Comodo-Affiliated Product Compromises Your Web Security Comodo-Affiliated Product Compromises Your Web Security

I'm pretty sure you've heard about the malware called Superfish, which apparently came pre-installed on Lenovo laptops (probably as a free bonus from the company). It doesn't sound very good when a computer manufacturer gets called out on such a big security breach, but how about when it happens to companies and products which are supposed to be focused on PC and Internet security. When the guys who make a living out or protecting your system end up making your PC even more vulnerable than it was before, there isn't much of an excuse that you can find for them.

Comodo is a big international company which, among other products, also develops Comodo Firewall and Comodo Internet Security. PrivDog is a Web security application with strong ties to Comodo. The app is designed to you keep safe from malicious advertisements while you're browsing the web. Basically, what the tool does is it takes the potentially threatening ads and replaces them with secure ones. According to its promo, this way everybody wins: consumers, publishers and advertisers alike.

However, the developers of the application made one small oversight: PrivDog doesn't correctly verify the security certificates that it receives from the websites. As far as I know, even the most basic browser wouldn't make such a huge security error. To put things in simpler terms, if a hacker would intercept the data that travels from your computer to any website (let's say a bank), and then send you back data that originated from his computer, PrivDog will accept it without even realizing that it's coming from an outside source and not the bank that you were trying to connect to. Basically, this vulnerability made you a sure target for any kind of man-in-the-middle attack.

There is one more detail that makes things even more interesting. In most of the cases, PrivDog comes bundled with several Comodo products, such as Internet Security, Chromodo, Dragon and IceDragon (the last three are browsers), but all these applications use a different version of PrivDog which doesn't have this vulnerability.

According to an official statement from the company, this "potential issue" only exists in versions 3.0.96.0 and 3.0.97.0 of PrivDog, versions which have never been distributed by Comodo. A patch that fixes the problem is already available here.

Author's other posts

How to make your Mac kid-friendly?
Article
How to make your Mac kid-friendly?
A few tips on how to ensure your kids' safety while they're using Macs as well as on how to keep the machine safe from your children.
Mac security tricks
Article
Mac security tricks
If you don't have a lot of experience in using your Mac, here are a few tips that could keep your machine safe from various threats.
Mac Mini 2018: release date, price, expectations
Article
Mac Mini 2018: release date, price, expectations
Apple hasn't updated its Mac Mini line since 2014, so many people are hoping to see a new model this year. In case you're interested, here's what to expect from Mac Mini 2018:
Microsoft Office gets a fresh look and improved searching
News
Microsoft Office gets a fresh look and improved searching
Microsoft is simplifying the command ribbon as well changing up the colors and icons for the applications included in its Office suite.