Comodo Dragon ver 18.0 is now available for download

[Guest]

[siegfried]

in here its work perfect

here the same

[dttvinh]

in here its work perfect

The problem seems to only exist when the list of processes is too long (just try scrolling down and selecting the last one). After I resize the task manager to fit all of them (about 20 processes in total), there's no longer any problem. I want to reproduce it but now I can't reduce the task manager's size anymore.

EDIT: After messing around with it again, I found out another problem (with the resizing this time). Just try resizing the task manager (enlarging it in particular), then close and open it again. You will find that you can't reduce the size to the original state anymore.

[ounch]

At work here, I decided to upgrade to the beta of Comodo Dragon so I could have the security fixes that were introduced in version 18 of Chrome.

However, when I downloaded it, I noticed the file was 31 KB instead of 27 MB. I opened the file up in a text editor and I saw some HTML from McAfee that contains the following message: 

Malicious code "McAfeeGW: Artemis!73DF7DB5BDED" has been detected in content originating from http://downloads.comodo.com/dragon/DragonSetup.exe. Your organization has defined a policy to help protect your computer from infection.

I thought you guys might want to be aware that McAfee, either rightly or wrongly, is flagging your file as malicious. You may want to evaluate whether you do in fact have a virus inside this file, or whether McAfee is detecting a false positive. Either way, this needs to be dealt with. 

Really this kind of thing should have been checked with all the major AV vendor's software before a link was provided to end users. It's mere professional courtesy.

Hope this helps. 

Well i downloaded dragonsetup.exe which has a size of 28,029,616 bytes (26.7mb) and avira personel reports it contains malware tr/dropper.gen. Are you guy's affected by some malware or  checking the detection rate of av's. Hope you will dealt with it soon.

[wasgij6]

Well i downloaded dragonsetup.exe which has a size of 28,029,616 bytes (26.7mb) and avira personel reports it contains malware tr/dropper.gen. Are you guy's affected by some malware or  checking the detection rate of av's. Hope you will dealt with it soon.

its not comodo problem if avira detects dragon as a virus. avira needs to fix the false positive

[trscsaeg]

Well i downloaded dragonsetup.exe which has a size of 28,029,616 bytes (26.7mb) and avira personel reports it contains malware tr/dropper.gen. Are you guy's affected by some malware or  checking the detection rate of av's. Hope you will dealt with it soon.

where are you downloading dragon from

[interfasys]

This version seems to have problems with SSL protected websites.
When there is an issue with the certificate, the "Proceed anyway" button doesn't work most of the times.

[palisade]

Hello.

We contacted McAfee already, waiting for fix from their side.

Unfortunately detection can be introduced at any moment after download links has been made live.

I doubt you bothered to scan it with all major virus scanners before you posted the link. Someone else has reported that Avira is also detecting it, so it's not just McAfee. And, you guys probably would have caught it early if you had actually scanned the download. Don't insult my intelligence.

The developers could have changed the code a little and recompiled to make the false positive go away, if it is. Scanned it with major AV again, and then provided the link. This needs to be part of your process. Relying on the AV companies to remove the false positive is the wrong way to go about this. Who knows when they'll remove it, if ever. It could be six months from now, it could be years, or maybe never. Correcting it on yours die is not only easier, but the right thing to do.

In fact, I'd bet that if you checked a newer build on your side the false positive is probably gone again because the executable has changed significantly. So, it might even be as simple as providing a slightly newer version.

No software company would be caught dead releasing something flagged as a false positive. The link should be pulled, an explanation made as to why, and a new post with a corrected download should be provided. Leaving the download up and just telling your users to contact their AV isn't a proper solution to this problem. Contacting them yourself is also the wrong approach, as detailed above. You could wait forever for those behemoth companies to make a move on your behalf. It's a grave mistake.

I can't use this software as long as this false positive exists, because I can't be sure it is a false positive. I won't take the risk for myself or my organization on your word.

Sorry if this email seems confrontational, I'm just telling it like it is.

