Why did COMODO download a unique identifier of my box during licensing?

I’m a new user today. Switched from F-Secure to ZA Suite a few months ago. Switched to COMODO today. Installed itself slick as ice cream. So far my computer is WAY significantly faster booting itself, the firewall, Outlook 2000, and the browsers. Additionally, I have MANY fewer ports opened for monitoring by the firewall and left hanging around in 4 minute wait-states. All fabulous.

But why did installation and registration create a Unique Identifier (UI) on my computer and download it to a COMODO server? If this product is a life-time give-away for the stated business model reasons, why is it necessary to have this Microsoft-esque licence-and-box UI capability for tracking the firewall user? I’m a complete privacy freak and this feels absolutely creepy! I’d appreciate a response from the staff.

Thanks

bayj

G’day and welcome to the forums.

I appreciate your privacy concerns but can assure you that the ID assigned to your system is benign. Comodo merely use it to keep count of how many installations of the firewall have been done.

Not “who”.
Not “where”.
Not “why”
Just “how many”.

There is absolutely no user or system identifiable information transmitted anywhere during or as a result of the installation of CFP. You can verify this by uninstalling CFP, running a sniffer like WireShark and reinstalling.

This method was introduced around 12 months ago as a result of the previous license issuing process, which had too high a failure rate and caused numerous support calls. As the software is free, Comodo have no retail info to work with. Also, it can be freely distributed from many, many download sites other than the official Comopdo download site. Because of this Comodo have no accurate means of determining the installation count for the product. Even though it’s free, all software production incurs a cost and Comodo need this info as part of their ongoing overall development programme.

Please bear in mind that I do not work for Comodo and have no affiliation with them outside of acting as a volunteer moderator on these forums. I’m sure that if you send a forum PM to “Melih” (Melih Abdulhayoglu, Comodo CEO - yep - a real CEO that actually talks to users!) he will confirm the above.

Either that or he’ll give me a size 7 up the backside and let me know which bit I got wrong.

Again, welcome to the forums.
Ewen

thanks for the wonderful explanation Ewen…
i can confirm!

thanks
Melih

Hi and thank you Ewen and Melih for your reassurances.

I have WireShark as well as a great free port scanner called Current Ports Control. Thats a brilliant idea to run WireShark at a software install! How simple and obvious – except when you don’t think of it. . . Duh.

I had a horrible experience in March: a rootkit slipped by my then installed F-Secure. I’m not a newbie at all, and I fought to remove that viro-monster for 2 weeks, failing at every turn, and finally had to format that drive and reinstall. My data and email were safe, but had to redo W2K and every application. I switched to ZA Security Suite for a while and basically found it worse as a resource hog and computer speed brake than F-Secure. I’m astonished that COMODO appears not to weigh me down at all. Like running with NO firewall!

Maybe this is the wrong place to talk about it (haven’t puzzled out the Forum Index yet) but I had a great realization as I recovered from the rootkit. I retrieved and analyzed several years of intrusion logs dating from the beginning of my firewall use. What they show is that classic trojan and signature virus intrusion attempts have recently dropped almost precipitously in my logs. There is a big intrusion technology change underway. Intrusive mobile code systems are spoofing browsers. They don’t look like signature viruses, don’t trigger virus data base alarms, and don’t get sequestered or quarantined by the firewall. To defend on this front users are going to have to start using really sophisticated browser proxy filters like eDexter and the Proxomitron. Firewall developers should consider browser filter products. Someone should pick up and build on the quite ingenious open source Proxomitron, which has languished since developer Scott Lemmon died prematurely a few years ago. Have you thought about this Melih?

Users are also going to have to switch to browsers like Opera, with its absolutely transparent cache and general architecture, and use MSIE only for Microsoft interactions that refuse other browsers.

Is there a Forum General Computer Security topic or thread that would be appropriate for discussing this kind of new intrusion technology and defense stuff, and the additional things advanced security users would be interested in? I’m totally confused about navigating here.

Best, and thanks again

bayj

Is there a Forum General Computer Security topic or thread that would be appropriate for discussing this kind of new intrusion technology and defense stuff, and the additional things advanced security users would be interested in?

As a matter of fact, there is...

https://forums.comodo.com/general_security_questions_and_comments_not_product_related-b85.0/

LM

if you are worried about drive by download attacks, then worry not, CFP v3 will handle all that for you and protect you against them
Melih

“There is absolutely no user or system identifiable information transmitted anywhere during or as a result of the installation of CFP”

Are you aware that EU-regulations defines a IP-number
as a user-identifiable information ?

Yes I am.

The self generated Unique Identifier (UI) which does not contain your IP, is all that is sent to Comodo. Your IP address is, however, in the header of every IP data packet that leaves your system, regardless of its destination.

