I can’t find a secure download link for Comodo Firewall. Most of the download links on Comodo.com go offsite and I can’t find any checksums or .sig files on Comodo.com to verify that the files I’m downloading haven’t been tampered with. I’ve found some links to the files hosted on Comodo.com, but none of those are HTTPS.
Seems not-good to download security software without a way of verifying it
After downloading Comodo Firewall from a third-party site you can make sure it has not been tampered with by checking the digital signature. As long as it says the digital signature is OK you are fine.
Thanks Sanya! Exactly what I was looking for. Why aren’t those hashes on the main download pages?
As for the digital sig built into the .exe’s, I’ve never known how far I can trust those. I know the cert’s will say something like “Comodo Inc” and they’re signed by some trusted CA, but those CA keys leak occasionally and surely they’re tricked sometimes - out of all the CA’s out there, surely there’s one I could convinced that my last name is “Comodo” and sign a cert named something like “Comodo Apps” for me.
Funny story from work - one of our departments was bringing yet another snazzy hosted web service online and opted to have our IT department make a DNS entry so this off-site service could have URLs like “snazzyservice.MyCompany.com”. This snazzy service did HTTPS for logins and during implementation the IT department got to wondering how these guys were pulling that off since we’d never passed along a certificate signing request for them. Turned out these guys had a disturbingly close & casual relationship with a major CA and the CA would just sign whatever - including a certificate in my company’s name! Our security officer went thru the roof
Articles like that and all the Snowden revelations makes me want to have a little more assurance that any installer I run hasn’t been tampered with; assurances like the file coming directly from the developer’s HTTPS site or the developer publishing hashes on one of their HTTPS sites.
And that’s exactly what I get with the hashes being on the forums
But I’ll bet some other folks look for those hashes, but can’t find them.