Hi, Melih.
I have been using VE for months and notice no problems at all. Love it and addicted to it. Will not surf the web without it. I just switched to a new notebook and one of very the first things I do is installing VE. Thanks.
Some simple questions if your don't mind:
1. When VE authenticates a web page with green border or a golden key, does it confirm "with certainty" that this particular page is provided by the company indicated on the page (or by the logo)? In other words, when I visit
www.microsoft.com,
www.symantec.com, and
www.hushmail.com and see green borders or golden keys, I can be CERTAIN that I am looking at web pages provided by Microsoft Corp., Symantec Corp., and Hushmail respectively. Correct? I am confuse.
2. I know you do not want to get into technical details, but I just have to ask these questions anyway. How does VE authenticate the website? May be:
(a) Check the "unique signature" on each page (Require cooperation from owners of websites to signup with Comodo and embed agreed upon "signatures",
(b) Check the URL against Comodo's VE database (Insecure and requires large storage for database),
(c)
?? (Please help)
VE is a BLACK BOX to me and there seem to be no explanation around (Forgive me if I am wrong).
3. Websites mentioned in 1. above plus
www.ibm.com and
www.intel.com all show green borders, BUT
www.McAfee.com,
www.java.com, and
www.WorldCommunityGrid.com do not. I became very nervous when I noticed that AFTER already downloading files from them (especially program update and virus signatures from McAfee.com). Does it mean I went to fake websites and downloaded from bad people?
4. Just in case you know the answer....... Is
www.WorldCommunityGrid.com a legitimate philantrophic project run by IBM Corp. or is it just a scam to put malwares in unsuspected people's computers. (I have been running their programs for months and felt good about it!!!)
Thanks in advance for the assistance and THANK YOU for trying to make the internet safe for honest people.
Tom
P.S. I love your firewall and waiting for the CAVS 2.0. Thanks.
The way that I look at Browsers and internet as a big "Content serving Engine". It keeps serving you content..
however, there is no authentication of what it serves you! Nowadays, this content is becoming valuable as it might be a 3rd party certification (like a VISA logo which indicates Visa has authorised them to accept credit cards etc) or it could simply be a company logo, which verifies their identity. However without verification how can a user know that these are authentic? That is exactly why I invented VE!
ok lets answer your questions
1)VE works on "white list" only authenticated entities are in. So if it authenticates, you are good!
2)VE works by CVC (Content Verification Certificates). The way it works is: When you go to a site, VE checks to see if the Site has a CVC certificate or not (CVC certificate could be stored in two configuration a)on the site itself, b)at Comodo servers) by first checking the site and if not then Comodo servers. if it finds the CVC certificate, then checks the content on the website and compares it with the hash signature in the CVC. if they match then it displays the green border. Of course it also checks the domain name, and/or IP address etc of where this content is. Because if you copy and paste the content somewhere domain/ip won't be the same hence it won't work. All the information eg: hash of the content, URL, IP address and few other details are stored within CVC certificates.
3) I went to
http://www.mcafee.com/us/ and their logo is verified. The other two must not be in our whitelisted db yet. You can simply request any website to be "validated" by Comodo by simply posting in this forum. This way, if the site passes our validation, we will validate it and add it to our whitelist db and generate a CVC cert for it.
4)I am not sure its run by IBM Corp. I think (this is purely my personal assumption from little information i have) it runs on IBM machines but they seem like a different entity. But they seem genuine enough (but this is purely a personal view without puting them through our validation).
if you wish pls post the URLs that u want validated and our team will take care of it.
thanks
Melih
Author