CIS seems to be a big problem - beware!!

What is this? There are several 1000s of so called “trustworthy” firms included by default, such as “Bonzy Buddy” & hundreds of obscure & creepy chinese or russian firms, which this funny “firewall” lets phone home by default, using the lame excuse to make it easier or the users. Every entry in that list is a potential security hole, because they are granted “trustworthy” status".

Come on, people, how naive are you all? Obviously every firm willing to pay a few bucks can spy in and out your system, without ever being bothered by this spyware friendly firewall? I used to think, Comodo was a good software, but now in the new version users have to wake up. Have a look in your settings!

You ever wondered, why you can´t delete one entry and hold down the space bar to quickly empty that untrustworthy list? Why can´t the user choose the standard “Ctrl-A” paradigm to conveniently DELETE all that ****? Why are the deleted entries even COMING BACK after reboot? It´s very obvious, why the use the opt-out instead of opt-in. Because this is firewall is supposed to help the companies and not the user.

This is no firewall anymore, this is punching a 10.000 new security holes in every system! It´s time for Comodo to vigorously explain that very strange policy. If their money making model is that of selling out the users to more than obscure and obviously untrustworthy firms, than you should look for something else.

Is this true? I would like to see some evidence, and since I don’t have CIS installed I can’t check myself…

What is this? There are several 1000s of so called "trustworthy" firms included by default, such as "Bonzy Buddy" & hundreds of obscure & creepy chinese or russian firms, which this funny "firewall" lets phone home by default, using the lame excuse to make it easier or the users. Every entry in that list is a potential security hole, because they are granted "trustworthy" status".

creepy? obscure? Are you kidding me? funny firewall phone home? really?

Please Provide At least small bit of evidence of any of this;

Reason this 5 Start Rated From CNET, ISCA Certified , “Funny” Firewall calls home because its either checking for updates/scanning a file in the cloud.

If they have the 'trustworthy" status is because its on the whitelist, if you have found a file that is malware and also on the whitelist please post it (This is a rare case) here

Obviously every firm willing to pay a few bucks can spy in and out your system, without ever being bothered by this spyware friendly firewall?

willing to pay? I don't know if you noticed but CIS is Free? and a spy? That's almost a insult to Comodo? If your so paranoid then simply block cmdagent/cfp.exe from accessing the internet and throw on Custom Policy mode and change the alert settings to very high and disable all cloud features..

I used to think, Comodo was a good software, but now in the new version users have to wake up. Have a look in your settings!

Umm.. I'm assuming you are looking at the cloud features?

You ever wondered, why you can´t delete one entry and hold down the space bar to quickly empty that untrustworthy list? Why can´t the user choose the standard "Ctrl-A" paradigm to conveniently DELETE all that ****? Why are the deleted entries even COMING BACK after reboot? It´s very obvious, why the use the opt-out instead of opt-in. Because this is firewall is supposed to help the companies and not the user.

Please post a wish in the [url=https://forums.Comodo.com/wishlist-cis-b131.0/]wishlist[/url] to 'easily disable the TVL You can remove the TVL by exploring to %programfiles%\Comodo\Comodo Internet Security\database and remove vendor.n/sha; OR Simply go to Defense+ > Defense+ Settings > Sandbox > Automatically trust files from trusted installers OR Simply go to paranoid mode

This is no firewall anymore, this is punching a 10.000 new security holes in every system! It´s time for Comodo to vigorously explain that very strange policy. If their money making model is that of selling out the users to more than obscure and obviously untrustworthy firms, than you should look for something else.

"Untrustworthy"? Can you explain? and provide evidence?

Hope this helps
Jake

I can tell you why: i just removed all “trusted” entries for the second time, manually. Guess what: they all came back. That´s why there is no “remove all” item. It´s free, because it opens all doors wide for funny firms like “Bonzy Buddy”. This software has been classified as spyware and annoyed hundreds of thousands of users. Can you tell me WHY it´s included? Are the users supposed to trust chinese companies, you never ever heard of?

Please, look through the entries and have your own thoughts. That it´s free, doesn´t mean anything. Like i said, they make money through the firms, who pay to be in the “free in- and out” list, not the users.

I´d like to read a clarification, why there is no “remove all” menu entry or at least possible to mark large bloks & hit “enter” to get rid of this stuff.

