So you think that since comodo offers a free none crippled security suite with a optional toolbar that helps keeping it free to all the people that can't afford security makes comodo "worse"?
No. I think that the pre-ticked selections regarding the toolbar/homepage/search are what makes Comodo worse.
The toolbar should make no difference. Last time I looked, the products were free for ever, with companies taking up the pro version for example, subsidising it all.
Free users, while getting the product free, are still beta testers to a degree, yet they are expected to install a none required toolbar. At least make it Opt-in, not opt-out. Ask do not have a good reputation.
On sites that engage in security there are some people willing to make this a black mark whereas there is no way for any CAs to foresee the intention of those requesting certificates nor it would be feasible to extend EV-SSL certification procedure to the DV-SSL certificates Comodo provides.
Even if Comodo would be willing to extend EV-SSL certification procedure to the DV-SSL certs this would cause only confusion about the intrinsic value of DV-SSL certificates. Removing DV-SSL certificates from the existing offer will not solve the ongoing scenario although it will effectively prevent FUD that leverage on these aspects.
Anyway as long, in sites engaged in security, there would be no one willing to acknowledge that DV-SSL certificates are not the same as EV-SSL, many people will rely on DV-SSL to cut costs regardless of who provides them, obviously to the advantage of those who actually got the highest marketshare for DV-SSL.
Indeed the toolbar makes no difference, CIS is still free and user can un-tick what they have no use for. There have been a lot FUD ridden efforts on this and there is no point to have this topic go OT for this.
All the certificates relating to this site was revoked.
We do not tolerate malicious intent in any form.
As soon as we were alerted to this, our Validation team analysed these sites and immediately revoked their SSL Certs. Thank you for alerting us to this and look forward to our users continous reporting of any malicious activity on internet.
We are hopeful that through www.ccssforum.org we can improve the speed of alerts and response.
Yes, the irony of that is startling isn’t it? Actually the irony of an MVP saying that & ignoring the bigger (and far more important) picture isn’t too bad either. However, the ignorance of the MVP is just plain startling.
Interesting back to the year+ old tool bar (which been done to death btw). The MVP’s comment & context of Comodo’s toolbar to his blog does, as he said, “really makes you wonder”.
I believe that should read: Ask did not have a good reputation. Note past tense.
Ignorance has always caused problems for humanity! Look at terrorism, look how human race suffered during the dark ages.
They simply do not get all the work Comodo has done in trying to stop DV certs, all the work we have done creating a better Trust Indicator EV SSL and all the work we do fighting malware. And all they can do, while we spend millions of dollars of our own money trying to make internet a better place and protect users is to whinge, whinge and whinge more. And all this whinging is based on the wrong assumption about Comodo! They don’t even get their facts right before they spurt out whinges!
But, Comodo is prevailing! These negative, ill intentioned, ignorant people can only harm themselves with their whinging! More and more people choosing Comodo and trusting Comodo! So there you have it (even though this is more of my time than what they really deserve but I will not spend any more time on these ignorant people)
The issue of the inherent vulnerability that DV certs suffer from is different than what Comodo itself does.
DV certs are vulnerable.
Comodo has been championing to change that since 2005.
Comodo has founded www.cabforum.org and created a new trust indicator “green bar” (because the trust in yellow padlock is misplaced)
Comodo still todate is trying to mitigate the risks of DV certs by trying to convince the industry to adopt a new standard for DV certs. (with our efforts in www.cabforum.org)
Comodo is educating anyone who tries to get a DV cert from Comodo about benefits of Validation hence improving the understanding of SSL certs and pit holes and dangers posed by DV certs to ecommerce.
So pls tell me which one we should not be doing?
PS: why don’t you guys ask Browser makers and other Certification Authorities as to what they are doing to create a minimum standard for DV certs!
DV certs do NOT offer security unless the user types the https url in full into the address bar in the browser for a site they have already pre established trust with. Clicking on an https link on an http site is flawed if the https site has a DV cert! And DV certs should NOT be used for any ecommerce whatsoever!
The author of this misinformed blog even gets the Comodo cert wrong… its Sectigo not the OV certs you compared!
And did you even read what we have wrriten there?
“128 bit SSL Certificates designed for encrypting web sites for low volume online transactions. Trusted by over 99.3% of current Internet users, Positive SSL is the solution for new websites or environments where trust has been established and entity verification (for identity assurance) is not needed. Positive SSL Certificates do not carry any warranty.”
Any other DV vendor trying to educate the users like we are?
Shame on this so called securitygarden blog for spreading false and misleading information! Shame on you! Obviously they are ill informed, have no knowledge of the SSL market yet they are more than happy to utter ignorance on their blog site… Shame!
“I was following up on a list of malware sites posted on Dancho Danchev’s Blog and yet again I find Comodo issuing certificates to these Malware writers”
He doesn’t claim that he sent an email to us to inform us before he went public. To my knowledge we haven’t received any emails from him or emails from Dancho Danchev’s site. We found these out after they went public.
So people claiming that we should have acted sooner: Well we did! But it seems as the bloggers were eager to write their blogs without informing us about it. So the question should be the ethics of publishing these kind of material without informing the security vendors in the first place.
People might not realise that AV vendors and other malware analysts find malware which uses certs on almost daily basis. The biggest problem is there is no industry wide cooperation about how to report these to Certification authorities for a speedy resolution.
www.ccssforum.org is going to handle that and the work has already started trying to bridge the gap between AV industry and CAs. Once again Comodo has been at the forefront of proactively solving industry problems.
Indeed. Although I wasn’t able to guess it was going to be informative for you. Thanks for pointing that out.
However the assumption that it would have been possible for any CAs (not only Comodo) to prevent the previously mentioned scenario pertaining DV-SSL certs has yet to be proven true whereas those explicitly leveraging on such Hindsight arguments provide way more informations about themselves than about the fact itself.
On top of this apparently there are self-claimed eminences of security scene (somebody, somewhere) providing incorrect informations. Or those who implicitly claim to be speech-persons for entire security communities (or rather stretch their personal viewpoints to whole communities).