Comodo Group

From Wikipedia, the free encyclopedia
Jump to: navigation, search
Comodo Group, Inc.
Private
Industry
Founded United Kingdom (1998 (1998))[1]
Headquarters 1255 Broad Street, Clifton, New Jersey, United States
Key people
Melih Abdulhayoğlu (President and CEO)
Products
Number of employees
1,100+
Website www.comodo.com

Comodo Group, Inc. is a privately held group of companies providing computer software and SSL digital certificates, based in Clifton, New Jersey in the United States. It has offices in the United Kingdom, Ukraine, Romania, China, India, Turkey and Clifton, NJ.[2] As of 24 February 2015, Comodo is the largest issuer of SSL certificates with a 33.6% market share on 6.6% of all web domains.[3][4]

History[edit]

The company was founded in 1998 in the United Kingdom,[1] by Melih Abdulhayoğlu, who remains its CEO. The company relocated to the United States in 2004. Its product line is focused on computer and internet security. The firm operates a Certificate Authority that issues SSL certificates, offers a computer security suite that includes antivirus and firewall protection and offers other web and network protection services.[5]

Companies[edit]

  • Comodo CA Limited: Based in City of Salford, Greater Manchester, UK,[6] is a digital certificate authority that issues SSL and other digital certificates. According to W3Techs.com, Comodo is the largest digital certificate provider.[7][8]
  • Comodo Security Solutions, Inc: Based in Clifton, NJ, develops and markets security software for commercial and consumer use. This includes web site vulnerability and penetration scannng, corporate and consumer pc security systems and other networks security products. Comodo AntiVirus Labs support all versions of their security systems.[9]
  • DNS.com: Based in Louisville, Kentucky, the company provides managed DNS services.[10]

Products[edit]

Security products and tools offered by Comodo
  • Comodo Antivirus- A free Antivirus product that supports all major OS including Mac, (from OS X 10.4),[13] Linux (from Ubuntu 12.04)[14] and Windows (from XP S2, including Windows 10).[15]
  • Comodo Cloud Antivirus - CCAV is a lightweight and powerful AV application that utilizes Comodo's auto-containment and realtime cloud scanning to immediately neutralize both known and unknown malware.[16]
  • Comodo Mobile Security - A free Android application that protects mobile devices against viruses, worms and scripts. In addition, it also features SMS & Call Blocking, a software & process manager, data and apps backup and data traffic Monitor.
  • Comodo email certificate - S/MIME-enabling certificates, free for personal use, per-year fee for corporate use.[17]
Web browsers offered by Comodo
  • Comodo Dragon - A Chromium-based browser with enhanced privacy and security[18]
  • Comodo IceDragon - a Firefox-based browser, both with enhanced privacy and security features
  • Chromodo - another Chromium-based browser released in 2015 that has been criticized for removing security features
Other Comodo Products
  1. Comodo Endpoint Security Manager (CESM)- CESM is a centralized device management system that includes the ability to distribute PC security software. The software used includes a version of the same firewall, antivirus systems and sandbox containment technology that comprise Comodo Internet Security.[19][20][21]
  2. Comodo Securebox was released in July 2014 and was jointly developed with Western Union with the intention of solving the problem of an application needing to conduct sensitive activities such as financial transactions from an already compromised system. Securebox containment technology protects the application and its activities even if the computer is infected with malware[22][23]
  3. Comodo System Utilities - PC Magazine reviewed the product concluding "it is an effective system-enhancing utility that is as potent, if not more so in certain cases, as paid apps".[24]
  4. MyDLP - In May 2014, the Comodo Group had acquired MyDLP, an open source data loss prevention system. Comodo has begun marketing the Enterprise version through its Comodo Security Solutions subsidiary.[citation needed]
  5. SurGate Labs - In 2014 Comodo acquired SurGate Labs, a Turkish Software company that specializes in secure email an messaging systems. SurGate only recently began marketing its products outside of Turkey and Eastern Europe.[25][26][27]
  6. Comodo Korugan - In 2014 Comodo introduced the Korugan line of Unified Threat Management Appliances that provide a bundle of network security solutions such as firewall, gateway antivirus and end security management.[28][29]
  7. Comodo Backup - In 2014 Comodo introduced Secured backup for Online Storage.[30]
  8. Comodo Penetration Testing - Comodo Penetration Tests will identify critical attack paths present in network infrastructure manually and provide advice to eliminate threats.[31]
  9. Comodo Mobile Device Management - Comodo MDM software could rightly be called a powerful tool in the hands of IT administrators. Using this tool they can manage and at the same time ensure the security of a large number of mobile devices, both personal as well as those that are part of a corporate network.[32][33]

