The vendors should be well checked before entering the CIS's TVL !

Hi

I think that the vendors should be checked well before entering the CIS’s TVL.

Comodo’s workers should take care of this and do a lot of researches on the available resources online before letting the vendor in to be fully trusted by our PC’s security to do whatever he wants !!.

Unfortunately I saw some vendors in the TVL that have extremely bad reputation on the net , and their official site was reported as a dangerous Malicious site by several site scanners. this is an example.

I know it was removed already and this is a good thing to hear , but the question is why you guys let it in in the first place ??! :-TD

The vendor is very well known with it’s bad reputation on the net as u guys can see !! , A tiny response from some developers saying " thanks for reporting , the vendor was removed !! " is not enough , not enough at all !!. These kinds of mistakes could destroy our PCs and get our sensitive data stolen like a piece of cake!.

I think if we just check for TVL vendors’s domains on the web , we can easily find a lot of vendors that should be kicked out asap.

I want to mention that the stolen certificates are not the big problem here , Most of the reported signed malwares -if not all !- are from vendors that was mistakenly trusted by Comodo!.

So if we just recheck our preexisted list now , and concentrate on how the selection process works in the future, the problem will be almost gone.

If anybody got some ideas on how to improve the vendor’s selection process , please share it with us here.

I hope that Melih will take care of this problem to protect our PCs and the reputation of our beloved Comodo softwares.

Thanks and Regards.

SalafiCall

+1000 :-TU

Why make still another topic about the TVL?

Altough my personal idea is that the TVL should be fully customizable by the user itself, or could be deleted by the user without deleting the software files themselves (and representing an EULA infringment altough even advocated here by a moderator, implicitly admitting that there’s no other choice at the time being), this subjecy is already largely discussed elsewhere.

SalafiCall, splendid speech :-TU

+1000 :-TU

+1000 SalafiCall

Locking this thread. There are already more than enough threads about the TVL.

Thread unlocked.

Just remember to be polite and follow the Forum Policy. :P0l

At the time of posting this, this safeapp is still in the list…
I don’t know about you guys, but I think TVL needs either to be scrapped or tighten up security…
The list is very long and I would personally love to keep just major trusted corps like nVidia, Ati, Intel, Microsoft, Asus, MSI, HP, Realtek, Canon, Lexmark, etc… not some 0823706 B.C. LTD…
I mean, I don’t recognize a lot of companies or ever heard of…
Here’s the fix…
Divide TVL by countries… Have US have American companies, Europe US and EU, Asia Asian companies, Russia Russian companies, etc… The list is long… :cry:

+100 :-TU

Remember Stuxnet used a Realtek digital signature (but that was “different”) :wink:

It`s certainly a problem that is here to stay.

There are a lot of entires in the list which are commercial software producers but then again a lot make no sense like all the “David [insert name]” or “entogether” (which i can`t even find) ,“Endyminion Holdings Ltd” ???

Have these guys all produced software that has been signed? And more importantly has the software and company been checked out!
As is only to well known, just because somone can afford (is able) to get something digitally signed it doesnt mean that they arent dodgy!

Matty

I believe it was a mod that said passport, utility bills, address etc… have to be provided to be issued a cert by Comodo… ???

My thought may be off, but I think you’re thinking of an SSL cert for a web-site… differs from application signing.

another problem with TVL in Languy99’s test : Julian - YouTube

The Digital Signature SafeApp Software is also in my TVL… surely Languy99 has report this to comodo … Are Comodo delete this Vendor from my list in the next days with a update or should i delete it self?? Or is comodo working on a solution for this problem with the digital signature?? its not the only one in the list!

actually i have no trust to this list… hmm

i hope it too … the TVL is a problem at time, but without the TVL the useability is bad…hmmm… i am confused what i do now

What do you think of my proposed fix here?

EVERY unknown file that is digitally signed by Comodo, but file not known by Comodo should be sandboxed UNTIL it is analyzed by Comodo…
@Chiron: Your concept is good!!! :-TU :-TU :-TU

Why would an unknown file be digitally signed by comodo.?
And also unknown files get sandboxed and submitted already dont they.?

How long with the analyzing take though? From what I have noticed if a file is unknown and sandboxed and submitted through CIS I have never seen it be classified trusted. Only way a safe unknown is whitelisted is through the sticky topic and submitted by the users. Its kind of like the users are the ones managing the whitelist heh. Shouldn’t Comodo be doing that? I mean even in the TVL now there’s lots of vendors that really shouldn’t be trusted.

Who’s managing that list at Comodo? How do those vendors get on the list? Once again its the users reporting the bad vendors to be taken off. I don’t know but it just seems like the users are doing the managing of TVL and whitelisting. Whoever at Comodo is supposed to be managing the TVL or whitelisting either isn’t doing a very good job or needs help as it looks to be a very daunting task. Just my opinion.