[VULCAN]: I fear the Greeks even when they bring gifts

gibran · September 1, 2007, 11:20pm

I was Locking this thread because there was a duplicated post in another topic but I deleted it by mistake.

Sorry about it,
gibran

Hello,

Let me first say, that I respect the notion of a free firewall. I believe in open source projects and what they stand for. This is my first post in the Comodo forums and I am interested in using this product despite Comodo being a closed source project. With that said, I’ve spent the past several days examining Comodo Personal Firewall’s history/knowledgebase and remain somewhat skeptical about the intentions of the product.

Reasons for skepticism:

1. manual uninstall

All references to “manual install” point to a Comodo knowledgebase article, that subsequently refers to three forum threads

“Firewall Uninstall Issues” knowledgebase article
Firewall Uninstall Issues - Powered by Kayako Help Desk Software

referenced threads:
https://forums.comodo.com/index.php/topic,302.0.html
https://forums.comodo.com/index.php/topic,873.0.html
https://forums.comodo.com/index.php/topic,1184.0.html

additional topic under Comodo Firewall FAQ:
https://forums.comodo.com/index.php/topic,5326.0.html

Nowhere in the aforementioned references is there a complete certified listing by Comodo Staff of ALL directories, ALL drivers/files, and ALL registry entries associated with an installation of every revised build of a Comodo Firewall release.

The explanation below is not an acceptable answer for a home user or IT security professional

Little Mac post:19:

Clean the registry of any miscellaneous, leftover keys pertaining to Comodo Firewall. You can do this by either of the following:
8a. Go to Start/Run, type “regedit”
8a1. Go to Edit/Find and type in “Comodo”
8a2. Delete those entries (this presumes that you only have their firewall installed)
8b. Use a free utility like RegSeeker, ccleaner, etc to clean out the registry.
Note: If you are not comfortable working in the “guts” of Windows, I recommend 8b over 8a. In either case, be sure to make backups (in regedit this is the “Export” feature; in any utility software like RegSeeker, there should be an option box to create a backup prior to deletion).

Instead of listing the location of ALL drivers/files, directories, and registry entries that Comodo Firewall installs, Comodo Staff instruct the user to download an .exe/.dll uninstall package tool.

https://forums.comodo.com/index.php/topic,5326.0.html

If you have problems uninstalling or reinstalling CFP, download “comodo Uninstall.zip” and extract both “clicapi.dll” and “fwconfig.exe” in the C: directory.
Then at the command line of windows use the following command:
c:\fwconfig.exe -uninstalln

After finished reboot your pc and eliminate
C:\Program Files\Comodo\Firewall

ps. it’s the standalone uninstaller of CFP

Comodo Staff instruct the user to shutdown Microsoft Security Center, and delete an existing repository directory.

If Comodo’s intent is genuine as stated, why does Comodo withhold the location of all directories, drivers/files, and registry entries so that the end user is unable to perform a “manual uninstall” and remove all traces of Comodo Personal Firewall from their operating system?

Concerned807 posed these same questions months ago to Comodo and his posts were subsequently ignored by Comodo Staff.

https://forums.comodo.com/help/install_and_uninstall_issues_and_resolutions-t302.0.html;msg70228#msg70228

concerned807 post:25:

Thanks for your reply, Soya.

However I am still looking for definite responses (official?) to my below inquiries. I want to precisely know what directories/files and registry keys to remove after regular uninstaller uninstall.

concerned807 post:23:

QUESTIONS

1. Manual clean-up - directories and files:
What CFP install directory/file residuals do I want to double-check to remove, after running the official uninstaller?

2. Manual clean-up - registry entries:
Can you kindly show me the complete list of all CPF-associated deletable registry keys?
Or at least a complete list of search keywords for use while running Regedit.exe?
Is the search keyword, “comodo” alone as mentioned by Little Mac, enough to remove all CPF registry residuals?

Is there a CFP registry clean-up tool provided officially or unofficially that has been proven to work?

As for other aspects of uninstall - removing drivers/services, will the Little Mac’s guide sufficient? Is there anything more to add?

In summary, complete uninstall of CFP involves the followings. Anymore tasks I need perform?

Stop CPF services

Run the official installer

Double-check to remove directories and files

Remove all CFP associated registries

Double-check WSC if necessary rebuild the WMI Repository folder

Has the uninstaller bug completely eliminated in the current CPF build 2.4.18.184?
I see the uninstall difficulty has been reported since last May 2006 to March 2007…

I’d greatly appreciate your patience and kind help!

As the creator of CPF, Comodo support personnel should know exactly what to remove manually for a clean uninstall. And not be afraid to advise that. I filed a support ticket and hope I can get straightforward answers. I have read various threads about clean uninstall on this forum, however I have yet found a complete list of registry keys to clean up.

If the current build installer can not cleanly remove every install residuals, it is common sense to expect that an officially certified reg-cleaner should be available.

2. collected/shared information

There appears to be vague and conflicting information regarding this subject by Comodo.

In the thread “Why did COMODO download a unique identifier of my box during licensing?”
https://forums.comodo.com/help/why_did_comodo_download_a_unique_identifier_of_my_box_during_licensing-t10924.0.html;msg78496#msg78496

Melih states:

Melih post:13:

bayj post:12:

I’m still wanting to have my question answered. What exactly is the UI content, what exactly about my computer is it derived from, how is it later protected, what exactly are all the ways it is used, who exactly may have access to it, and why? I think I know when.

