Another COMODO EULA controversy

I’m no lawyer, but since EULA’s of most software contain a clause, that you don’t own, but only license a copy of a product, you can’t grant “ownership” to COMODO. Actually you are not allowed to distribute most products or components, so the security software’s submitting features may not be used for most files.

For example the corresponding excerpt of the CIS 4.0.x.716 beta EULA.rtf:

No Ownership Rights. The Products are being licensed, not sold. Comodo retains all ownership rights in and to all Products, including any intellectual property rights therein.

In fact, the EULA forbids you to submit such files:

Compliance. You shall ... (3) not use the Products to infringe the privacy or intellectual property rights of a third party;

Even worse - you may not submit malware:

(4) not use the Products to distribute or transmit any file that contains malware,

That renders CIS’s submitting feature theoretically unusable if you want to comply to the EULA.
But most users will breach with the EULA without even noticing, since the auto submit feature for unknown files is enabled by default…

FYI All,

I have lodged a request to see if they will part with some specifics.

I’m currently going into a holding pattern on this one.


PS: I’m no lawyer either, but I do note that if they wrote in straight up clear language, we wouldn’t need to hire them and pay big bucks to have them decipher each others ■■■■. :wink:

To those uneducated in the legal language of EULA agreements it would appear as though Comodo is blatantly encouraging people to violate its own EULA by using the auto submit feature which is precisely why a lawyer is needed to interpret the terms of the EULA agreement and refrain from non-professional interpretations which can lead to gross misunderstandings about what it actually means.


Hi J2897,

Well, I don’t think so (despite any info taken is a “file”, what else?)
Depends on what “Files” do you mean.

Developers will reply, I hope. Then, at least that’s openly stated about gathering info.

At the same time we do know for sure that MS can indeed change any file silently on our systems
There are articles, and that was even discussed in the forum in the past, so they can take anything as well (why not?).
I am not talking about “the patches auto-updates”… but we still are using Windows


Yes that’s correct.I realise that using the word spamming may have given the wrong impression since of course your email address doesn’t need to be given.I’m thinking more on the lines of those Google ads that appear on some sites (I use Opera so don’t see the things :wink: ).

Of course nobody knows exactly what data may be passed onto 3rd parties and how any such data could be used.


In fact, the EULA forbids you to submit such files:

“Compliance. You shall … (3) not use the Products to infringe the privacy or intellectual property rights of a third party;”

That refers to downloading/distributing copyrighted materials such as music + films,sending a suspicious file to Comodo for analysis doesn’t constitute illegal file sharing otherwise Virustotal would be in the courts every week. ;D

Even worse - you may not submit malware:
" not use the Products to distribute or transmit any file that contains malware"

The wording there could be interpreted as you say,although that wasn’t of course its intention.

The EULA also mentions that the privacy statement of Comodo website will prevail (though it refers to\privacy - which does not exist). So, isn’t it that the following link is the current privacy policy of Comodo? That does not state that personal information will be collected without consent or will be sold etc. etc.

I’m pretty sure, that it isn’t intended this way (for practical use), but I didn’t interpret much - it’s simply the content of the EULA. Also software is “copyrighted material”. I can’t find any hint that only music or movies are affected. Simply, because this isn’t the case!

And you’re right, it’s the same as it’s for VirusTotal or any other security solution offering to submit files:
Probably you’re breaching with the EULA of the corresponding product, the files belonging to, by submitting the files.

Beware that this document is not only about CIS, also about TrustConnect and others like Hopsurf.
With TrustConnect you can “submit” files that will “enter the internet” over the servers of Comodo, so in theory it’s their IP address that can get linked to these file transmissions…

Maybe different EULA’s for the different products would make some things clearer. By the way there are also paragraphs for the different products.

My point is, that something should be done about the formulations of the EULA. The further, the better! As it’s now, it’s a waste of time to read it. Afterwards you still have to guess, what you’re allowed to do and what’s not allowed.

The “file transmission clause” was just an example to make this clear.

Agreed, but on the other hand have you ever seen a “clear” EULA?

Which ever Files they choose.

I hope someone from Comodo staff will give us some answers… I sent PM to Melih but he is a CEO, and busy man…probably doesn’t have time for reading all forum posts.

No, I guess not - but I think this is not a reason for COMODO, not to take the first steps to a clearer and more understandable EULA.
But I’m pretty sure, that my wishes are too optimistic.

Well that’s what I posted today in CIS4 beta corner before I noticed this branch:

“Seams like CAV doesn’t understand WinRAR SFX files. At least not all. Some SFX archives of mine, CAV considers as suspicious or even infected. I’m absolutely sure there are NO viruses. Some files may be commercial.
So is there any possibility by default those files are sent out without notifying me? We all know every lock (encryption) can be broken. Question is rather serious for me and for other people as I can not use or recommend a “black-boxed” product. I know there are options to allow or disallow but by default all these check box SHOULD be disabled.”

So I’m also eager to hear an answer.

Don’t get me wrong, i wasn’t trying to justify COMODO’s EULA… I think it would be a big+ if these could be much more simple to read…

Or just more ‘specific’ would be good enough for me. Something like:

  • Comodo has the right to collect data-files after the user has seen exactly which data-files are about to be collected, and only after the user has clicked ‘Send’.

I think it’s good that people are actually reading these things. In the past, people just used to trust anyone. :slight_smile:

I have received a response.
And things still are not so… “clear”.
I have requested a more specific reply.
Back to holding pattern for another day or so.

One important thing which has been mentioned, is that the Privacy Policy is written to cover a range of products under a number of possible scenarios.
So this may be an exercise akin to pulling hen’s teeth, with regard to detailing specifics.

Everyone needs to be aware that the type and amount of personally identifiable/personal information, gathered/held/required/used.
Is vastly different depending on the product/scenario.
Example two opposite extremes.
Let’s say someone downloads and installs CIS Free and doesn’t give their email address.
Someone or some business buying a EV cert.
You should see there is a vast difference in what inormation we are dealing with.
And who knows how many other possible scenarios could apply, given the range of products Comodo produces.
So yea, any single all encompassing legal policy is going to have to seem vague/general.

I think many people’s confusion arises because they tend to forget that CIS isn’t true freeware, it is a paid commercial product when used in full with the added services.
So the EULA and the Privacy Policy contain wording meant to cover real info, that does matter.
CC numbers,banking info, names and addresses and the like.

Free users should really calm down, when reading the Policies.
You are not being scanned, intercepted, or harvested for some nefarious purpose.
And the Policy wording also covers/allows for the sharing of your email with affiliates, which is purely Opt In/Opt Out, If and when you freely choose to give your email address during an install to receive newsletters and offers from affiliates.

So I’m just going to wait and see if I can get a more detailed response.

Later Bad

Is that all what you wrote, or is some of it quoted from the email/correspondence?

+1 :-TU