It appears that when I have recently downloaded a copy of Comodo Dragon it is reported to contain a trojan as reported by a anti virus multiscanner. Ikarus AV has reported that the file contains a Trojan, mind you this could be a false positive but I am not going to install anything that has been compromised. Oddly enough I also downloaded a browser from Mozilla recently and two anti virus engines picked up their file as a trojan.
The file appears to be legit in both cases, digitally signed and so forth. I am not installing anything and either Comodo and Mozilla have been compromised somehow, the AV scanner was indicating a false positive, or someone in your organization has ill fated plans for us end users. In any case I would like to report this.
This download was direct from Mozilla and Comodo in both cases. I did report it to the Antivirus already including my own for analysis. And I do not expect it to be fixed at all, that was not the reason for me reporting this issue here. I simply want Comodo to be aware that their could be a potential breach in their organization which as we know nothing is secure anymore. Including any AV/Security companies.
If Comodo wishes me to submit the file in question I would be happy to do so, and I will say again, both files were downloaded direct from Mozilla and Comodo.
Could you upload both the installers to Virus Total and post the link to the reports here? It is always interesting to see the opinion of the other vendors.
Sure, file analysis from Virus Total for Comodo Dragon installer:
File analysis from Virus Total Mozilla Firefox installer:
OPSWAT found threats too but alas they are experiencing issues with service. I remember Ikarus picked up one or the other as a trojan, memory fails me now LOL. I also reported this to Mozilla they said likely to be false positives as the vendors in question have been falsely reporting legit files for some time. I don’t know, but playing it safe never hurts and if Comodo and Mozilla review security internally then perhaps some good will come of this. I don’t mind false positive readings as it makes me check files with more scrutiny. I never download anything blindly anymore…
In this case only 1 of 66 and 2 of 66 scanners think it may be malicious. That usually indicated it is a false positive. In that it’s best to first or also report them as possible false positives with the AV vendor that makes the detection.
Agreed, however you would think that if they did find it suspicious they would not issue a virus/trojan name to it. They should say something like “Suspected Trojan”, or some such thing.
Also of note is the files in question have different SHA signatures. I downloaded both twice and Virus Total treated it as a new upload. Strange. This is why I set off alarm bells too, neglected to mention that earlier.
AV vendors rely on automated analysis which is not always subtle. An executable like an online installer that downloads from the web may get flagged as trojan under a trojan generic signature.
The version of Dragon that you uploaded to VT and posted here in this topic is v65.0.3325.14 (x86). The second version is probably the latest version. Can you check what the second version of Dragon you uploaded?
I just checked the version I currently possess, the other one I deleted due to believing it was a trojan, and the information is as follows:
Version number 65.0.3325.1146
Not sure if it is for X86 or X64, the downloader does not allow for a distinction and the file yields no such information until installed. It auto downloads which I think I would rather have the ability to choose between the versions if there are any.
Lastly and a bit off topic it should be noteworthy to all concerned that AV vendors sometimes miss things that others pick up. Hence the concept of multiscanners, having said that one detection in my humble opinion is one too many. Even if it is a false positive.
P.S. I also downloaded a Chrome browser installer and it yielded no detection at all. I am going to check and see if I download it a second time if the files SHA changes also.
Hello, as I now believe it is probably a safe bet that both Comodo and Mozilla are both clean, and I checked it with my own AV several times. Never hurts to be on the safe side though and my hope is these files are reviewed and checked for the safety of all users. Also just downloaded Chrome again with absolutely no detection from Virus Total or OPSWAT, Chromes file SHA changed from before though. Oddly OPSWAT scanning stalls when I check a Comodo Dragon installer now. LOL Virus Total is still the same results.
As soon as my scanners don’t find any malware I feel protected. It’s the first thing I do when starting the computer: quick scan, rootkit, pup and real time anyway.
ASecurity or Task Manager can help you analyze the dragon.exe process. The programs shows all tasks, inclouding embedded hidden processes (according to file.net).
And now ??? :
A unique security risk rating indicates the likelihood of the process being potential spyware, malware or a Trojan. BMalwarebytes Anti-Malware detects and removes sleeping spyware, adware, Trojans, keyloggers, malware and trackers from your hard drive.
Well, I was still looking for other reviews for various browsers:
google chrome offers a high level of but not as far as user privacy is concerned. But safe browsing, sandboxing and automatic updates make it to one of the safest browser.
firefox as one of the biggest competitor with regural updates, protection against tracking the staff of mozilla make firefox safer.
opera collects information about its user giving it to its reliable partners notes “dievieren”
safari has more lacks of security, mistakes which can be misused of cyber criminals. It has many options for security and privacy settings
Edge and internet explorer I ignore generally known
comodo chrome is based on chromium as well as epic privacy browser. Dragon contains the features of chrome but offers more security and user privacy when surfing. It blocks tracking and cookies and proofs domain validation that identifies secure SSL certificates.
What, now, is the conclusion to be drawn or should I/you draw?