Everyone in this list is allowed to bypass the whole “firewall”, right? Well, that must be the point of any firewall, lol. Also, the sandbox breaks everything in sight, i had to turn it of. The sandboxing functions was an annoyance before, but now it got even worse. If i choose NOT to sandbox things, it won´t do that. It sandboxes important applications anyway!

If you mean it seriously, please clarify, why you make it so hard to get rid of that “trusted” stuff. Also, why does it come back after the next reboot? Is it downloaded every time, you enter the web?

Who does check, if a company is trustworthy? This is a great idea for malware authors and the like, to get in that list. Once they are in, they can do whatever they like, right? I am going to search for a new firewall, because i can´t trust this software anymore, sorry.

Someone posted Ctrl-R or S works, also you need to stop cloud in Defense+ if you do wish to use the Trusted Vendors List.

Dennis

[attachment deleted by admin]

Because Comodo occasionally get things quite wrong in terms of UI design and user settings retention. You are not the first to complain about this.

It´s very obvious, why the use the opt-out instead of opt-in. Because this is firewall is supposed to help the companies and not the user.

Please provide evidence.

Alternatively, please state that this is purely your opinion (which you are fully entitled to and equally allowed to post).

This is no firewall anymore, this is punching a 10.000 new security holes in every system!

Surely the above statement would only be true if both of the following two conditions were met; A) a single system had all 10,000 apps installed and B) all 10,000 apps were malicious.

If their money making model is that of selling out the users to more than obscure and obviously untrustworthy firms, than you should look for something else.

Let me get this straight - you are stating that Comodo are receiving money from firms for placement on the Trusted Vendor List?

If I have interpreted your posting correctly, I eagerly await your proof.

If I have interpreted it incorrectly, I equally eagerly await your clarification.

Ewen

abr, please provide some proof that “Bonzy Buddy” is trusted in CIS. I’m not biased towards or against CIS. I just want to know if this is true or not. Can anyone check if this is true?

I can tell you why: i just removed all "trusted" entries for the second time, manually. Guess what: they all came back. That´s why there is no "remove all" item. It´s free, because it opens all doors wide for funny firms like "Bonzy Buddy". This software has been classified as spyware and annoyed hundreds of thousands of users. Can you tell me WHY it´s included? Are the users supposed to trust chinese companies, you never ever heard of?

You mean this [url=http://download.cnet.com/BonziBuddy/3000-2184_4-12328.html]Bonzi Buddy? [/url]It seems like an ok application; Ask.com toolbar was classified as spyware/adware; but it's still ok to use

It’s included because Comodo is a global company; which as you can take a look down below You may be able to see that more than one country/language uses CIS and Comodo’s Products.

Please, look through the entries and have your own thoughts. That it´s free, doesn´t mean anything. Like i said, they make money through the firms, who pay to be in the "free in- and out" list, not the users.

My own thoughts? If you grew up in China; and raised in China ; and you installed CIS and took a look at the TVL; the American Names would seem like 'funny firms' It's all matter of location and your enviroment...

I´d like to read a clarification, why there is no "remove all" menu entry or at least possible to mark large bloks & hit "enter" to get rid of this stuff.

Just add it to the wishlist.

If you mean it seriously, please clarify, why you make it so hard to get rid of that "trusted" stuff. Also, why does it come back after the next reboot? Is it downloaded every time, you enter the web?

Its not me; I'm not in no way affilated with Comodo ; I'm just a volunteer :D

Who does check, if a company is trustworthy? This is a great idea for malware authors and the like, to get in that list. Once they are in, they can do whatever they like, right? I am going to search for a new firewall, because i can´t trust this software anymore, sorry.

that would be Comodo/Comodo Group

Hope this helps

Jake

Surely the above statement would only be true if both of the following two conditions were met; A) a single system had all 10,000 apps installed and B) all 10,000 apps were malicious.

No, that is not the meaning. The danger is, that you might have SOME of that stuff on your machine and SOME of it does not deserve the status of “trustworthy” at all. Only a few spywares or phone home apps would be enough to compromise your security.

Let me get this straight - you are stating that Comodo are receiving money from firms for placement on the Trusted Vendor List?