Best,

bayj

What exactly is the UI content: It is merely a serial number
what exactly about my computer is it derived from: no relationship to your computer, to its configuration or software installed. No relation at all.
how is it later protected: nothing to protect (read above)
what exactly are all the ways it is used: it is only used to enforce licensing so that we can measure the success of our products.
who exactly may have access to it: Comodo only.

Hope the above answers your questions. Again, we do NOT collect demographic information as such from our users, we do not have a business model of selling demographic information. So relax and enjoy the products!

Melih

Edit*****

It has been brought to my attention that some people confuse what we are “capable of”, with what “we do”. Even though we can do all sorts of stuff like collecting and selling user information we simply do NOT do that. We do NOT have a business model of selling user information nor do we collect and use it. There are people trying to create FUD by mixing the issues of what we can do with what we do.

However, comparing Melih’s post regarding Comodo Personal Firewall appears at odds with the actual wording of the CPF EULA, which also references Comodo’s Privacy Agreement

http://www.comodo.com/repository/docs/cpf_eula.html

1.4. The Program contains components that enable and facilitate the use of certain Internet-based update services. You acknowledge and agree that Comodo may automatically check the version of the Program and/or its components that you are utilizing and may provide upgrades or fixes to the Software that will be automatically downloaded to your computer. You may turn off automatic updates of the Program once installed, but initial settings will cause the Program to download and retrieve updates automatically without further user input.

2.3. Comodo has the right to gather information regarding the use of the Program and by installing the software, you grant Comodo permission to collect this information. Comodo may use this information solely to improve its products or to track geographical data and the enforcement of its license agreement and will not disclose this information in a form that could personally identify you to any third party.

9.Privacy.

Comodo has built its electronic services and products with your privacy and security in mind. To ensure your privacy, Comodo periodically publishes a Privacy Statement that is incorporated by reference into this Agreement. You can view the Privacy Statement at Endpoint Detection and Response, Free - What is EDR Security?. Please check this page periodically for changes in our privacy policy. By agreeing to the terms of this Agreement you acknowledge that you have read, understand and agree to the provisions of the Privacy Statement.

While Comodo may be “capable of” this activity because it included sufficient wording in the CPF EULA,

Why insist on collecting information regarding usage?
Why insist on collecting information regarding a user’s system components or host applications?

If it’s not what “we do”, then why include the stipulation?

Comparing Melih’s post regarding Comodo Personal Firewall also appears to yield significant contradiction to Comodo’s Main Privacy Agreement.

Taken from the Comodo privacy agreement (Endpoint Detection and Response, Free - What is EDR Security? redirects to http://www.comodo.com/privacy.asp)

Log Files
Comodo Security Solutions uses log files comprising of IP addresses to analyze trends, administer the site, track movements throughout the site, calculate the number of document and file downloads, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.

Sharing
Comodo Security Solutions will share aggregated demographic information with our partners. This information is not linked to any personal information that can identify any individual person…"

Melih states:

[QUOTE]“we do NOT collect demographic information as such from our users”

This statement is directly at odds with the “Log Files” section of Comodo’s privacy agreement

Comodo Privacy Agreement (Log Files Section):

[QUOTE]“Comodo Security Solutions uses log files comprising of IP addresses to analyze trends, administer the site, track movements throughout the site, calculate the number of document and file downloads, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.”
[/quote]
Melih states:

[QUOTE]“We do NOT have a business model of selling user information nor do we collect and use it.”
[/quote]
Melih states:

[QUOTE]“who exactly may have access to it: Comodo only”
[/quote]
These statements are directly at odds with the “Sharing” section of Comodo’s privacy agreement

Comodo Privacy Agreement (Sharing Section):

[QUOTE]“Comodo Security Solutions will share aggregated demographic information with our partners. This information is not linked to any personal information that can identify any individual person.”
[/quote]
Comodo’s Investor Relations page lists Comodo Group as having a “4500 strong global partner network”
http://www.comodo.com/corporate/index.html

This claim is re-iterated by Comodo’s fastfacts.pdf

A. Who are Comodo’s partners?
B. What is Comodo’s definition of “demographic information”?
C. What demographic information is being shared with those partners?
D. How many of Comodo’s “4500 strong global partner network” does Comodo share information collected through CPF with?

E. Does Comodo Personal Firewall connect to Comodo servers or Comodo’s partners at any point beyond initial activation?
F. If the answer to Question E is yes, what information is being relayed back to Comodo during the life cycle of the product?
G. If the answer to Question E is yes, what information is shared with Comodo’s Partners during the life cycle of the product?

I am also interested in a more thorough answer to Melih’s statement about the UI, “it is only used to enforce licensing so that we can measure the success of our products.”

The statement “measure the success of our products,” is a fairly vague and generalized explanation of what is being done with information collected. Does Comodo employ the use of data mining to examine trends in actual software usage?

I look forward to clarification on these topics by Comodo Staff.

Vulcan
[/quote]

Melih · September 2, 2007, 1:41am

worry not…
Vulcan is making sure to post it everywhere so that people don’t miss it:)
anyway, I have responded to it in my CEO corner…

thanks Gibran

Melih