why another free FDE software - advantages over TrueCrypt?

G’day,

I am using TrueCrypt since ages and am very happy with it.
With a very good open source freeware alternative available I was curios what the actual use/advantage of Comodos closed source software (CSS) was?
Who would use - even free - CSS, when OSS is available? Whilst Comodo is not located in the USA and so the thread of homeland security tradeoffs are lower you still have to trust a vendor who could have built backdoors into the software.

Thank you for sharing your thoughts and

R.I.P…

We have some very interesting boot protection built into our product (patent pending) and we believe we have built a very fast encryption, thanks to our expertise both in cryptography and low level programming. This combined with the need for enterprise to have a central management for endpoint security (which our Comodo Disk Encryption CDE) will have, we believe we will be able to offer a good suite of security and compliancy to enterprises under one umbrella and be able to support it.

Melih

Melih makes a great point about the ability to be interoperable with Endpoint Security Manager - Enterprise Edition.

Another important part is that all of Comodo’s products are built from the ground up and not through acquisition. I have spoken to many customers that have purchased products from vendors that acquire this technology and they complain that the user experience and the bloat that results from different coding architecture leaves much to be desired for.

IMHO: The research and development team is without a doubt one of the strongest I have ever worked with and I have worked for some monstrously large organizations.

If you have any suggestions for Comodo Disk Encryption, please feel free to let me know.

Wow… I don’t know if guys know about this message… I will point everybody to this post.
Thank you!(:LOV)

Andrei,

I do not doubt what you wrote.
But from my point of view they are weak and unexperienced. I’ve seen SO many bugs and design mistakes in your other products (CAV 2.0.17.58, CFP 3.0.12.266, BO247, CIS 3.5.52764.414 RC1) that I NEVER would trust your Diskshield and NEVER your FDE.
I would not like to be w/o my data because one of your “strongest team ever”-members forgot something essential once again.

This is what I tried to tell you in https://forums.comodo.com/which_product_do_you_want_comodo_to_develop_next/instead_of_new_products_how_about_improving_existing_ones-t25708.0.html

BLEEDING HELL! Do ONE thing right instead of re-invent the wheel!

Sorry for beeing that critical.

R.I.P.

R.I.P.
I have read your posts and not one of them has been reporting a bug or what ways to improve the programs. Can you please report these bugs so that comodo can fix them for you? they don’t know what to fix if you don’t tell them.

If you think that the programs are “Weak” please show us this so that comodo can look into things…

Kyle

Kyle,

if you REALLY had read my posts you wouldn’t write such lines.
There was not one QUALIFIED bug report in it as requested at How to Report Bugs Effectively, but I pointed out enough issues that are plain reproducable to make that point.

Besides i am not a BETA tester. I am a guy stumbling over Comodo and taking the time(!) to give you feedback.
If you are arrogant enough to not accept it for formal issues it is up to you.

R.I.P.

G’day,

Ummm … Windows, Word, Excel, Access, Powerpoint, Photoshop, Avast, Avira, AVG, CFP, Zone Alarm, Peer Guardian, etc. There would seem to be quite a number of users that prefer to use proprietary software. CSS or OSS, what really matters is the functionality, stability and integrity of the application (and not necessarily in that order).

Whilst Comodo is not located in the USA ........

When did New Jersey leave the Union? LOL. Comodo are headquartered in the USA and also have offices and labs in England, India, China and the Ukraine.

you still have to trust a vendor who could have built backdoors into the software.

Why would a company, whose primary commercial activity is based around authentication and trust, build a backdoor into a product? The presence of any backdoor would inevitably be detected and publicised. To me, this is akin to the old furphy about AV vendors creating viruses.

I’ll leave your comments about homeland security alone, as I am fortunate enough to live elsewhere.

