Comodo Group

Comodo Group
Comodo Group, Inc
Type Private company
Industry Computer security, Internet security
Founded 1998
Headquarters Jersey City, New Jersey, USA
Key people President & CEO: Melih Abdulhayoğlu
Employees 600+
Website comodo.com

Comodo Group, Inc. is a privately held group of companies providing computer software and SSL digital certificates, based in Jersey City, New Jersey, in the United States. It has offices in United Kingdom, Ukraine, Romania, China, India and Salt Lake City, Utah.

Contents

History

The company was founded in 1998, by Comodo CEO, Melih Abdulhayoğlu, based on his experience at University of Bradford.[1]

Products

The Comodo companies offer many free products through their website, available for public download.[2] Most notable of Comodo's free products is the Comodo Internet Security freeware program, incorporating Comodo's firewall, Comodo Firewall Pro, Host Intrusion Prevention System and antivirus.[3]

Other Comodo branded freeware security tools include an anti-malware tool, and a memory firewall, free software that protects against over 90% of buffer overflow attacks.[4] For an additional fee, Comodo product users can subscribe to Comodo's computer cleaning and optimizing services for real-time computer assistance.

Comodo also offers a free registry cleaner program, now included within the Comodo System Cleaner.[5]

Comodo EasyVPN is a virtual private network (VPN).

Comodo SecureEmail incorporates a patent-pending technology[citation needed] allowing S/MIME email users to send emails to any email user without exchanging keys beforehand. The product comes in both a limited free version and a more functional professional release.

Freeware products

Name Description
Comodo AntiSpam Anti-spam software
Comodo Antivirus Antivirus for Windows
Comodo AV Scanner Online anti-malware scan
Comodo Backup Backs up files
Comodo BoClean Detects and removes rootkits, hijackers, keyloggers, trojans
Comodo Disk Encryption
Comodo Dragon Customized version of Chromium web browser with security improvements to help protect users
Comodo EasyVPN with Instant Messaging
Comodo Firewall Personal firewall
Comodo Free SSL Certificate Secure sockets layer functionality to secure websites
Comodo Internet Security Integrated antivirus, HIPS, firewall
Comodo iVault Safe, encrypted storage of confidential information
Comodo Memory Firewall Protects against buffer-overflow attacks
Comodo PCI Scanning
Comodo SecureEmail Encrypts and digitally signs email
Comodo System-Cleaner System cleaner and tweaker
Comodo Time Machine Saves/recovers instant system snapshots
Comodo VerificationEngine Verifies legitimate web sites from fraudulent ones

Business Products

Comodo is a certificate authority, and is the second-largest issuer of business-validated certificates.[6] Comodo's certificate profile includes Organization Validation (OV) certificates, Domain Validation (DV) certificates, Extended Validation Certificate (EV SSL) certificates,[7] Multi-Domain certificates, Unified Communications certificates,[8][9] email certificates and code signing certificates. Comodo CA undergoes an annual WebTrust audit by Ernst & Young.[10]

SecureEmail Pro allows businesses to send encrypted or digitally signed emails with more control over their digital certificates than SecureEmail freeware. Comodo Certificate Manager allows IT departments to deploy and administer digital certificates centrally and remotely.

Comodo CA is an Approved Scanning Vendor that offers PCI scanning services to help merchants who take credit cards to comply with PCI DSS regulations.[11] Comodo also offers HackerProof, which is a daily vulnerability scanning solution. A logo is placed on third parties websites that show if they meet Comodo's HackerProof scans.

Comodo has offered Usertrust since early in 2008 as a customer feedback platform for online merchants. Usertrust gives merchants a clearer picture of how they can serve their customers better by offering transaction evaluation and feedback services.[12]

Symantec vs. Comodo

In response to Symantec's comment over the effectiveness of free Antivirus software, on September 18, 2010, the CEO of the Comodo group Melih Abdulhayoğlu challenged Symantec to see which products can defend the consumer better against malware.[13] Symantec, the producer of Norton AntiVirus, has responded that such direct tests are unnecessary: "Norton is included in a variety of independent, third-party tests from testing labs like AV-Test and AV Comparatives. We encourage Comodo to contact these testing labs if they are interested in having their product included in these tests."[14]

On 29 September 2010, Neil J. Rubenking, the lead analyst for security of PC Magazine, published an article on Comodo Antivirus 5.0 that included a comparative chart.[15][16] Rubenking concluded that Comodo Antivirus 5.0 blocked a higher percentage of malware than Norton AntiVirus, but was less effective than the Norton solution when it came to malware removal. Rubenking's review also noted that the Comodo malware blocking gave a number of false positives which he felt tarnished Comodo's results.