Cheers,
Ewen

Exactly my point. So, in fact the unique identifier can be
used to identify your users …at least in the eyes of any sane judicial system ,
unless you don’t keep server-logs of course.
How do you ensure that the identifier IS unique ?
The way I understand it Comodo does this to be able to identify (count) installations
so surely you must have some way to distinguish between new installations and re-installations ?
maybe the MAC, OS serial nr. or a hash of those ? or does it count as a new installation if I format and reinstall winblows/Comodo ?

I know many people who got turned off comodo for good with the previous e-mail mess …
I think you are actually alienating potential users, many of whom know that Comodo is
very likely the best Firewall for windows, free or not …

It’s not that I don’t trust you, I just have a hard time seeing the point in making something free
and then going through all that trouble… it must also require some resources for you ?

The way I understand it Comodo does this to be able to identify (count) installations so surely you must have some way to distinguish between new installations and re-installations ?

During the course of all the installs/uninstalls/reinstalls I've done, I've not experienced CFP re-registering after the initial install. The license file is separate from the installation files, and it would seem that when one reinstalls CFP, it detects the presence of the license and that's as far as it goes. Once license, one time.

If you reformat and reinstall the OS and CFP, then the license file would be gone, and you’d need to re-register, as it were. Unless, of course, you export the license file prior to reformat, and put it back in place prior to reinstalling CFP. I did that with the old system and it worked fine that way.

LM

Gordon
is it a fair summary to say, you simply can’t believe that we are giving this free hence you suspect there must be something else behind this free offer?

thanks
Melih

Wow, I’m happy to see the responses generated by my query and hope they keep coming!

I’m not trying to have bullet-proof anonymity on the Internet; that’s too hard to achieve affordably. To me, computer invasion is evolving because industries that make money selling information, can employ collection methods that police investigators would have to have a search warrant to use. Since its very big business I doubt there will ever be political will to stop it, and I can’t imagine how legislated regulation could be enforced anyway. It will always be an end-user’s responsibility to protect one’s own computer.

Gordon and Ewen, the text of the UI transmitted doesn’t have to carry any personal user or system information. A packet sniffer at the registration server can collect a sender’s personal physical NIC MAC address, and motherboard manufacturer as well if its an on-board NIC, AND the sender’s IP address. So it IS transmitted in the packet wrapper layers, with the TCP payload of UI information, as part of the Internet infrastructure. Run the IP address on WHOIS and you also know the ISP and just about where the computer is. Thats a lot of information, and it seems a bit disingenuous to say that its non personal just because you don’t have the name and DNA of the person sitting at that computer at the moment. But hey, thats just the Internet as it is, right now.

Melih, I DO have concerns about drive-by downloads because that’s how I caught the rootkit that educated me so painfully and sent me toward Comodo. I appreciate your assurances about CFP v3. I’m an OLD geek systems analyst/computer application designer since vacuum-tube days and I’d love to hear from one of your tech guys about its more specific features, not trade secrets, of course.

LM, your discussion of install/uninstall/reinstall was really helpful. I assume the license file export/re-import you mentioned is of a registry key. Would you mind identifying the key, or if not a registry item, telling me the path to the file?

I’m still wanting to have my question answered. What exactly is the UI content, what exactly about my computer is it derived from, how is it later protected, what exactly are all the ways it is used, who exactly may have access to it, and why? I think I know when.

Best,

bayj

What exactly is the UI content: It is merely a serial number
what exactly about my computer is it derived from: no relationship to your computer, to its configuration or software installed. No relation at all.
how is it later protected: nothing to protect (read above)
what exactly are all the ways it is used: it is only used to enforce licensing so that we can measure the success of our products.
who exactly may have access to it: Comodo only.

Hope the above answers your questions. Again, we do NOT collect demographic information as such from our users, we do not have a business model of selling demographic information. So relax and enjoy the products!

Melih

Edit*****

It has been brought to my attention that some people confuse what we are “capable of”, with what “we do”. Even though we can do all sorts of stuff like collecting and selling user information we simply do NOT do that. We do NOT have a business model of selling user information nor do we collect and use it. There are people trying to create FUD by mixing the issues of what we can do with what we do.

I AM enjoying the product. So far I’m astonished at the tiny resource tap. My computer is going like an antelope now. I think I will be contributing to these forums. I’ll repeat a line from an earlier post. I’m an OLD geek systems analyst/computer application designer since vacuum-tube days and I’d love to hear from one of your tech guys about CFPv3 more specific features, not trade secrets, of course.

And thanx for the input, exactly what I wanted to know!

bayj

good to have you with us Bayj. pls help us make our products better so that everyone can benefit from it.

thanks
Melih