I've seen SO many bugs and design mistakes in your other products (CAV 2.0.17.58, CFP 3.0.12.266, BO247, CIS 3.5.52764.414 RC1) that I NEVER would trust your Diskshield and NEVER your FDE

CAV 2.0.17.58 - beta software
CFP 3.0.12.266 - beta software
BO247 - gold release software
CIS 3.5.52764.414 RC1 - beta software

I’ve tracked every post made under your user ID and I can’t find any post of yours that mentions an issue with BOClean. Was that posted under the same user ID (R.I.P.)?

As an IT professional, I’m certain that you appreciate that beta software can, and frequently does, causes problems. As a result, they should never be used in a productive environment or used on your primary PC.

Yes, there are issues with earlier beta versions of CFP, earlier beta versions of the now defunct CAVS2 and with current beta versions of CIS. Comodo welcome constructive criticism and invite you to become part of the community and assist them in identifying and eliminating the deficiencies you’ve mentioned.

Having said that, I would respectfully ask you to tone down some of your responses (and this applies to those who responded to your posts in a similar manner). It may be OK to think someone is ignorant, but it’s generally not advisable to actually call them that. OK?

Cheers,
Ewen

RIP : Ganda modified your post as it was against the forum policy

Political flames. As above - Comodo forum participants have different backgrounds and political views. Flaming each other based on these helps no one and will be intervened by Comodo staff and/or Mods.

- I am not (yet) comitted to Comodo Building a backdoor into a product is done very easily - by being forced to do so.

Commitement is dangerous, and 'trusting' a company also. But errr... you're running windows, now who's famous for his backdoors ? I don't think that Creating Trust Online is done by building some backdoors into the programs so I trust (as far as possible) Comodo in it's decisions...

The BETAs are betas, because C. offers them as such. I already mentioned I suspect C. to use beta all the time to cover any failure. See the CAV2 which NEVER will become a final.

That's Melih's fault >:(, he's pushing the developers as hell ^_^.

Well, you have 2 sorts of companies.

1. The companies that hold the products as long in the house as possible to get all the problems out of it and later release it to the public.
   Advantage : less bugs, people satisfied that it’s there
   Disadvantage : no user wishes could be granted, if there are still some great bugs in it, they really got ******

2. Companies like Comodo that release the beta’s
   advantages : people can tell what they like/don’t like and tell things they would like to be added, much more bugs are detected
   disadvantages : some bugs can be really nasty and for the people who have them it’s really annoying

Xan

Look, Xan,

my disks are protected by TrueCrypt.
I NEVER trusted M$. I have even addressed their names to localhost to have them not phoning home.

But I was hoping C. could be an alternative.

That’s what all this is about. Or is NOT about…

R.I.P.

For me, I only use software I like. I think for you it’s just the same, so how do you know if you like it ? By trying
CDE is great software (I use it myself :))

That's what all this is about. Or is NOT about...

That's why we're here no ?

best regards

Xan

Dear Xan,

for me it is SO much more!
I really liked to be able to give my customers (even paid) alternatives to M$

The issue is that you had to intensely test a FDE software before recommending it to anyone.
I would do that.

But if the company that produces this shows design mistakes in other areas I cannot trust them. And that’s what C. does.

R.I.P.

for me it is SO much more! I really liked to be able to give my customers (even paid) alternatives to M$

In that case , I do understand your suspicions against Comodo and your testing willinges to protect your own costumers. I appreciate and applaus that you are so devoted to your users. But this is what Comodo is also, it just wants your happines or to say it in Melih's words:

Xan

“we believe we have built a very fast encryption” - Their are already very good algorithms (SERPENT, one of the finalist of AES)… make a new very fast encryption it smells like smoke coming soon, normally building a very fast encryption means AES (not very secure, chosen mainly because of the speed) or some proprietary algorithm that the enterprise thinks is very secure, but that the computer experts will brake in “no time”… read: Crypto-gram: February 15, 1999 - Schneier on Security or http://www.philzimmermann.com/EN/essays/SnakeOil.html and have an idea about proprietary code.

