Is this a serious issue? or not? your views are appreciated.

Melih

Comodo's Hero
Administrator
Comodo's Hero

Offline

Posts: 4748

Is this a serious issue? or not? your views are appreciated.

« on: April 30, 2008, 12:13:42 PM »

I was alerted to this post at wilders

Just wanted to get your views on this.

Is it an important issue?

Does not having enough QA to catch these kind of things from coders is a serious flaw in the development process especially for a "security product"?

thanks

Melih


	Logged

Vettetech

Computer Security Testing Group
Comodo's Hero

Online

Posts: 2130

Re: Is this a serious issue? or not? your views are appreciated.

« Reply #1 on: April 30, 2008, 01:15:59 PM »

Thats a joke...................no wonder OA is losing people. There web site is still wrong also.


	Logged

Little Mac

Global Moderator
Comodo's Hero

Offline

Posts: 5995

Re: Is this a serious issue? or not? your views are appreciated.

« Reply #2 on: April 30, 2008, 01:21:24 PM »

Looks like TallEmu's apologized for it as an inappropriate coding; apparently the user provides b-day info at some point and the app reminds them about it. Doesn't seem it's phoning home, so I would say it's not an issue as relating to security. Annoying and undesirable, perhaps, but not a security issue.

I also note that Stem feels quite strongly about it, and is speaking rather harshly of OA in that regard. I wouldn't get involved, as that would drag Comodo's name into it, and the ripples from the last spat are still being felt... Wink


	Logged

date
dcfldd split=2G conv=noerror hashwindow=0 hash=md5 hashlog=/mnt/sda1/images/hash.log if=/dev/hda of=/mnt/sda1/images/LM.dd
date
cat LM.dd.* | md5sum > verify.log
date

Melih

Comodo's Hero
Administrator
Comodo's Hero

Offline

Posts: 4748

Re: Is this a serious issue? or not? your views are appreciated.

« Reply #3 on: April 30, 2008, 01:28:04 PM »

Is it an alert that gets generated automatically on the date?
or
the user has to do something about it?

thanks
Melih


	Logged

sded

Global Moderator
Comodo's Hero

Online

Posts: 1654

Re: Is this a serious issue? or not? your views are appreciated.

« Reply #4 on: April 30, 2008, 01:40:14 PM »

I don't think Stem has much of a sense of humor, based on previous interactions with him. Probably not a good idea for OA to do such things in security software, but still just a joke. I am not a fan of the CFP3 built in "hint of the day" that I can't turn off, or the "announcements" area that does phone home either, but they are also no big deal.


	Logged

CFP 3.0.22/349, Vista Ultimate 32x + SP1, Avast! 4.8

Frosty Port

Comodo Member

Offline

Posts: 43

Re: Is this a serious issue? or not? your views are appreciated.

« Reply #5 on: April 30, 2008, 01:52:48 PM »

I find it to be a big security issue!! if they allowed that kind of stuff and did not bother to check there coding to me that shows security is at the back of the line. I have many and used many security programs and NONE of them ever did a thing like that. whats next to pop up game of pac-man? in any case it's a security product not a calender of up coming events.


	Logged

{XP-PRO-SP2} {FireFox} {Avast-Pro AV} {Comodo FW pro3}

Frosty Port

Comodo Member

Offline

Posts: 43

Re: Is this a serious issue? or not? your views are appreciated.

« Reply #6 on: April 30, 2008, 02:00:31 PM »

Quote from: Melih on April 30, 2008, 01:28:04 PM

Is it an alert that gets generated automatically on the date?
or
the user has to do something about it?

thanks
Melih

from the talk on OA forum & Wilders it was hard coded and Mike said that all that stuff would be removed from next releases.


	Logged

{XP-PRO-SP2} {FireFox} {Avast-Pro AV} {Comodo FW pro3}

Soyabeaner

VOLUNTEER
Global Moderator
Comodo's Hero

Offline

Posts: 5526

Re: Is this a serious issue? or not? your views are appreciated.

« Reply #7 on: April 30, 2008, 02:05:55 PM »

Quote from: sded on April 30, 2008, 01:40:14 PM

I am not a fan of the CFP3 built in "hint of the day" that I can't turn off, or the "announcements" area that does phone home either, but they are also no big deal.

Those can be removed / edited in the C:\Program Files\COMODO\Firewall\cfpinfo.ini file


	Logged

Never argue with an idiot; they'll drag you down to their level and beat you with experience.

Frosty Port

Comodo Member

Offline

Posts: 43

Re: Is this a serious issue? or not? your views are appreciated.

« Reply #8 on: April 30, 2008, 02:41:25 PM »

IMHO this is why crackers,hacker are so successful!! programmers that has to add a little bit of code to get recension for there work. and in the end there's a back door opened and the hacker just walks right in. it may have been hard coded but imo it is a possible vector for exploiting.


	Logged

{XP-PRO-SP2} {FireFox} {Avast-Pro AV} {Comodo FW pro3}

Coolio10

Computer Security Testing Group
Comodo's Hero

Online

Posts: 455

Re: Is this a serious issue? or not? your views are appreciated.

« Reply #9 on: April 30, 2008, 03:02:41 PM »

It not too bad since it does not phone home for this information (false alarm).

But stem doesn't seem too happy Cheesy


	Logged

(\__/)
(='.'=)
('')_('')

Melih

Comodo's Hero
Administrator
Comodo's Hero

Offline

Posts: 4748

Re: Is this a serious issue? or not? your views are appreciated.

« Reply #10 on: April 30, 2008, 04:44:35 PM »

Quote from: Coolio10 on April 30, 2008, 03:02:41 PM

It not too bad since it does not phone home for this information (false alarm).

But stem doesn't seem too happy Cheesy

Correct me if i am wrong, but the issue they are concentrating is NOT that it phones home etc but lack of QA and code review for such an important security application? As Stem rightly pointed out, this is NOT an action that is "user initiated" like easter eggs where the user has to find a combination of keystroke etc to find something, but this is forced upon the user on a specific date. Does this raise the quality of software development process as an issue?

BTW: Happy belated birthday to the OA developer

and pls do tell us what else is hiding there if any

Melih


	Logged

Pedro*

Comodo's Hero

Offline

Posts: 706

Former "Someone"

Re: Is this a serious issue? or not? your views are appreciated.

« Reply #11 on: April 30, 2008, 05:35:48 PM »

Do you want my honest opinion Melih? :/


	Logged

panic

Global Moderator
Comodo's Hero

Offline

Posts: 4673

Life may suck, but contemplate the alternative.

Re: Is this a serious issue? or not? your views are appreciated.

« Reply #12 on: April 30, 2008, 05:38:26 PM »

"We do not need them to fail for us to succeed".

It's a bit of egg on the face for Mike and the team, but not much beyond that. They goofed.

To err is human .....


	Logged

As your mums would say, "If you can't play nice with all the other kiddies, go home".
All users are asked to please read and abide by the Comodo Forum Policy.
If you don't like it, don't use the forum.

Vettetech

Computer Security Testing Group
Comodo's Hero

Online

Posts: 2130

Re: Is this a serious issue? or not? your views are appreciated.

« Reply #13 on: April 30, 2008, 07:40:32 PM »

Personally if that was me I would be pissed. Then I would uninstall OA and be done with it. Very unprofessional for a firewall that seems to think the are "The Best There Is" according to there web site. Blah,Blah,Blah.