Industry affiliations[edit]

Comodo is a member of the following industry organizations:

  • Certificate Authority Security Council (CASC): In February 2013, Comodo became a founding member of this industry advocacy organization dedicated to addressing industry issues and educating the public on internet security.[34][35]
  • Common Computing Security Standards Forum (CCSF): In 2009 Comodo was a founding member of the CCSF, an industry organization that promotes industry standards that protect end users. Comodo CEO Melih Abdulhayoğlu is considered the founder of the CCSF.[36]
  • CA/Browser Forum: In 2005, Comodo was a founding member of a new consortium of Certificate Authorities and web browser vendors dedicated to promoting industry standards and baseline requirements for internet security.[37][38]

Competitors[edit]

Norton AntiVirus[edit]

On 29 September 2010, Neil J. Rubenking, the lead analyst for security of PC Magazine, published an article on Comodo Antivirus 5.0 that concluded that Comodo Antivirus 5.0 blocked a higher percentage of malware than Norton AntiVirus, but was less effective than the Norton solution when it came to malware removal.[39][40]

Controversies[edit]

Symantec[edit]

In response to Symantec's comment over the effectiveness of free Antivirus software, on September 18, 2010, the CEO of Comodo Group challenged Symantec to see which products can defend the consumer better against malware.[41] Symantec responded saying that if Comodo is interested they should have their product included in tests by independent reviewers.[42]

Certificate hacking [edit]

On March 23, 2011, Comodo reported that 8 days earlier, on 15 March 2011, a user account with an affiliate registration authority had been compromised and was used to create a new user account that issued nine certificate signing requests.[43] Nine certificates for seven domains were issued.[43] The attack was traced to IP address 212.95.136.18, which originates in Tehran, Iran.[43] Though the firm initially reported that the breach was the result of a "state-driven attack", it subsequently stated that the origin of the attack may be the "result of an attacker attempting to lay a false trail.".[43][44] Such issues have been widely reported, and has led to criticism of how certificates are issued and revoked.[45][46][47][48] As of 2015, all of the certificates have been revoked.[43] Microsoft has issued a security advisory and update to address the issue.[49][50]

On March 26, 2011, a person under the username "ComodoHacker" made several posts to Pastebin.com claiming to be an Iranian responsible for the attacks.[51][52]

Enabling man-in-the-middle attacks[edit]

In February 2015, Comodo was involved with a man-in-the-middle enabling tool known as PrivDog, which claims to protect users against malicious advertising.[53]

Certificates issued to known malware[edit]

In 2009 Microsoft MVP Michael Burgess accused Comodo of issuing digital certificates to known malware.[54]

Chromodo browser[edit]

In January 2016, Tavis Ormandy reported that Comodo's Chromodo browser exhibited a number of vulnerabilities, including disabling of the same-origin policy.[55]

Let’s Encrypt trademark registration application[edit]

In October 2015, Comodo applied for the trademarks "Let's Encrypt", "Comodo Let's Encrypt", and "Let's Encrypt with Comodo" trademarks.[56][57][58] These trademark applications were filed almost a year after the Internet Security Research Group, parent organization of Let's Encrypt, started using the name Let's Encrypt publicly in November 2014,[59] and despite the fact Comodo's “intent to use” trademark filings acknowledge that it has never used “Let's Encrypt” as a brand.

