I am at a loss as to what people are saying! Truly amazing!

http://www.theregister.co.uk/2007/09/21/comodo_bo_test/

I saw the above article, then i read the content and feedback. I am amazed! :o

1)We build a tool that protects users from one of the most dangerous threats that face the users (Drive by download) today.

2)There isn’t many out there who is giving anything like this at a fee, never mind free! (Actually there simply is no other Security company to my knowledge giving a stand alone BO protection for free)

3)We write tests (just like leak tests for firewalls, or EICAR tests to test your AV products) and make that available so that user’s are educated and informed about their security empowering them with this knowledge.

4. Also in the article you expect the tests to reveal which applications to be vulnerable. This clearly shows (as some of the respondents to your article also pointed out) that there is a lack of understanding of what BO is. Just like when you do a leak test for a firewall, all it means that that kind of attack vector can succeed, doesn’t tell you which applications are vulnerable, its just that that attack type can be mounted and will succeed on that particular machine.

Then we are blamed for scare mongering???

It is NOT Comodo who created the problem of Buffer Overflow vulnerability and it is not Comodo who is using this vulnerabilit attacking end users and infecting them with malware!!!
It is Comodo who is providing the Solution as a stand alone free security product, that simply NO OTHER SECURITY COMPANY IS PROVIDING!
It is Comodo who provided the tests to educate and empower users with knowledge about their strenghts and weaknesses.

So what should I take from this article?

1. Are you saying, we should not let people test to see if they have a vulnerability?
2. Let them continue believing they are secure, when they are not?
3. Let them be a zombie cos they are unprotected from this vulnerability that you don’t want us to tell them?
4. Redefinition of a word “poach” as this product does not steal any users as there is noone to steal it from!

And then you are going and saying we want to poach them??? From which competitor of CMG exactly? There is no other BO protection product out there like CMG, a stand alone free BO product. So I would love to know who we are poaching users from! This is an additional product in their security layer, there is no software for them uninstall and then install this instead. Its “additional” security, that noone else offers as a stand alone product and most importantly, the “users need this desperately”!

Anyway, I have followed John Leyden’s articles for some time and he is a very credible author and I am sure this article is, the way it is, due to misunderstanding of CMG being such a new product with simply having nothing to compare it against.

Thank you

Melih

PS: Those people who write those negative feedbacks are so lost in terms of how vulnerable they are and how much Comodo is doing to protect them…you get lost for words!! cest la vie I guess Hey you guys… (CLY)

Oh my gosh! It sounds like their expectation was that the BO tester was supposed to actually identify the flawed code in each application, and report it specifically. That would be a huge undertaking; even I know that much! And they even admit that such a testing application would be a big deal; I don’t understand why they would then criticize Comodo for NOT creating such an application.

Okay, so go ahead and get “Tyler Durden” crankin’ on it, and churn out a complete tester so that every programmer the world over can run their code thru to check for 'sploits.

LM

Quote: “Everybody involved should be thoroughly ashamed.”

It is not even as if CMG is being generally released yet: does it not occur to the author that as well as CMG being in Beta that the BO tester might also be further developed?

LOL, talk about shooting the messenger!

Well, if Tyler can sort a complete tester as LM says then that would be great. Meanwhile I for one am very glad that CMG, CFP, CAVS and BOClean are here for free and being continually improved and developed.

(:WIN)

Comodo produces and gives away programs to educate and protect the typical user… this isn’t the Metasploit Project.
I’m not sure what bug crawled up Leyden’s backside but it sounds like he ought to at least do a little more research and put more thought into what he writes if he wants to be taken seriously by more than the tin-foil crowd.

They think, this test is a sham to lure other users to use CMG…
they think it does nothing, cos it took 2 seconds. that is their beef.

Melih

I can see the issue if you gave the test away, and then told users the solution was to BUY your products.

Tin-foil crowd, indeed! They spend a lot of money on their protection from the MegaSploit Project (MS P)… ;D

LM

So much for the comment section…

Slow Friday...

…or about to miss a deadline?

Leyden, at least do a little more research and put more thought into what you write if you want to be taken seriously by more than the tin-foil crowd.

Thank you for your comment. We will moderate it as soon we can. If it is accepted then it will appear on the comments page.

They don’t understand that this is like a Leak test.
Your PC is either leaking or not. Its about that an attack technique succeeding or not. Obviously the author misunderstands what this test is about. The test is to see if you can execute code in the Stack or heap etc. If you can, then any BO vulnerability you have on any of the application can be exploited successfully. The author is expecting this test program to list all the vulnerable applications, even though we never claimed that it does that. so i am at a loss why the author is expecting us to give him a list. This test checks to see if it can execute code at memory segments that a code should not execute in. This would then show that, you will be vulnerable to BO attack and the author claims he failed all 3 tests… Well the result is: You are vulnerable to BO attacks!

Melih

He he You can’t find Free Speech like you can in Comodo forums

Melih

Hi all

WOW, i am amazed at some of the comments and initial article.As already stated by Melih, were do “comodo” poach from? and i find it hard to find were the scaremongering comes in? either there is protection or there is not?
There was a complaint that it took 2 seconds for the tool to run, hmmm maybe thats one more second more than the evaluation?
Comodo i WILL have this product when it is compatible with boc and keep up the good work :Beer

P.s Maybe im being a noob…but if you were “poaching” then why does boc and cpf2.4 fail the test?

in the page the article is published there is a link to a “related article” and here it is
http://www.theregister.co.uk/2007/09/19/new_vulnerability_reports/
it talks about BO based vulnerability .

amazing really

Melih

as I said, John Leyden is a credible author and he has now edited the original post

Thank you John.

Melih

Kudos to Mr. Leyden for the edit.

Well that’s is a positive change I was the one who pm’d Tyler about the original article, and I can tell you he was not happy at all :-\

Greetz, Red.

What amazes me about all this, is that we have people writing bad stuff about the best free Firewall in the world that outclasses many paid ones and, in my opinion have never understood what it really means to be under attack day in and day out!

I subscribe to an ISP that launches DoS, SYN Flooding, etc, to it’s own customers because they have oversold their bandwidth. I dont have a choice of changing ISP. What Comodo products have done for me in securing my PC is truly, again in my opinion a God-sent. I have never had a buffer overrun, unauthorized programs or bots calling home incident since I installed every Comodo free product 3 or more months ago!

That is amazing, coz Comodo comes free. Absolutely free. The support here beats paid support everytime and anytime. If these people have bad things to say, well, it’s a shame. Again, IMHO, Comodo should be the OEM on everone’s PC.

Daily

Hello Melih

Take nothing from the article…my own view of that particular on-line gossip rag is unprintable

Keep up the good work

Succat

Don’t worry about what people say. They’re just jealous that you are more successfull!