Comodo is making it´s money through certificates, right? What if a malware firm was willing to buy one in order to have certain access to our machines (let´s say for data mining)? The thing is, to wrap it all up, i think the users don´t want such vast quantities of very unclear vendors.

No, how can i have evidence? It only looks very very suspicious:

http://img717.imageshack.us/img717/5821/vendors.png

Even if you don´t have them all installed, this is not the way i expect a firewall to work. I expect it to offer an easy way to remove all that stuff, no ctrl-S or ctrl-R works. Also, i had big trouble with this new installation. First Comodo stated, some two weeks ago, that the new version would be available over automatic update, which it wasn´t. Then it completely broke the system (i had to revert to some older system), by having the older version not correctly removed. Then the sandboxing thing is still a mess. If i answer “no, do´t sandbox this item”, it will still sandbox it. So finally it broke a dozen important tools until had to turn ot off.

As it regards the cloud: i don´t wan´t any cloud automatically change things, all it may do is offer me some advice, as how many people allowed/blocked things. And yes, this is only my opinion, or even an impression, because i don´t think, that anybody can control this vast amounts of tiny firms. This are maybe ten thousand entries, & someone may know a couple of hundred of them, so how would Comodo make sure, that they are alle clean? Also, i´d like to know, what does it actually mean if a firm is in the list?

That they can bypass the firewall, because they´re trusted?

_{Edit by EricJH: removed unneeded space i body at bottom for a better read}

Well, if you are so afraid use Paranoid mode in Defense+ settings or switch off Automatically trust files from trusted vendors in Sandbox settings. No need to delete anything from White list at all.

I am using secure mode for firewall and defense+, both antivirus and sandbox are turned off now, because the AV is slowing down the computer and disk access, and the sandboxing only breaks things and is causing too much trouble.

What also annoyed me was, i had personal documents blocked by the sandbox and later found out (a couple of weeks ago), that Comodo claimed to have them sent “for analysis”. I´m still not sure if the actual document was sent (with all private contents). This really would be a no go.

Normally i used to be a convinced Comodo user, but all this cloud and whitelist stuff i don´t like. I had bad results anyway, in the CLT test, having only 2/3 of the possible points. This is very disappointing, & there is no clue as to how to set it to be 100% proof. It should have full protection by default instead of having obscure vast white lists.

Comodo is making it´s money through certificates, right? What if a malware firm was willing to buy one in order to have certain access to our machines (let´s say for data mining)? The thing is, to wrap it all up, i think the users don´t want such vast quantities of very unclear vendors.

1, Yes that is how Comodo makes money, 2. Hahah I would like to see that happen... Comodo goes through an extended validation to make sure you are who you say you are and you do what you say you do. Comment: You said IF first you accuse now you say IF? :: If you wish; you may research each individual one :) Comodo makes changes of the TVL here and there, they are actually inventing more ways to detect IF a malware is signed it will detect it :) They already can detect whether if a Cert is invalid

Just to give you a small list to apply for a Comodo Code Sign Cert:

1. Please provide the following documentation so we may complete your validation
   A. Copy of a valid government issued photo ID (driver’s license, passport, etc.) of the certificate applicant
   B. Copy of a recent phone bill of the certificate applicant
   C. Copy of a major utility bill (i.e. power bill, water bill, etc.)
   D. Copy of a bank statement of the certificate applicant.

So; If you get approved and later you do turn out to be malicious… you may be in trouble with your local authorities lol

No, how can i have evidence? It only looks very very suspicious:

http://img717.imageshack.us/img717/5821/vendors.png

Again, You may check each and individual one to check its intergrity
You’ll have to install some languages on your PC

Even if you don´t have them all installed, this is not the way i expect a firewall to work. I expect it to offer an easy way to remove all that stuff, no ctrl-S or ctrl-R works. Also, i had big trouble with this new installation. First Comodo stated, some two weeks ago, that the new version would be available over automatic update, which it wasn´t. Then it completely broke the system (i had to revert to some older system), by having the older version not correctly removed. Then the sandboxing thing is still a mess. If i answer "no, do´t sandbox this item", it will still sandbox it. So finally it broke a dozen important tools until had to turn ot off.