Also making the product as paid version is ok, as long as the full source code is available and the “very fast encryption” is made public and extensible analyse by cryptanalyst very well known in the area. Even the famous PGP make’s it’s source code fully available, and it’s commercial.

The function of the product is to make sensitive information for your eyes only… is not the same as word, excel, and other’s. You probably want to sell to big / medium / small company’s and to government’s. After the problem with the Suisse company that produce encryption products and programs to country’s (Vatican included) with a backdoor the government’s and big company’s don’t trust the “Why would a company, whose primary commercial activity is based around authentication and trust, build a backdoor into a product? The presence of any backdoor would inevitably be detected and publicised.” logo, because this happen in the past at the request of NSA for spying everyone. The government’s and big company’s know this, and they will not trust any closed source program. Just going open source, or at least with the full source code available is acceptable.

People that install encryption expect one thing: real security. The products should really protect the information, even if it slows downs the computer system. That should be really publicised and explained that in order to really protect the information you have to use a really secure algorithm that maintains the confidentiality over the time (for all the life time +plus other). Others use the less secure algorithms (standards) like AES (that was chosen because it was given a short margin of security enough and was more quickly) but the information is more likely to be accessible in the near future (if not already broken by NSA and other spy agencies over the world)… so a strong algorithm like SERPENT 256-bit Implementation would be the ideal one.

The idea is an slogan like: “With Comodo Disk Encryption you get REAL security!”, “Others offer a product that makes your machine seem that it doesn’t have anything… With Comodo Disk Encryption, the machine slows down but your information is REALLY secure for now and FUTURE! When you need the encryption protection it won’t let you down!”, “Comodo Disk Encryption with REAL encryption that protects you and your business today and tomorrow!”, “Comodo Disk Encryption as nothing to hide from you… even our source code is fully available for inspection! Fill confident to use or product (but just in case you can verify the code your self or pay someone to verify it so you know their is no weakness or back-door in our product).”

Also make sure you make a good product with no flaws… and use a good “random-number generator” (please not the Dual_EC_DRBG under any circumstances! It was make by the NSA… and it make contains some kind of backdoor… see: http://www.freedomunderground.org/view.php?v=3&t=3&aid=24767 even if this doesn’t apply to your product having extreme caution is much good).

And why not pay to some experts in the area to fully review the product before it comes public to be sold. Give them time, they may need a few months to review the all source and make sure that everything is correctly deployed. This costs money… but it gives the credibility need to this kind of program (full description of the inspection should be available, and every time a new version is lunched should be reviewed again… to make sure nothing undesired was added… backdoors or weaker encryption)

Making everything right from the beginning may make the difference between being a real success or not.

If:

• Full Source Available for inspection (by anyone);
• Real Secure Algorithm is use from the Beginning (SERPENT may be the best one… as it was “the one” considered the most safe of the AES contest… more slow, but much more secure!);
• All suite is really well made (with no flaws, no backdoors, no crashs… no bugs… in this kind of program is not really wanted!);
• Completely reviewed by well known crypt experts (at least 2 or 3) (reviews by computer magazines don’t really count as everyone knows that this magazines don’t really understand encryption and normally give better reviews to those that publicise on them);
• Every time a new build / version is lunch a full log is made, and is made clear in plain text what was changed in the program, where, when, why… and everything with no exception is made available in the log and in plain text (to make sure any change as not weaker the product)… including the code added / changed;
• No remote activation. Enter a key given by you should be the only request to make it legally. Remote activation can lead to all sort of problems (may trigger weakness in the system, the person may not have internet or not work, your company can disappear, the software may become not supported by what ever the reason, etc. and the person will not be able to use it. Should be just enter your name and key and play it.);
• Fair price. A good software may be paid but it should be at a reasonable price, so everyone can buy it, and not need to have a pirate version. If the product is all this and as an accessible price like $20. Too little? Well If millions of people buy it it will millions that you earn. With a well design product, well tested product, good F.A.Q., and a good forum support, the wast money in support may be minimal.

You may have a good product that will sell very well.