COMODO GEEKBUDDY Ver_4.20 Release

Hello All,

We are happy to announce that GeekBuddy Ver_4.20 has been released.

What is GeekBuddy?

GeekBuddy provides unlimited remote support for your common PC problems. Our certified geeks can diagnose and fix virtually any PC issue. All while you sit back and watch!

What can GeekBuddy do?

Have a Certified Expert Available 24/7 to Handle All Your Daily PC Headaches
Virus Diagnosis & Removal
PC Tune-up & Troubleshooting
Software Installation
Printer & Peripheral Setup
ID Theft Protection
Email Account Setup
Green PC (Power Settings Optimization)
Printer & Peripheral Troubleshooting

What is in this release?

This release includes following features to enhance user experience:

-Alert contents are updated to show more informative and simple messages for users regarding to the PC issues.
-Immature Close Event Monitor added to GeekBuddy. This monitor will help you to track your unfinished conversations with technicians and solve your PC issues whenever you want.
-License Monitor tool added to GeekBuddy so that our users will be notified before license expiration and enjoy from license renewal discounts.
-Bug fixes in the application.

Geekbuddy will be enhanced in future releases in very soon. Please provide your feed-backs on GeekBuddy so that we can develop in the way you desire. All the feed-backs are immediately evaluated by development team.

Regards,

Alp Eren Kaplan,
COMODO Geekbuddy Product Manager

// Immature Close Event Monitor added to GeekBuddy. This monitor will help you to track your unfinished conversations with technicians and solve your PC issues whenever you want.

This will def enhance user experience.

Is the session disconnect during system restart bug is fixed?

Dear Comodo Developers, I would like to highlight something that is extremely important. I have been recommended here: by one of the community moderators to bring my comments/concerns here where COMODO developers are more likely to see it.

Basically what it is that has concerned me is the way in which COMODO is handling ports. Here is the original thread text and url below: Please , I hope this is taken seriously and forward to the relevant parties as it is considered a vulnerability and could be embarassing to someone if it is not fixed.

https://forums.comodo.com/how-can-i-help-comodo-please-we-need-you/tightvnc-service-port-opened-on-5800-installed-wgeekbuddy-wo-user-knowledge-t111093.0.html

Dear Comodo, and fellow security experts.

As a penetration tester and ethical hacker it has been a joy to use COMODO Internet Security in Safe Mode as it is extremely paranoid and blocks many known attacks. I have used it for many joyful years.

HOWEVER:

Upon performing a port scan of my local machine with my Kali Penetration Testing Box I was really rather alarmed to see a port 5800 vnc-http tcp/open when performing an NMAP -Ss and NMAP -St scan from within my Green segment of my local network. In fact I was darn right frightened. Having full knowledge of all the services that run on my machine such a discovery is of course not taken well.

Indeed upon telnetting to the local machine with http-vnc 5800 lit up indeed tightvnc was responding, this was a service! JESUS were my initial impressions, obviously. Upon locally connecting in a browser localhost:5800 I am directed to a message “TIGHTVNC.COM”

root[at]kali:~# nmap -sS 192.168.0.100

Starting Nmap 6.47 ( http://nmap.org ) at 2015-05-12 02:30 BST
Nmap scan report for 192.168.0.100
Host is up (0.00020s latency).
Not shown: 986 filtered ports
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
554/tcp open rtsp
2869/tcp open icslap
5357/tcp open wsdapi
5800/tcp open vnc-http

Naturally, one may note that performing such a scan from within the GREEN zone of my network, this would be considered an almost minor absurdity. Were it not for the fact that the tightvnc service was installed by comodo internet security and this port opened without my knowledge. How could this happen? Have I been naive? Maybe but it is not very good is it.

At the very least it was unclear that the Geekbuddy service installed a remote service that would open to all local connections immediately, and this concerns me greatly.

It’s only by the stroke of luck that I had a SECOND hardware firewall between my Green and Red zone (that is to say my router and my local network hub) that port 5800 tcp was not directly exposed to the outside world, and whilst I completely appreciate that Geek Buddy is a remote assistance program that is used by comodo engineers to provide remote assistance to comodo users, I’m rather quite alarmed that the port is open and the service actively running on a permanent basis.

In fact it resembles a Back Door application. Which is what frightened me so greatly in the first place.

Surely something can be done about this, is it really necessary to leave that port exposed like that? Not what I would expect from a company such as COMODO who’s motto is “Creating Trust Online”.

http://i58.tinypic.com/2r5vorr.png

I infinitely appreciate the fact that I may have been naive to not expect this opened by default, but I think you will find my point is also well made and that something should be done about this! No?

I am happy to say after removing the geek buddy in add/remove programs of my OS that the tcp 5800 http tcp port is no longer open. It would have however been nice to not have had this nasty surprise. Users and staff I am sure will be quick to correct me but I think my initial point DOES STAND!

Thank you for taking the time to read my letter and I hope it has been directed to the right place where proper attention can be given to it!

I certainly was not exposed to any kind of risk, however someone who is behind a router would be unhappy to see this port exposed and would naturally be frightened if not understanding what it is and this could be avoided by more clear message given when installing the Geek Buddy service as it were.

I can’t help but mention the user is of course one part to blame, but if this could be avoided then it would be the naturally most secure and sensible routine to actually mention what is being done in this process. Albeit my personal and professional opinion I think it not an entirely unreasonable or disparate one!

Thank you!

Best Wishes,
Adam

please do not double post it is against our forum policy

Thank you for writing to me, wasgij6

However what you have said is surprising for me to hear, after firstly me going to the trouble to report a fairly serious vulnerability in the first place with Geekbuddy, and secondly after me being advised here: TightVNC Service & port opened on 5800 installed w/GeekBuddy w/o user knowledge - How Can I Help Comodo? (Please We Need You!) - Comodo Forum

by “EricJH”, another moderator, to repost it again on the forum and I was given an express reason why to do that; it will be more likely to be seen by Comodo developers, and that is the reason why I double posted.

http://i60.tinypic.com/1408yux.png

This is exactly the advice I followed and it was not done with the express intention of circumventing your forum “policy”. It was instead on the advice of another moderator an effort to try and make COMODO aware of , as a matter of urgency, to what is a potentially serious security flaw in the software. This has been done with the express intention of conveying a message where it is most likely to be seen by developers at COMODO .

Reporting this I have done with pleasure as I previously stated in my first letter. I have been using Comodo for many joyful years and you can probably see now that my intention was meaningful, important and was an effort by myself to “Help” Comodo and their developers to keep their software the most secure and uptodate. Something I am told that COMODO encourages as a general matter of policy as well.

Having now spent a considerable amount of my time on this a thank you may have been appreciated but is nonetheless not required! Thank you

Best Wishes,
Adam Bull
Security Penetration Tester &
Ethical Hacker

Adambull, first of all thank you. What you have done is really appreciated by development team. We as dev team, will investigate the issue and reply our users. And if there is anything risking the security of our users,we will definitely fix it.

Thank you very much again for your effort to notify us. Really appreciated.

Best Regards,

You are most welcome! Thankyou for taking the time to look at it!

Best Wishes,
Adam

This issue has been fixed.

This is excellent news Alp, well done! I’m really glad to hear it, what a great company and community!

A big thank you from me, to you, Comodo and the Forum community for their considerable part in getting this raised & fixed! :-TU Hurrah!

Best wishes,
Adam