Again, If you have troubles you can either discuss it here in the forums (Which i noticed you have and i'll be glad to help you if you wish) or you can talk to Geekbuddy :)

As it regards the cloud: i don´t wan´t any cloud automatically change things, all it may do is offer me some advice, as how many people allowed/blocked things. And yes, this is only my opinion, or even an impression, because i don´t think, that anybody can control this vast amounts of tiny firms. This are maybe ten thousand entries, & someone may know a couple of hundred of them, so how would Comodo make sure, that they are alle clean? Also, i´d like to know, what does it actually mean if a firm is in the list?

1. Because unlike symantec or avast; SSL/Code Sign/EV SSL/WILD Card etc was All that Comodo was for! but times have changed and ways has changed also; so they already had a good method/enviroment set up to have such a list..

That they can bypass the firewall, because they´re trusted?

Bypass? No.. They go through the firewall but marked as trusted; if you wish you can change your configuration to proactive / Paranoid / custom policy etc etc

Hope this helps

Jake

So; If you get approved and later you do turn out to be malicious.. you may be in trouble with your local authorities lol

Yeah, sure, but do you really think, this is a problem for some firms in china? There were hundreds of them.
I don´t think the authorities would do anything, as they don´t do anything if 1/3 of the worlds spam is coming from chinese servers. Get real.

Again, You may check each and individual one to check its intergrity :) You'll have to install some languages on your PC :)

Hmm, manually removing the lists contents took almost two hours, deleting 5 items per second. So checking all firms would maybe take, uhm, 5 years? No, seriously, one funktion to mark them all (and unmark the maybe 10 i would trust) for deleting would be the much simpler way.

Again, If you have troubles you can either discuss it here in the forums (Which i noticed you have and i'll be glad to help you if you wish) or you can talk to Geekbuddy :)

Or maybe i should ask Bonzy Buddy?

Bypass? No.. They go through the firewall but marked as trusted; if you wish you can change your configuration to proactive / Paranoid / custom policy etc etc

Yeah, that´s what said. They are trusted by default, but maybe i just don´t want them to “automatically check for updates”, send crash reports

Hope this helps

Thank you. I have to check the things again. Maybe Comodo will take this seriously and might change some details. For example, the whole sandboxing thing isn´t really right at the moment. For example, i had a dozend items shown as sandboxed, but when i tried to add them to the trsuted files, it said “it is already a trsuted file”. After reboot the whole thing repeated. I remember an older version, when adding them to the trusted items resulted in the immediate removal from the sandboxed list (which seems correct to me).

Hmm, manually removing the lists contents took almost two hours, deleting 5 items per second. So checking all firms would maybe take, uhm, 5 years? No, seriously, one funktion to mark them all (and unmark the maybe 10 i would trust) for deleting would be the much simpler way.

Third Time Around; Create a wish or support a [url=https://forums.Comodo.com/wishlist-cis/no-option-to-delete-history-files-sent-for-analysis-defense-t67648.0.html]open wishlist[/url]

Or maybe i should ask Bonzy Buddy? :D

I think GeekBuddy is much smarter; and will help a bit better lol :D

Yeah, that´s what said. They are trusted by default, but maybe i just don´t want them to "automatically check for updates", send crash reports

Then Simply disable the options to such tasks

Thank you. I have to check the things again. Maybe Comodo will take this seriously and might change some details. For example, the whole sandboxing thing isn´t really right at the moment. For example, i had a dozend items shown as sandboxed, but when i tried to add them to the trsuted files, it said "it is already a trsuted file". After reboot the whole thing repeated. I remember an older version, when adding them to the trusted items resulted in the immediate removal from the sandboxed list (which seems correct to me).

I'm sure that other people will find this thread and comment and confirm few things.

Ok; Can you send me a link to the post that you made about your issue so i can help you?

Jake

Yes, soon. I think, this is on behalf of lots of users.

I think GeekBuddy is much smarter; and will help a bit better lol :D

I will have a look on that system.

Then Simply disable the options to such tasks

Of course, but just in case, there is no such option, it would be a problem. I want to know exactly, which application is accessing the internet.

Yes, soon. I think, this is on behalf of lots of users.

Ok Thanks!

I will have a look on that system.

Here is a link to get [url=http://server.iad.liveperson.net/hc/61298727/?cmd=file&file=visitorWantsToChat&site=61298727&byhref=1&SESSIONVAR!skill=CFP%20PRO%20PLUS&imageUrl=http://server.iad.liveperson.net/hcp/Gallery/ChatButton-Gallery/English/General/1a]start chatting with a Tech[/url]

Hope this helps

Anything else i can assist you with?

