Comodo
Encyclopedia
Comodo Group, Inc. is a privately held group of companies providing computer software
and SSL
digital certificates, based in Jersey City, New Jersey
, in the United States. It has offices in United Kingdom, Ukraine, Romania, China, India and Salt Lake City, Utah.
, based on his experience at University of Bradford
.
through their website, available for public download. Most notable of Comodo's free products is the Comodo Internet Security
freeware program, incorporating Comodo's firewall, Comodo Firewall Pro, Host Intrusion Prevention System and antivirus.
Other Comodo branded freeware security tools include an anti-malware tool, and a memory firewall, free software that protects against over 90% of buffer overflow
attacks. For an additional fee, Comodo product users can subscribe to Comodo's computer cleaning and optimizing services for real-time computer assistance.
Comodo also offers a free registry cleaner program, now included within the Comodo System Cleaner.
Comodo EasyVPN is a virtual private network
(VPN).
Comodo SecureEmail incorporates a patent-pending technology allowing S/MIME email users to send emails to any email user without exchanging keys beforehand. The product comes in both a limited free version and a more functional professional release.
, and is the second-largest issuer of business-validated certificates. Comodo's certificate profile includes Organization Validation (OV) certificates, Domain Validation (DV) certificates, Extended Validation Certificate (EV SSL) certificates, Multi-Domain certificates, Unified Communications certificates, email certificates and code signing
certificates. Comodo CA undergoes an annual WebTrust audit by Ernst & Young
.
SecureEmail Pro allows businesses to send encrypted or digitally signed emails with more control over their digital certificates than SecureEmail freeware. Comodo Certificate Manager allows IT departments to deploy and administer digital certificates centrally and remotely.
Comodo CA is an Approved Scanning Vendor that offers PCI scanning services to help merchants who take credit cards to comply with PCI DSS regulations. Comodo also offers HackerProof, which is a daily vulnerability scanning solution. A logo is placed on third parties websites that show if they meet Comodo's HackerProof scans.
Comodo has offered Usertrust since early in 2008 as a customer feedback platform for online merchants. Usertrust gives merchants
a clearer picture of how they can serve their customers better by offering transaction evaluation and feedback services.
's comment over the effectiveness of free Antivirus software, on September 18, 2010, the CEO of the Comodo group Melih Abdulhayoğlu
challenged Symantec to see which products can defend the consumer better against malware
. Symantec, the producer of Norton AntiVirus
, has responded that such direct tests are unnecessary: "Norton is included in a variety of independent, third-party tests from testing labs like AV-Test and AV Comparatives. We encourage Comodo to contact these testing labs if they are interested in having their product included in these tests."
On 29 September 2010, Neil J. Rubenking, the lead analyst for security of PC Magazine, published an article on Comodo Antivirus 5.0 that included a comparative chart. Rubenking concluded that Comodo Antivirus 5.0 blocked a higher percentage of malware than Norton AntiVirus, but was less effective than the Norton solution when it came to malware removal. Rubenking's review also noted that the Comodo malware blocking gave a number of false positives which he felt tarnished Comodo's results.
On March 15, 2011, Comodo reported that a user account with an affiliate registration authority had been compromised which was used to create a new user account that issued nine certificate signing request
s. Nine certificates for seven domains were issued: mail.google.com, login.live.com, www.google.com, login.yahoo.com (three certificates), login.skype.com, addons.mozilla.org, and global trustee. The attack was traced to IP address 212.95.136.18, which originates in Tehran, Iran. Though Comodo initially reported the breach was the result of a "state-driven attack", it subsequently stated that the origin of the attack may be the "result of an attacker attempting to lay a false trail."
The breach, which has been called "comodogate" by some has been widely reported, and has led to criticism of how certificates are issued and revoked.
All of the certificates have been revoked. Microsoft has issued a security advisory and update to address the issue.
On March 26, 2011, a person under the username "ComodoHacker" made several posts to Pastebin.com claiming to be an Iranian responsible for the attacks.
Computer software
Computer software, or just software, is a collection of computer programs and related data that provide the instructions for telling a computer what to do and how to do it....
and SSL
Transport Layer Security
Transport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet...
digital certificates, based in Jersey City, New Jersey
Jersey City, New Jersey
Jersey City is the seat of Hudson County, New Jersey, United States.Part of the New York metropolitan area, Jersey City lies between the Hudson River and Upper New York Bay across from Lower Manhattan and the Hackensack River and Newark Bay...
, in the United States. It has offices in United Kingdom, Ukraine, Romania, China, India and Salt Lake City, Utah.
History
The company was founded in 1998, by Comodo CEO, Melih AbdulhayoğluMelih Abdulhayoglu
Melih Abdulhayoğlu is a technologist and an entrepreneur. As an inventor, he holds several patents. He has written articles on Internet security. In 1998, he founded Comodo, a privately held international company that produces computer security products including SSL certificates...
