabled by default with a predictable password. Earlier this month, Googler Tavis Ormandy pointed out that Comodo's custom web browser, dubbed Chromodo, was about as unsafe as a lace condom thanks to terrible security …
Even though I have never allowed PrivDog, Chromium or GeekBuddy to install themselves when I installed their AV and Internet *cough* Security suite, I no longer trust Comodo to have my back when it comes to my digital security.
Add on top of this their problems with digital certificates back in 2011, they are more than welcome to go sodomise themselves with a length of barbed wire.
No security software is far better than this piece of crap. At least by going bare, the user would be a bit more cautious rather than relying on the AV to protect them.
Really, remote support should be relayed through an SSH connection with the support person sending their public key to the user to be supported. The support application would then add that to the authorized_users file, which is normally left completely blank. The support certificate would be created by a CA set up for that purpose and its public key added to the AV product. This way, the VNC server remains fully secure until its needed, and when they do connect, bot ends can be validated. No passwords to deal with, just secure connections. And the certificate the support person is using could be made single-use by revoking it once the end user confirms the ticket is closed and the issue fixed.
I can't imagine the kind of internal management structure that could give rise to such shit.
Actually, I can, but it's for 6-people startups of pimply-faced nerds plus a freshly-baked CEO with delusions of adequacy.
How can I trust any certchain with "COMODO" certs near the root?
Well, at least you get a "free trust logo" with your horribly expensive SSL cert.
Any IT security technician knows you never leave any program or application on the PC that is not needed. When installing Comodo's firewall, I always uninstall the ridiculous Geek Buddy. Say what you will about Comodo's products, but their Dragon browser is the most reliable browser I've used in Vista x64, and easily outperforms them all. On newer MS OSs, not so much. Also where are you going to find a free firewall that passes all GRC leak tests. Last I checked ,On-Line Armor isn't free any more. I trust Zone Alarm even less that Comodo's firewall. So there you have it, their certificate system and anti-virus suck, but we still need some of the other things they provide.
With all the news about AV products revealing the stupendous stupidity that is lurking in their code, it would seem that Microsoft's Windows Firewall is actually not a bad product - provided you don't poke it full of holes with some so-called "security suite".
So Comodo joins the Symantec club of AV products I will never use. Another tear is shed on what Comodo used to be before it bloated itself beyond all usefulness. And life goes on.
I have to admit they shit the bed on there geekbuddy system. I like the firewall and av but there geekbuddy vnc thing has been an issue since like 2007 or 08. It's our responsibility as users to maybe port scan and test our shine new security package?!?! They make littleraly zero effort to hide the vnc server so if you are concerned you should uninstall it. It's kinda funny though, the people most likely not to understand what is happening here are the ones more likely to need geekbuddy and more likely to get hacked in the first place lol.
Recently, it was reported by Google Security that there might be a small local vulnerability in Comodo GeekBuddy that allowed a local attacker to gain another locally logged-on user’s privilege.
The minor potential vulnerability was fixed and addressed back on February 10, prior to it being made public by Google Security.
https://blog.comodo.com/comodo-news/10747/
Recently, it was reported by Google Security that there might be a small local vulnerability in Comodo GeekBuddy that allowed a local attacker to gain another locally logged-on user’s privilege.
The minor potential vulnerability was fixed and addressed back on February 10, prior to it being made public by Google Security.
Small? Local? Logged-on user's privilege?
From the article:GeekBuddy allows this by installing a VNC server that has admin-level privileges, is enabled by default, and is open to the local network.
Looks more like anyone on local network can get admin (not just logged-on user) privileges and depending on their router configuration the vulnerability could be open to the internet.
Bit more than "minor potential vulnerability".
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