Breach of security

"This is a nightmare scenario. You have to trust the companies selling these certificates and if we can't, then all bets are off."
Mikko Hyppönen, head of research at F-Secure[17]

On March 15, 2011, Comodo reported that a user account with an affiliate registration authority had been compromised which was used to create a new user account that issued nine certificate signing requests.[18] Nine certificates for seven domains were issued: mail.google.com, login.live.com, www.google.com, login.yahoo.com (three certificates), login.skype.com, addons.mozilla.org, and global trustee.[18] The attack was traced to IP address 212.95.136.18, which originates in Tehran, Iran.[18] Though Comodo initially reported the breach was the result of a "state-driven attack", it subsequently stated that the origin of the attack may be the "result of an attacker attempting to lay a false trail."[19][18]

The breach, which has been called "comodogate" by some[20] has been widely reported, and has led to criticism of how certificates are issued and revoked.[21][22][23][24]

All of the certificates have been revoked.[18] Microsoft has issued a security advisory and update to address the issue.[25][26]

On March 26, 2011, a person under the username "ComodoHacker" made several posts to Pastebin.com claiming to be an Iranian responsible for the attacks.[27][28]

References

  1. ^ "Layered security and rise of “Social Authentication” and “Social Protection”". Network Products Guide Executive Interviews. Network Products Guide. 18 December 2010. http://www.networkproductsguide.com/features/622008102101.html. Retrieved 25 December 2010. 
  2. ^ "Best Free Windows 7 / Vista 64-bit Software". Gizmo's Freeware. 2 December 2010. http://www.techsupportalert.com/content/best-free-vista-64-bit-software.htm. Retrieved 25 December 2010. 
  3. ^ "Proactive Security Challenge: Results and comments". matousec.com. Difinex Ltd. http://www.matousec.com/projects/proactive-security-challenge/results.php. Retrieved 25 December 2010. 
  4. ^ "Prevent Buffer Overflow Attack with Comodo Memory Firewall". TechMixer. 26 September 2008. http://www.techmixer.com/prevent-buffer-overflow-attack-with-comodo-memory-firewall/. Retrieved 25 December 2010. 
  5. ^ Gralla, Preston (2 December 2008). "Comodo Registry Cleaner (PCWorld)". PC World Australia. IDG Communications. http://www.pcworld.idg.com.au/index.php/taxid;2109929404;pid;7064;pt;1. Retrieved 25 December 2010. 
  6. ^ Tubanos, Anastasia (25 November 2008). "Comodo Second in EV SSL Market". THE WHIR. Web Host Industry Review. http://www.thewhir.com/web-hosting-news/112508_Comodo_Second_in_EV_SSL_Market. Retrieved 25 December 2010. 
  7. ^ Abdulhayoglu, Melih (December 2008). "Extended validation and online security: EV SSL gets the green light". (IN)SECURE Magazine (Help Net Security) (19): pp. 41 – 44. http://www.net-security.org/dl/insecure/INSECURE-Mag-19.pdf. Retrieved 25 December 2010.  (Mirror)
  8. ^ Comodo Unified Communications Certificates (Yahoo.com)[dead link]
  9. ^ "Unified Communications Certificate Partners for Exchange Server and for Communications Server (Revision 5.2)". Microsoft Support. Microsoft Corporation. 15 April 2008. http://support.microsoft.com/kb/929395. Retrieved 25 December 2010. 
  10. ^ Walker, Bryan (5 December 2006). "Introduction to WebTrust for Certification Authorities – WebTrust for Extended Validation Audit Criteria" (PDF). New Assurance Services Group. http://www.cabforum.org/WebTrustAuditGuidelines-Draft.pdf. Retrieved 25 December 2010. 
  11. ^ "Comodo Improves HackerGuardian PCI Scanning Tool". 1888 Press Release Software News. Newark, New Jersey: 1888 Press Release. 16 October 2008. http://www.1888pressrelease.com/comodo-improves-hackerguardian-pci-scanning-tool-pr-78693.html. Retrieved 25 December 2010. 
  12. ^ Justin, Lee (20 February 2008). "Comodo Launches UserTrust Program". THE WHIR. Web Host Industry Review. http://www.thewhir.com/web-hosting-news/022008_Comodo_Launches_UserTrust_Program. Retrieved 25 December 2010. 
  13. ^ Abdulhayoğlu, Melih (18 September 2010). "Challenge to Symantec from Comodo CEO!". Comodo Group. http://www.melih.com/2010/09/18/challenge-to-symantec-from-comodo-ceo/. Retrieved 22 September 2010. 
  14. ^ Rubenking, Neil J. (22 September 2010). "Comodo Challenges Symantec to Antivirus Showdown". PC Magazine. Ziff Davis, Inc.. http://www.pcmag.com/article2/0,2817,2369524,00.asp. Retrieved 22 September 2010. 
  15. ^ Rubenking, Neil J. (29 September 2010). "Comodo Antivirus 5.0". PC Magazine. Ziff Davis, Inc.. http://www.pcmag.com/article2/0,2817,2369897,00.asp. Retrieved 29 September 2010. 
  16. ^ "Comodo Antivirus 5.0 malware blocking chart". PC Magazine. Ziff Davis, Inc.. 29 September 2010. http://www.pcmag.com/image_popup/0,1871,iid=270708,00.asp. Retrieved 29 September 2010. 
  17. ^ Rhoads, Christopher (March 24, 2011). "Web Firm Suspects Iran Hacked Into It" (Wall Street Journal). The Wall Street Journal. http://online.wsj.com/article/SB10001424052748703362904576219321279603988.html. Retrieved 2011-03-24. 
  18. ^ a b c d e "Report of incident on 15-MAR-2011". Comodo group. https://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html. Retrieved 2011-03-24. 
  19. ^ Hallam-Baker, Phillip (March 23, 2011). "The Recent RA Compromise". Comodo Blog. http://blogs.comodo.com/it-security/data-security/the-recent-ca-compromise/. Retrieved 2011-03-24. 
  20. ^ "Rogue SSL certificates ("case comodogate")". F-secure. March 23, 2011. http://www.f-secure.com/weblog/archives/00002128.html. Retrieved 2011-03-24. 
  21. ^ Eckersley, Peter (March 23, 2011). "Iranian hackers obtain fraudulent HTTPS certificates: How close to a Web security meltdown did we get?". EFF. https://www.eff.org/deeplinks/2011/03/iranian-hackers-obtain-fraudulent-https. Retrieved 2011-03-24. 
  22. ^ "Iran accused in 'dire' net security attack" (BBC). BBC News. March 24, 2011. http://www.bbc.co.uk/news/technology-12847072. Retrieved 2011-03-24. 
  23. ^ "Detecting Certificate Authority compromises and web browser collusion". TOR. March 22, 2011. https://blog.torproject.org/blog/detecting-certificate-authority-compromises-and-web-browser-collusion. Retrieved 2011-03-24. 
  24. ^ "Google, Yahoo, Skype targeted in attack linked to Iran". CNET. March 23, 2011. http://news.cnet.com/8301-31921_3-20046340-281.html. Retrieved 2011-03-24. 
  25. ^ "Microsoft Security Advisory (2524375)" (Microsoft). March 23, 2011. http://www.microsoft.com/technet/security/advisory/2524375.mspx. Retrieved 2011-03-24. 
  26. ^ "Microsoft Security Advisory: Fraudulent Digital Certificates could allow spoofing". Microsoft. March 23, 2011. http://support.microsoft.com/kb/2524375. Retrieved 2011-03-24. 
  27. ^ Bright, Peter (March 28, 2011). "Independent Iranian Hacker Claims Responsibility for Comodo Hack" (WIRED). http://www.wired.com/threatlevel/2011/03/comodo_hack/. Retrieved 2011-03-29. 
  28. ^ "ComodoHacker's Pastebin". http://pastebin.com/u/ComodoHacker. 

