Is this a serious issue? or not? your views are appreciated.

[Guest]

[salmonela]

Ya, security applications should not have easter eggs beacause it might make the user think it just got hacked or something.

That thing in OA is not an easter egg...

[Vettetech]

Agreed Sal........its bs.

[salmonela]

Agreed Sal........its bs.

Yes hmm..., who knows what internal pranking will escape from such dirty code in next build?

[panic]

from the talk on OA forum & Wilders it was hard coded and Mike said that all that stuff would be removed from next releases.

It was a stuffup on their behalf. They've owned up to it. They've publicly stated they will remove it.

What more do we all want?

Big pill.
Little lie down.

Ewen :-)

edit : Minor typo

[Frosty Port]

Mike said that all that stuff would be removed from next releases

if they did not know that was there how can they ensure there is no more hidden messages ? as fare as it may go that code is dirty!! it just can not be seen as a true security product. no matter how much Mike and the others say it was harmless but like any software if there's an area to exploit it will be found so maybe next time somebody will find a way to mirror a sex  message and a users kid will be on the PC and see it if OA wants to hide Easter eggs design a video game where that stuff is expected.     

[panic]

if they did not know that was there

Of course they knew it was there. They put it there. By mistake. In error. Not deliberately.

It's not an exploit - it's a mistake.

Ewen :-)

[Josh123]

This was coded into Online Armor. One of the guys wrote in code that basically says: "If date = my birthday then display stupid message".

Someone did something silly, and believe me, serious words have been spoken about it.

I can also see how people got annoyed at this. The reason I know this is because when I saw this was on every OA running in the office, my stress level went from "quite chilled" to "I am going to kill someone slowly and painfully".

I think, before any more is said I am going to close this thread. Having a chuckle about it, or not, is a reasonable reaction. Everyone's going to take it in a different way which is why this should never have happened, and will not happen again.

That's from the OA Armor Forums.

Josh

P.S Melih, What would you do if something like this happened to CFP 3?

[Eric Cryptid]

Thankfully it was an error. Anyone running CMF along with it? Would have been interesting to note whether CMF alerted it for shoddy programming.

Maybe I'm missing the point.

Too Early in the morning lol.

Eric

[Melih]

Ya, security applications should not have easter eggs beacause it might make the user think it just got hacked or something.

its not even an easter egg apparently...

Imagine you are a sys admin and convinced your boss to install this app.. and on 29th april all your PCs show this message!!!! You will be spending the day answering phone calls from worried users thinking they have a virus and you will end the day with a visit to your boss's office!

This is NOT a user initiatied action (eg: press some key combination to get something back), this is an automatic alert that comes out automatically from your security application!

Melih

[Melih]

That's from the OA Armor Forums.

Josh

P.S Melih, What would you do if something like this happened to CFP 3?

For any serious code development there are many steps you build into your develpment process, from peer review to your managers constantly checking (randomly) the code.
If that happened the person would be sacked on the spot as this is not a high school project and we are being trusted to secure people's computers with their valuable data! (in small companies like OA this "might" be their only developer and cannot afford to sack this person etc..) These people trust Comodo when they install our applications to protect themselves from all sorts of unfortunate things like their bank details being comprised to getting their machine hosed! If there is no culture of serious security development within the development team then one cannot expect serious code coming out of that development team! Of course we have fun too but NOT AT THE EXPENSE OF THE VERY PEOPLE WHO TRUST US!! Building trust is a long and difficult process. Loosing it, on the other hand, is painfully quick!

I hope Mike and OA team can re-gain the trust they lost by proving that they have the necessary processes and culture in place for his development team.

I must admit we started wondering about the quality of their team when they had "auto-allowed" an alert if it wasn't answered (yep... auto allow if not answered by the user!!), and also allowing a rootkit installation, not being able to deliver Vista version etc etc.. From where I am standing, there does seem to be a process and quality issue and of course its nothing unsurmountable and I sincerely wish good luck to Mike as I know first hand how difficult it is to build a top notch high quality security concious R&D labs that can deliver world' beating security products!

It is important to take Security seriously!

Melih

PS: The reason why I said sacked on the spot is cos I checked with our legal dept and they said, Beheading, Torture, throwing in with lions were illegal! 

[Vettetech]

Good answer " It is important to take Security seriously! ". 

[Rafel]

Melih nows abot hi is telling.
 

[Vettetech]

Melih nows abot hi is telling.
 

I think you need spell check. Can you type it again so it makes sense. Sorry.

[N.T.T.W.]

I think you need spell check. Can you type it again so it makes sense. Sorry.

Please remember that not every user has English as their native language. Personally I understood perfectly what Rafel meant.

 

[Vettetech]

Please remember that not every user has English as their native language. Personally I understood perfectly what Rafel meant.

 

Sorry but I don't. Not being a jerk.

[Tags:]