V-Engine vs Firefox 3.6 built in verification

How useful is CVE now that Firefox has built in authentication (Verisign)? Or would people consider the CVE now as just an additional layer of defence, like having a second malware scanner? Are there any real advantages to using CVE, other than fondness for or familiarity with the software?


Thanks, it was a genuine question, although after reading it it may have seemed like a criticism. I am genuinely curious as to how much safer I am with CVE installed compared to just using Firefox 3.6’s built in protection. Forgive the insensitivity, because I wasn’t in any way implying any VeriSign superiority

Ah well.

I didn’t know Firefox 3.6 had built in verification. I recently updated to it only to discover Commodo Verification Engine no longer works with Firefox once you do.

Yes, it’s the ‘Green Bar’ that shows beside/next to the browser’s address field when you land on any site with a certificate. Clicking the green bar pops up info about the site and you can click a button for cert information as well. Hovering over the gold lock also produces a tooltip which confirms verification. Okay, not as in yer face and flashy as Comodo VE’s big lock (which I like actually) but just wanted to know whether VE was actually redundant or not in FF 3.6.

I don’t know a great deal about these things, so that’s why I asked. Great support forum.

I feel VEngine is still very relevant, even though I do use whatever is latest Firefox.

It is nice that the browser is more evident in displaying the colored connection status, as opposed to just the presence or lack of the padlock and the letter s.
Nicer still that they show a difference between simply the presence of an encrypted connection ie. Blue bar
DV cert. (the equivalent of the padlock and s)

And an encrypted connection with a verified to be known entity Green bar, EV cert sites.
All well and good improvements.
That draw more attention to the various levels of trust/certification.

The question then is what about all the sites where they are too cheap or simply can’t afford the EV certification? That’s a lot of the web, would be my guess.
My own bloody bank only has a OV cert. Blue bar.
Solution VEngine, browser independent second opinion that what I see is what I get.
That aside.
Then the second question for me is, in today’s website/server/web browser, security/insecurity/flaw and never ending “new exploit” discovered environment.
Do I very much appreciate the warm fuzzy feeling of a browser independent second opinion on all mission critical (involving cash/id) sites? regardless they be Grey,Blue,Green,Plaid.

I decided you bet :-TU

[...] I very much appreciate the warm fuzzy feeling of a browser independent second opinion [...]

Okay, so in your opinion it’s a case of CVE adding an extra layer of protection, which provides you with a ‘double-check’ if you like - which is probably a good enough reason to keep CVE installed for many. Fair enough.

That said, if you trust the FF 3.6 built in Identity Verification you may consider the duplication of function OTT, and therefore consider CVE redundant. So, apart from the ‘double-check’, does CVE offer anything else in the way of unique features?

CVE authenticates non-secure links as well.
Example: hover over the “Philly dot com” logo on the top of www.philly.com and you will see the green outline and the “authenticated by Comodo” text at the top of the screen.

The Vengine is not a malware scanner by any means and it was never intended to be


The purpose of this Add-On is to confirm that you are dealing with the site you want to deal with currently (at this very moment) and that it is not a fake site in this respect only, which is quite good and helpful enough.

There are other layers of security that will scan the sites you are going to visit in order to identify whether there is a malicious code
There are real-time ones like Finjan or there are off-line ones as Dr. Web or Comodo’s
Site Inspector…, etc.

None of the existing layers are giving you 100% proof, all have many FPs as usual

The community rankings given by services like WOT or Comodo’s Threatcast are much much less reliable.



Yes, and this is a good feature.



I never suggested it was…or that it was ever meant to be. That wasn’t the comparison.

None of the existing layers are giving you 100% proof, all have many FPs as usual

Not even CVE and VeriSign? I thought that was the idea, or at least 99.9999% assurance. Or did you mean all the others?

The community rankings given by services like WOT or Comodo's Threatcast are much much less reliable.

Well I looked at WOT and decided it was too open to abuse as the ratings were based on user feedback which could be manipulated.


Well, what good is CVE if it won’t install on anything other than IE 5.01 through 8.0 and a person doesn’t (won’t) use Internet Exploder, opps, I mean Internet Explorer. 88)

Hi azism ,

It installs fine for the Fox for sure. There was compatibility problem with the latest version and Fox 3.6 due to the new SDK, but that was solved

I am not using the “Exploder” ;D too and I do have problems with IE8 (just keeping it for the testes & stuff) at the same time Vengine did work in IE7 and probably for the early IE8 here.