, based on his experience at University of Bradford
University of Bradford
The University of Bradford is a British university located in the city of Bradford, West Yorkshire, England. The University received its Royal Charter in 1966, making it the 40th University to be created in Britain, but its origins date back to the early 1800s...
.
Products
The Comodo companies offer many free productsFreeware
Freeware is computer software that is available for use at no cost or for an optional fee, but usually with one or more restricted usage rights. Freeware is in contrast to commercial software, which is typically sold for profit, but might be distributed for a business or commercial purpose in the...
through their website, available for public download. Most notable of Comodo's free products is the Comodo Internet Security
Comodo Internet Security
Comodo Internet Security , developed by Comodo Group, is an Internet security suite available for Microsoft Windows. It offers anti-malware protection, a personal firewall, a sandbox and a Host-based Intrusion Prevention System called Defense+.-Editions:Comodo Internet Security is available in...
freeware program, incorporating Comodo's firewall, Comodo Firewall Pro, Host Intrusion Prevention System and antivirus.
Other Comodo branded freeware security tools include an anti-malware tool, and a memory firewall, free software that protects against over 90% of buffer overflow
Buffer overflow
In computer security and programming, a buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory. This is a special case of violation of memory safety....
attacks. For an additional fee, Comodo product users can subscribe to Comodo's computer cleaning and optimizing services for real-time computer assistance.
Comodo also offers a free registry cleaner program, now included within the Comodo System Cleaner.
Comodo EasyVPN is a virtual private network
Virtual private network
A virtual private network is a network that uses primarily public telecommunication infrastructure, such as the Internet, to provide remote offices or traveling users access to a central organizational network....
(VPN).
Comodo SecureEmail incorporates a patent-pending technology allowing S/MIME email users to send emails to any email user without exchanging keys beforehand. The product comes in both a limited free version and a more functional professional release.
Freeware products
| Name | Description |
|---|---|
| Comodo AntiSpam | Anti-spam software |
| Comodo Antivirus | Antivirus for Windows |
| Comodo AV Scanner | Online anti-malware scan |
| Comodo Backup Comodo Backup Comodo Backup is a free data backup program that backs up Windows data files to local, network, virtual or online storage.-Overview:Comodo Backup can be scheduled to backup files and its synchronization mode will take backups of data files which can be restored at a later date.-User... |
Backs up files |
| Comodo BoClean | Detects and removes rootkits, hijackers, keyloggers, trojans |
| Comodo Disk Encryption | |
| Comodo Dragon Comodo Dragon (web browser) Comodo Dragon is a freeware web browser implementation of Chromium, and is produced by Internet security firm Comodo Group. Sporting a similar interface to Google Chrome, Dragon eliminates Chrome's usage tracking and some other potentially privacy-compromising features, and provides additional... |
Customized version of Chromium Chromium (web browser) Chromium is the open source web browser project from which Google Chrome draws its source code. The project's hourly Chromium snapshots appear essentially similar to the latest builds of Google Chrome aside from the omission of certain Google additions, most noticeable among them: Google's... web browser with security improvements to help protect users |
| Comodo EasyVPN with Instant Messaging | |
| Comodo Firewall | Personal firewall |
| Comodo Free SSL Certificate | Secure sockets layer functionality to secure websites |
| Comodo Internet Security Comodo Internet Security Comodo Internet Security , developed by Comodo Group, is an Internet security suite available for Microsoft Windows. It offers anti-malware protection, a personal firewall, a sandbox and a Host-based Intrusion Prevention System called Defense+.-Editions:Comodo Internet Security is available in... |
Integrated antivirus, HIPS, firewall |
| Comodo iVault | Safe, encrypted storage of confidential information |
| Comodo Memory Firewall | Protects against buffer-overflow attacks |
| Comodo PCI Scanning | |
| Comodo SecureEmail | Encrypts and digitally signs email |
| Comodo System-Cleaner | System cleaner and tweaker |
| Comodo Time Machine | Saves/recovers instant system snapshots |
| Comodo VerificationEngine | Verifies legitimate web sites from fraudulent ones |
Business Products
Comodo is a certificate authorityCertificate authority
In cryptography, a certificate authority, or certification authority, is an entity that issues digital certificates. The digital certificate certifies the ownership of a public key by the named subject of the certificate...
