Is this a serious issue? or not? your views are appreciated.

I was alerted to this post at wilders

Just wanted to get your views on this.

Is it an important issue?

Does not having enough QA to catch these kind of things from coders is a serious flaw in the development process especially for a “security product”?

thanks

Melih

Thats a joke…no wonder OA is losing people. There web site is still wrong also.

Looks like TallEmu’s apologized for it as an inappropriate coding; apparently the user provides b-day info at some point and the app reminds them about it. Doesn’t seem it’s phoning home, so I would say it’s not an issue as relating to security. Annoying and undesirable, perhaps, but not a security issue.

I also note that Stem feels quite strongly about it, and is speaking rather harshly of OA in that regard. I wouldn’t get involved, as that would drag Comodo’s name into it, and the ripples from the last spat are still being felt… :wink:

LM

Is it an alert that gets generated automatically on the date?
or
the user has to do something about it?

thanks
Melih

I don’t think Stem has much of a sense of humor, based on previous interactions with him. Probably not a good idea for OA to do such things in security software, but still just a joke. I am not a fan of the CFP3 built in “hint of the day” that I can’t turn off, or the “announcements” area that does phone home either, but they are also no big deal.

I find it to be a big security issue!! if they allowed that kind of stuff and did not bother to check there coding to me that shows security is at the back of the line. I have many and used many security programs and NONE of them ever did a thing like that. whats next to pop up game of pac-man? in any case it’s a security product not a calender of up coming events.

from the talk on OA forum & Wilders it was hard coded and Mike said that all that stuff would be removed from next releases.

Those can be removed / edited in the C:\Program Files\COMODO\Firewall\cfpinfo.ini file

IMHO this is why crackers,hacker are so successful!! programmers that has to add a little bit of code to get recension for there work. and in the end there’s a back door opened and the hacker just walks right in. it may have been hard coded but imo it is a possible vector for exploiting.

It not too bad since it does not phone home for this information (false alarm).

But stem doesn’t seem too happy :D.

Correct me if i am wrong, but the issue they are concentrating is NOT that it phones home etc but lack of QA and code review for such an important security application? As Stem rightly pointed out, this is NOT an action that is “user initiated” like easter eggs where the user has to find a combination of keystroke etc to find something, but this is forced upon the user on a specific date. Does this raise the quality of software development process as an issue?

BTW: Happy belated birthday to the OA developer :slight_smile: and pls do tell us what else is hiding there if any :slight_smile:

Melih

Do you want my honest opinion Melih? :confused:

“We do not need them to fail for us to succeed”.

It’s a bit of egg on the face for Mike and the team, but not much beyond that. They goofed.

To err is human …

Personally if that was me I would be ■■■■■■. Then I would uninstall OA and be done with it. Very unprofessional for a firewall that seems to think the are “The Best There Is” according to there web site. Blah,Blah,Blah.

Ya, security applications should not have easter eggs beacause it might make the user think it just got hacked or something.

That thing in OA is not an easter egg…

Agreed Sal…its bs.

Yes hmm…, who knows what internal pranking will escape from such dirty code in next build?

from the talk on OA forum & Wilders it was hard coded and Mike said that all that stuff would be removed from next releases.

It was a stuffup on their behalf. They’ve owned up to it. They’ve publicly stated they will remove it.

What more do we all want?

Big pill.
Little lie down.

Ewen :slight_smile:

edit : Minor typo

Mike said that all that stuff would be removed from next releases
if they did not know that was there how can they ensure there is no more hidden messages ? as fare as it may go that code is dirty!! it just can not be seen as a true security product. no matter how much Mike and the others say it was harmless but like any software if there's an area to exploit it will be found so maybe next time somebody will find a way to mirror a sex message and a users kid will be on the PC and see it if OA wants to hide Easter eggs design a video game where that stuff is expected.