I can recall the precise version when VE stoped working and I made many requests about that including the Support Ticked that died.

At the same time I know for sure that many users don’t have any problems running VE with Internet Explorer …oops I mean - the “Exploder” ;D

I offered provide any info necessary in order to find out the specifics of such failure, but until now all my attempts were unsuccessful


Yes, I wanted to try this as it sounded really useful, but when I got to the point of what browser I was using, and only IE was avaliable as a selection, I killed the install. Might it make a difference in that I am also using Windows 7 64-bit for my OS?

Vengine is about Validating Content.

so you see a logo or web content u want to validate it, thats what VE does for you. As a result you can also use this as identity assurance if you validate the company’s logo and so on…



IE actually is the most unsafe browser anyway .
Many users do like it though and are using it ??? That is their choice

But win 7 brings it’s own problems as a whole and x64 in particular

x64 is pretty much not ready platform. It still brings many problems & questions
Say, you need to use and explicitly call IE 32bit if you want to Flash
You have to install and maintain both version of Java
You cannot have Media player 64bit as a default player when you double-click on media since MS blocked that and you need special “Registry Trick” for that… and so on and so forth…

I am not using win 7, but I do have it (x64 )
The system is not up to shape. Shame on MS… but that is different story

The thing is - I can try installing VE there, so you can do as well and test … but…

Can the developers eventually answer this question asked long ago, so we (all users ) are aware of what to expect


In any case, since may are using pre-installed win 7 x64 that is time to state that for any Comodo’ products including Vengine

Well I have no doubts it is better to use Firefox and that is what I am using there (portable version)



*** update ***
Installed on ■■■■■■ win 7 x64
Tested with both versions of IE 8 (32bit & 84 bit) - it seems like VE successfully working with both favours of that misery :slight_smile:

What about Protected Mode: one, two.

IE7 and higher on Windows Vista and higher.

Summary (how I understood): upon start of IE on administrator user account admin privileges are dropped automatically for IE process hence any code which would try to modify critical system areas would get “access denied” (unless it would elevate privileges by special technique and additional step – another story).

FF, for example, does not have similar feature (afaik).

Hi SS26,

Yes, those introduced modes are increasing IE security, and as I said many users rely on that and they like IE. I am not about the propaganda: “stop using it”.
That was not the main point I was actually just briefly commented on what OP said “person doesn’t (won’t) use Internet Exploder”
Unfortunately this is not the tread to discuss this matter, but still despite the mentioned modes and UAC (how many users are disabling it? :wink: …since there is ActiveX in use you can escape “that” protection. Many & the latest MS patches for IE openly saying about “taking over”.
I do run IE sometimes but I am still using dropping rights in addition (still most likely not enough)

But anyway returning to the topic of this thread I was glad to see beloved green borders in both IEs on win 7 x64…
… cannot have that on XP for some obscure reason


Didn’t know, stopped talking :-[ :wink:

No, please continue talking. You are one of those who have to talk in this forum …

p.s. Other stuff can be discussed in ■■■ (" :BNC " …yeah! …right!.. I’m sure you got I what I mean ;))

You know it gets frustrating to this of us who want to get away from be locked into M$ and the excessive costs. However, when it comes to OS’es, there isn’t really a lot for us to chose from. But it would help if products like Comodo has would support no M$ programs, I.E. non-Internet Explorer and non-Outlook. Especially to thse of us on fixed incomes, it gets hard keeping current with M$ products. (:AGY)

azism ,

But the points of at least some of the comments above were - it does support products other than non-M$ non-IE etc. please use FireFox ; Thunderbird and so on

and then I am not a user of the Opera but I think that will be supported pretty soon … Folks, who are using it will add to that


p.s. but if we are talking seriously about “us on fixed incomes” why in sober mid use Windows when there is so many free flavours of Linux with unbelievable amount of free Software out “of the box” that you never even dream of having from M$
There is no way you cannot do any imaginable work you want using Linux for free
The quality & flexibility of that Software in many cases is better than MS or Adobe or alike can provide. …
Well and from the security point of view you cannot compare winDOS to Linux as it currently stands