Jake

No, not in the moment. Sorry, if i sounded angry, but this time it was the worst Comodo update ever.
First it failed, i had to revert to an older image (couldn´t get into both profiles of Windows), then the whitelist was about 10 times bigger than before (took literally over an hour only for deleting entries, lol).

Actually i think, i have to keep Comodo. And thanks.

It is alright; If you do need any help please don’t hesitate to PM me or create another topic;

I’m sorry that you seem to have difficulties with the installation of CIS Premium;
Are you still having issues with installing CIS?

I hope that Comodo will Have a “Enable/Disable TVL” or Clear "TVL List button somewhere’s
(I know that there options you can dis-select to do so but it may not be clear to end-users)

Again If you have any other issues you may post away; I’m happy to hear that you’ll stay with Comodo while we are dealing with this speed bump in the road of development

Jake

Yep, if there is another big problem. As i said, somehow it failed (it was still 5.0, where it should have been 5.3), & directly after that, i couldn´t login, because userinit failed. The trick with the secure mode and renaming the ProfileList to .bak also didn´t work this time. Ususlly, when this happened, only the admin account couldn´t be accessed (bad enough), but this time both accounts failed.

I'm sorry that you seem to have difficulties with the installation of CIS Premium; Are you still having issues with installing CIS?

No, after i made a second uninstall, it worked. It was semi-removed in the first trial, as it seems.
There is always a big rush of confirmation and sandboxing windows and messages, which can lead to problems, as it can be too confusing. I have no idea, how to improve this. Maybe the sandboxes windows should be displayed the other ones, because they quickly get obstructed, while they disappear, if you don´t make a a choice fast enough.

So users are prone to make wrong clicks, because of the flood of windows. I even had the settings backed up, but before i could even open the menu, the messages kept coming.

I hope that Comodo will Have a "Enable/Disable TVL" or Clear "TVL List button somewhere's (I know that there options you can dis-select to do so but it may not be clear to end-users)

Yes, definitely. I see too much potential of abuse. I don´t actually think, Comodo is involved, so my topic
was too harsh. Sorry for that. But it was a big frustration, that the automatic update failed. I checked every day, since it was announced, but according to the check there was no auto update available, so i decided to make a clean install. All the other times i made an upgrade, which used to work like a charm.

Again If you have any other issues you may post away; I'm happy to hear that you'll stay with Comodo while we are dealing with this speed bump in the road of development

Yeah. It is definitely still the best firewall i know, even when some problems occured. But to be realistic, every firewall or software has its weaknesses, only that firewalls go very deep into the system, being able to
cause big trouble, if something fails (no matter, if because a bug or an user error). This is logical.

Maybe it´s worth for the programmers to think about a slightly modified initiation process, where the users would get more time to make their choices. Many issues may arise from the rushed clicking after installation.
Either two rows of windows, one for the usual firewall settings, another one for the sandboxing queue, or even something like a progress bar, that will prompt the users to check all items after it has run through (after the boot process/first usage, where most stuff is popping up), so they will have time to go through
all items without feeling a bit “chased”.

And if my post seemed harsh, I apologise. I was only trying to make sure I was interpreting your initial post correctly.

But it was a big frustration, that the automatic update failed. I checked every day, since it was announced, but according to the check there was no auto update available, so i decided to make a clean install. All the other times i made an upgrade, which used to work like a charm.

What Comodo do now is to release the clean install version first and then make the updater available in a week or so for those who already have CIS installed.

Maybe it´s worth for the programmers to think about a slightly modified initiation process, where the users would get more time to make their choices. Many issues may arise from the rushed clicking after installation. Either two rows of windows, one for the usual firewall settings, another one for the sandboxing queue, or even something like a progress bar, that will prompt the users to check all items after it has run through (after the boot process/first usage, where most stuff is popping up), so they will have time to go through all items without feeling a bit "chased". :)

+1 bazillion. :-TU

Months ago I suggested that the installer be greatly expanded so that the user was presented with options on how to configure the AV, D+ and the firewall during the installation along with the pros and cons of each ofhte options. That way, the system would be pre-configured right from the first reboot.

Cheers,
Ewen
[/quote]