, and is the second-largest issuer of business-validated certificates. Comodo's certificate profile includes Organization Validation (OV) certificates, Domain Validation (DV) certificates, Extended Validation Certificate (EV SSL) certificates, Multi-Domain certificates, Unified Communications certificates, email certificates and code signing
Code signing
Code signing is the process of digitally signing executables and scripts to confirm the software author and guarantee that the code has not been altered or corrupted since it was signed by use of a cryptographic hash....
certificates. Comodo CA undergoes an annual WebTrust audit by Ernst & Young
Ernst & Young
Ernst & Young is one of the largest professional services networks in the world and one of the "Big Four" accountancy firms, along with Deloitte, KPMG and PricewaterhouseCoopers ....
.
SecureEmail Pro allows businesses to send encrypted or digitally signed emails with more control over their digital certificates than SecureEmail freeware. Comodo Certificate Manager allows IT departments to deploy and administer digital certificates centrally and remotely.
Comodo CA is an Approved Scanning Vendor that offers PCI scanning services to help merchants who take credit cards to comply with PCI DSS regulations. Comodo also offers HackerProof, which is a daily vulnerability scanning solution. A logo is placed on third parties websites that show if they meet Comodo's HackerProof scans.
Comodo has offered Usertrust since early in 2008 as a customer feedback platform for online merchants. Usertrust gives merchants
Electronic commerce
Electronic commerce, commonly known as e-commerce, eCommerce or e-comm, refers to the buying and selling of products or services over electronic systems such as the Internet and other computer networks. However, the term may refer to more than just buying and selling products online...
a clearer picture of how they can serve their customers better by offering transaction evaluation and feedback services.
Symantec vs. Comodo
In response to SymantecSymantec
Symantec Corporation is the largest maker of security software for computers. The company is headquartered in Mountain View, California, and is a Fortune 500 company and a member of the S&P 500 stock market index.-History:...
's comment over the effectiveness of free Antivirus software, on September 18, 2010, the CEO of the Comodo group Melih Abdulhayoğlu
Melih Abdulhayoglu
Melih Abdulhayoğlu is a technologist and an entrepreneur. As an inventor, he holds several patents. He has written articles on Internet security. In 1998, he founded Comodo, a privately held international company that produces computer security products including SSL certificates...
challenged Symantec to see which products can defend the consumer better against malware
Malware
Malware, short for malicious software, consists of programming that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior...
. Symantec, the producer of Norton AntiVirus
Norton AntiVirus
Norton AntiVirus, developed and distributed by Symantec Corporation, provides malware prevention and removal during a subscription period. It uses signatures and heuristics to identify viruses. Other features include e-mail spam filtering and phishing protection.Symantec distributes the product as...
, has responded that such direct tests are unnecessary: "Norton is included in a variety of independent, third-party tests from testing labs like AV-Test and AV Comparatives. We encourage Comodo to contact these testing labs if they are interested in having their product included in these tests."
On 29 September 2010, Neil J. Rubenking, the lead analyst for security of PC Magazine, published an article on Comodo Antivirus 5.0 that included a comparative chart. Rubenking concluded that Comodo Antivirus 5.0 blocked a higher percentage of malware than Norton AntiVirus, but was less effective than the Norton solution when it came to malware removal. Rubenking's review also noted that the Comodo malware blocking gave a number of false positives which he felt tarnished Comodo's results.
Breach of security
| "This is a nightmare scenario. You have to trust the companies selling these certificates and if we can't, then all bets are off." |
| —Mikko Hyppönen Mikko Hyppönen Mikko Hermanni Hyppönen is a computer security expert and columnist.-Career:Mikko Hyppönen is the Chief Research Officer for F-Secure. He has worked with F-Secure in Finland since 1991.... , head of research at F-Secure F-Secure F-Secure Corporation is an anti-virus and computer security software company based in Helsinki, Finland. The company has 18 country offices and a presence in more than 100 countries, with Security Lab operations in Helsinki, Finland and in Kuala Lumpur, Malaysia... |
On March 15, 2011, Comodo reported that a user account with an affiliate registration authority had been compromised which was used to create a new user account that issued nine certificate signing request
Certificate signing request
In public key infrastructure systems, a certificate signing request is a message sent from an applicant to a certificate authority in order to apply for a digital identity certificate...
s. Nine certificates for seven domains were issued: mail.google.com, login.live.com, www.google.com, login.yahoo.com (three certificates), login.skype.com, addons.mozilla.org, and global trustee. The attack was traced to IP address 212.95.136.18, which originates in Tehran, Iran. Though Comodo initially reported the breach was the result of a "state-driven attack", it subsequently stated that the origin of the attack may be the "result of an attacker attempting to lay a false trail."
The breach, which has been called "comodogate" by some has been widely reported, and has led to criticism of how certificates are issued and revoked.
All of the certificates have been revoked. Microsoft has issued a security advisory and update to address the issue.
On March 26, 2011, a person under the username "ComodoHacker" made several posts to Pastebin.com claiming to be an Iranian responsible for the attacks.