[Rampant]

Doctor Web 7.0 has detected MULDROP.Trojan in certsentry_setup.exe in DragonSetup.exe (heuristic detection). After reporting false positive there is no more detection with actual av database.

[Melih]

The developers could have changed the code a little and recompiled to make the false positive go away, if it is. Scanned it with major AV again, and then provided the link. This needs to be part of your process. Relying on the AV companies to remove the false positive is the wrong way to go about this. Who knows when they'll remove it, if ever. It could be six months from now, it could be years, or maybe never. Correcting it on yours die is not only easier, but the right thing to do.

I must respectfully disagree. Trying to figure out which part of the code causes an FP requires us to analyse other AV engines. Its a time consuming effort to fix someone else's error as well as modifying our code to accommodate that is simply bad software engineering practice. Any responsible security provider will respond in a timely manner to fix their errors. And they have done so!

[HeffeD]

The developers could have changed the code a little and recompiled to make the false positive go away, if it is.

Impossible. Without knowing which part of the code is triggering the false positive, it can't be fixed. Comodo doesn't have the code of the other application to look at to determine what they would need to change.

Say for example, that you write a book and send it to a publisher. They send you a rejection letter simply stating that they object to it. Without knowing what exactly they objected to, which part(s) would you rewrite to gain their approval? Simply guessing and making changes willy-nilly, then resubmitting your book in hopes that you've fixed the section(s) that they had problems with, isn't going to get you anywhere.

As previously stated, the only entity that can fix a false positive detection is the developer of the antivirus that is exhibiting the false positive. They are the only ones that know how their application works.

I can't use this software as long as this false positive exists, because I can't be sure it is a false positive. I won't take the risk for myself or my organization on your word.

That's your prerogative.

[palisade]

off-topic

[Dennis2]

Please stay on topic

Thank you

Dennis

[Ronny]

The Chrome Stable and Beta channels have been updated to 18.0.1025.151 on Windows, Mac, Linux and Chrome Frame.  This release fixes issues including:
Security fixes and rewards:

A new version of Flash Player is included. More details are available in an addendum to this Flash Player advisory.

Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

    [$500] [106577] Medium CVE-2011-3066: Out-of-bounds read in Skia clipping. Credit to miaubiz.
    [117583] Medium CVE-2011-3067: Cross-origin iframe replacement. Credit to Sergey Glazunov.
    [$1000] [117698] High CVE-2011-3068: Use-after-free in run-in handling. Credit to miaubiz.
    [$1000] [117728] High CVE-2011-3069: Use-after-free in line box handling. Credit to miaubiz.
    [118185] High CVE-2011-3070: Use-after-free in v8 bindings. Credit to Google Chrome Security Team (SkyLined).
    [118273] High CVE-2011-3071: Use-after-free in HTMLMediaElement. Credit to pa_kt, reporting through HP TippingPoint ZDI (ZDI-CAN-1528).
    [118467] Low CVE-2011-3072: Cross-origin violation parenting pop-up window. Credit to Sergey Glazunov.
    [$1000] [118593] High CVE-2011-3073: Use-after-free in SVG resource handling. Credit to Arthur Gerkis.
    [$500] [119281] Medium CVE-2011-3074: Use-after-free in media handling. Credit to Sławomir Błażek.
    [$1000] [119525] High CVE-2011-3075: Use-after-free applying style command. Credit to miaubiz.
    [$1000] [120037] High CVE-2011-3076: Use-after-free in focus handling. Credit to miaubiz.
    [120189] Medium CVE-2011-3077: Read-after-free in script bindings. Credit to Google Chrome Security Team (Inferno).


Many of these bugs were detected using AddressSanitizer.

[Ronny]

The Chrome Stable channel has been updated to 18.0.1025.152 on Windows. 


This release fixes issues with SSL (Issue: 118706). Please note this might reintroduce Issue: 117371 and we are actively working on a fix for it.

[Rexert]

The more I use Dragon, the more I hate other Internet Browsers. I thank Comodo greatly for this browser.

[Tags:]