Komodia superfish and Privdog vulnerability "ssl hijacker" [merged]

i just seen this

i also have a question about it as it say it has a ssl certificate im not sure if its is but i just removed one entry in the trusted vendors just because of the name i dont know if its that certificate


I wrote a longer thing in the latest privdog release topic but I’ll ask the general question here since you’ve shown your presence here: How is PrivDog different than this? PrivDog also messes with the certificates in much the same way, what makes PrivDog any more secure?

Please read what the problem is exactly.

There are many legitimate uses of local proxy that many antivirus and content filtering vendors use, otherwise how could you check for viruses in an HTTPS session?

The problem is not local proxy, but the way it was done. I would recommend you read the EFF article in detail to fully understand the issue.


I have read the EFF article in detail, the issue as I understand it is that SuperFish injected its own root certificate and used the same certificate for all the MITM attacks, hence if you get the private key for that certificate, then you can decrypt all traffic, now I’m asking how PrivDog is different because I don’t know how to actually check it.

Is PrivDog doing something differently to make these kinds of attacks harder? In that case what does it do differently?

For browsers, which is what PrivDog filters, you can use browser extensions, which you used to do (but stopped since Chrome started blocking extensions outside of the web store)

The EFF article also says:

Using a MITM certificate to inject ads was an amateurish design choice by Superfish.3
3 A safer (but still risky) alternative would be for Superfish to implement its ad-injecting functionality using a browser extension.

Also, what viruses does PrivDog check for?

Also when using PrivDog I don’t see the certificate that the site in question uses, I only see the PrivDog certificate, how can I then know that the certificate between PrivDog and the site in question is the real one and not a fake one? I can’t, I’d have to rely on PrivDog picking that up, does PrivDog do that?

Privdog is not susceptible to vulnerabilities mentioned. Because it doesn’t do what is described in the article, therefore it is not vulnerable to those vulnerabilities.

Privdog uses www.webinspector.com like infrastructure to check websites.

I don’t know how the webinspector you linked actually works, but for example lets say there is a website https://secure.bank.com which has the certificate for secure.bank.com signed by Comodo, if I install PrivDog on my PC then it won’t show me the secure.bank.com certificate signed by Comodo but rather a *.bank.com certificate signed by PrivDog, is this not the same thing? How is it different? (Also, sites like Comodo with EV certificates will now only show basic certificates (can’t remember what they’re called))

Edit: To avoid any misunderstandings, can you point out exactly what the vulnerability was for SuperFish that isn’t in PrivDog? Want to make sure I understand the right thing to be the vulnerability.

webinspector.com is about sites that are infected or carry an infection…for example go to Website Malware Scanner | Online Website Virus and Malware Scanner

and click on reports to see how we categorize the threats.

Okay, but I don’t understand how that is relevant to the ways PrivDog intercepts HTTPS traffic? ???

You asked me!

Sorry, I misunderstood what we were talking about, I thought we were talking about the way PrivDog intercepts the https traffic which I haven’t really learned anything more about than before the discussion…

I still don’t understand how PrivDog intercepts the traffic any differently than SuperFish and so far you’ve seemed to be reluctant of explaining that part and seem to focus on the issues around it instead as if to distract from that one issue, or perhaps you feel you’ve already explained it and I simply don’t understand it, who knows.

If you want me to I can drop the issue, but I won’t change my mind about PrivDog being potentially risky to use until I see an actual explanation of why it isn’t, and I won’t use it personally as I want to see the actual certificate the site is using.

it work in the same way as likes of Kaspersky intercepting or other AV products. Its no different.

short of giving you a flowchart etc which are all propriety IP, I don’t understand what you are asking. I just googled and found this Forums - Kaspersky Support Forum hope this explains it bit better for you… You can always use google to search these kind of stuff too.

So the big difference is that PrivDog uses unique certificates rather than a single one for all installations (?) as well as not keeping a copy of the private key right there for anyone to see (?)

Have I understood that correctly now?

that is why superfish was problematic. Yes you are understanding this right. Of course there are many other security features built in but this is the biggest problem that caused superfish to be removed.

Why does privdog behaves like the way it does? Why does it have to reduce our security and privacy all while advertising that it’s claiming to do the opposite?


I am becoming more and more weary of the trusted Comodo name.

Privdog intercepts all HTTPS connections & certificate and replace it with it’s own signed certificate signed by its root key.

Wow, this is awful !!!
Trust is something you build over the years with respect for users privacy
This is school example how trust is lost !

“Your Privacy Under Attack” :smiley:

Edited image link. JoWa

I have just lost all trust in Comodo :cry:


The discussion in that thread may bring something to this thread, personally my view hasn’t changed since I discovered this months ago.

Edit: Something worth noting is that the PrivDog that is bundled with Comodo Dragon and Chromodo etc is the browser extension and NOT the standalone application that messes with the certificates.

They claim privdog doesn’t warn with a self signed certificate.

we tested it …it does

you can test it yourself by going to a self signed cert sites here are few…

We would like to get to bottom of this, but if this is a bug we can’t replicate it although we tested it in many self signed sites:( Please help us replicate it, if it exists.

Does anyone not get the warning when visiting these sites? if so pls put the screenshot and full details of their OS/PD version etc.

Thank you.