External links


Wikimedia Foundation. 2010.

Игры ⚽ Поможем написать курсовую

Look at other dictionaries:

  • Comodo Group — …   Википедия

  • Comodo Internet Security — version 5.8 Pro on Windows 7 …   Wikipedia

  • Comodo Dragon — Comodo Dragon …   Википедия

  • Comodo Dragon (web browser) — Comodo Dragon Comodo Dragon 14.1.1 on Windows 7 …   Wikipedia

  • Comodo Internet Security — Comodo Internet Security …   Википедия

  • COMODO Cleaning Essentials — Скриншот главного окна программы Тип Антивирусное программное обеспечение Разработчик Comodo Group …   Википедия

  • Comodo Firewall Pro — Entwickler: Comodo Group Aktuelle Version: 3.8.65951.477 (Internet Security) (26. Februar 2009) Betriebssystem: Microsoft Windows Kategorie …   Deutsch Wikipedia

  • Comodo Time Machine — Comodo Time Machine …   Википедия

  • Comodo Unite — Comodo Unite …   Википедия

  • Comodo Internet Security — Entwickler Comodo Group Aktuelle Version 5.5.195786.1383 (Internet Security) (4. Juli 2011) Betriebssystem Microsoft Windows Kategorie Firewall …   Deutsch Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”