CIS blocks Chrome for contacting Google?

Comodo Internet Security - CIS Install / Setup / Configuration Help - CIS
#1

When I start Chrome, CIS sometimes halts all network traffic and shows a message that there’s a “security breach” because Chrome is trying to contact Google. Isn’t it normal for a browser to periodically contact its publisher’s site, e.g. to check for updates? Why is CIS doing this?

#2

Hi Ander,
May you please share snapshot of that alert?

Thanks
-umesh

#3

I will, the next time it happens.

BTW, I just found out that Comodo is a music term, meaning “comfortable (at a moderate speed)”. A clever name for a security company. :?)

#4

Here you go.

#5

Hi Ander,
This is related to Internet Security Essentials product that provides protection against Man-in-the-Middle.

You can follow the conversation:
https://forums.comodo.com/news-announcements-feedback-cis/comodo-internet-security-v10016223-released-t119194.0.html;msg857373#msg857373

Thanks
-umesh

#6

Thanks. I appreciate what CIS is meant to do, and am generally glad to have it (even though it has the same initials as Compuserve Information Services, which leads me to believe its developers weren’t online in the '70s/'80s ).

I’m just surprised Comodo didn’t include a whitelist of such likely false positives. Since CIS installs by default, this must be alarming and confusing a lot of users.

The alerts include a link to some very general information—but unless the potential connection has an obviously evil name (e.g. hackme.com), I doubt it’d help most people make intelligent choices.

The real problem, IMHO, is that these “threats” occur, CIS blocks all network access, so you can’t go online for more details without blocking or accepting it. If you block it, you’ve prevented a potentially important connection (e.g. update check). If you accept it, you’ve defeated the app’s purpose. I also imagine many Comodo users wouldn’t know how to edit CIS’s whitelist, or know about this forum where they could ask questions.

Today CIS showed me an alert that Chrome was trying to connect to sharethis.com. It’s just an innocent tool that lets people share content with friends, but I’d never heard of it. My first thought was: Is a virus trying to share my data? Fortunately, I have a 2nd PC I could use to look it up. But it may be more practical for CIS to block only the perceived “threat” instead of instantly calling in the troops.

#7

Hi Ander,
I agree that current alert is not informative enough, we would like more input on that and i am sharing the proposition we have for upcoming release.

Just to re-cap the way product works so we are on same page.
Tool simply detects if given a given https connection is using a trusted root certificate or not.
The point over here is not that website in question is malicious, but it’s more about your traffic is being sniffed and all your communication over https is subject to be compromised.

I have enclosed example alert, please give me your feedback as how you would prefer it should convey the message better.

Thanks
-umesh

#8

Hi umesh,

You’re in luck—I happen to be a technical writer!

In technical documentation, and especially in message windows, it’s generally a good idea to:

  • Keep your message as simple and direct as possible. (“Less is more”)

  • Avoid jargon your users may not understand, e.g. Man in the Middle, untrusted (who’s “untrusting” whom?), sniff, web filtering software (other than Comodo).

Here’s a suggestion:

Comodo Internet Security Essentials has detected that an unrecognized security certificate is being used to try to connect from:

[browser name] to → [domain name]

This means an unauthorized third party may be trying to intercept your information. What would you like to do?

[b]_ Protect me and block this connection

_ Allow the connection, and add this certificate to my exceptions list

_ Connect this time only, but alert me if it happens again[/b]

Note that I’ve suggested:

  • Bolding your product name, and including Comodo so the user immediately understands which app is trying to get their attention. (How many people install CF without realizing they’re also installing ISE? And BTW, rather than the vague-sounding Internet Security Essentials, would you consider calling it something more specific, like Comodo Trust Monitor? That’s what it actually does, right?)

  • That the simple words “from” and “to” may be better than referring to a certificate being used “between” two things, with a redundant “shield” graphic (there’s already one at the top of the window).

  • Offering the option of whitelisting the certificate, but not the website. In most cases, the certificate is a one-time oversight. If you whitelist the domain, any number of bogus certificates may be accepted for it, over any period of time. (This also reduces the number of choices the user must deal with.)

Finally, in case it helps: Tonight I got this alert about Chrome trying to connect to Yahoo. I think ISE may be working its way through the major search engines. :?)

#9

Thank you very much Ander!
Let us incorporate your suggestions.

Offering the option of whitelisting the certificate, but not the website. In most cases, the certificate is a one-time oversight. If you whitelist the domain, any number of bogus certificates may be accepted for it, over any period of time. (This also reduces the number of choices the user must deal with.)
Very good observation there. I agree. :-TU

Thanks
-umesh

#10

Hi Ander,
Please see if you could try latest beta version of Internet Security Essentials:
https://forums.comodo.com/beta-corner-ise/internet-security-essentials-v1241961679-beta-t119709.0.html

It has many changes included as discussed in this topic.

Thank you for all input, please share your feedback.

-umesh