On June 24, 2016, Comodo publicly posted in its forum that it had filed for "express abandonment" of their trademark applications.[60]

Dangling markup injection vulnerability[edit]

On July 29, 2016, Matthew Bryant showed that Comodo's website is vulnerable to dangling markup injection attacks and can send emails to system administrators from Comodo's servers to approve a wildcard certificate issue request which can be used to issue arbitrary wildcard certificates via Comodo’s 30-Day PositiveSSL product.[61]

See also[edit]

References[edit]

  1. ^ a b "How US entrepreneur's global internet security firm started life in Bradford". Telegraph & Argus. 3 Sep 2014. Retrieved 3 Sep 2014. 
  2. ^ "Comodo Company Locations". Retrieved 14 August 2015. 
  3. ^ "Comodo SSL leads Symantac". Retrieved 2015-02-12. 
  4. ^ "w3techs - Comodo SSL leads Symantac". Retrieved 2015-02-12. 
  5. ^ "Comodo Company Overview". Retrieved 14 August 2015. 
  6. ^ "Comodo - Contact Us". 
  7. ^ "W3Techs - extensive and reliable web technology surveys". w3techs.com. 
  8. ^ Admin TOA. "- Comodo Named Fastest Growing SSL Certificate Authority". Turkofamerica.com. Retrieved 2015-03-30. 
  9. ^ "Comodo Security Solutions, Inc.". Icsalabs.com. Retrieved 2015-03-30. 
  10. ^ Joe Callan. "Domainers Magazine - DNS.com : The Next Geo-Targeting Solution - Jul-Aug (Issue 22)". Domainersmagazine.com. Retrieved 2015-03-30. 
  11. ^ "Comodo Products - PC Security, Site Security, Prevention Software". comodo.com. 
  12. ^ "Proactive Security Challenge: Results and comments". matousec.com. Difinex Ltd. Retrieved 2010-12-25. 
  13. ^ "Comodo Antivirus for Mac details". Retrieved 14 August 2015. 
  14. ^ "Comodo Antivirus for linux Overview". Retrieved 14 August 2015. 
  15. ^ "Antivirus for windows 10". Retrieved 2010-12-25. 
  16. ^ "Comodo Cloud Antivirus User Guide" (pdf). Retrieved 26 May 2016. 
  17. ^ Comodo free secure email certificate
  18. ^ Comodo Dragon, Download.com
  19. ^ "Comodo Endpoint Security Manager overview". Retrieved 14 August 2015. 
  20. ^ Ashton Mills (26 March 2015). "Endpoint Security Products: Part 1". Cso.com.au. Retrieved 2015-03-30. 
  21. ^ "GFI EndPointSecurity - Voted WindowSecurity.com Readers' Choice Award Winner - Endpoint Security". WindowSecurity.com. Retrieved 2015-03-30. 
  22. ^ "Comodo SecureBox always assumes the worst to strengthen endpoint security". BetaNews. Retrieved 2015-03-30. 
  23. ^ "About Comodo Securebox". Retrieved 14 August 2015. 
  24. ^ "Comodo System Utilities Review". Pcmag.com. Retrieved 2015-03-30. 
  25. ^ "SurGATE OutlookDAV". iDNES.cz. 14 June 2014. Retrieved 2015-03-30. 
  26. ^ "SurGATE Labs yurtdışına açılıyor!". TeknolojiOku.com. 4 February 2014. Retrieved 2015-03-30. 
  27. ^ "Surgate Labs". Surgate.com. Retrieved 2015-03-30. 
  28. ^ "Korugan Unified Threat Management". MalwareTips.com. 
  29. ^ "Echte IT-Tiefenverteidigung: Korugan von COMODO schließt interne und externe Sicherheitslücken". Pressebox.de. Retrieved 2015-03-30. 
  30. ^ "Comodo Backup". Retrieved 14 August 2015. 
  31. ^ "Comodo Penetration Testing". Retrieved 11 May 2016. 
  32. ^ "Comodo MDM User Guide" (pdf). Retrieved 18 May 2016. 
  33. ^ "Comodo MDM End User Guide" (pdf). Retrieved 20 June 2016. 
  34. ^ Ellen Messmer (14 February 2013). "Multivendor power council formed to address digital certificate issues". Network World. Archived from the original on 2013-07-28. 
  35. ^ "Authentication Security News, Analysis, Discussion, & Community". Darkreading.com. Retrieved 2015-03-30. 
  36. ^ "SecurityPark". SecurityPark. Retrieved 2015-03-30. 
  37. ^ "CA/Browser Forum". Cabforum.org. Retrieved 2013-04-23. 
  38. ^ Wilson, Wilson. "CA/Browser Forum History" (PDF). DigiCert. Retrieved 2013-04-23. 
  39. ^ Rubenking, Neil J. (29 September 2010). "Comodo Antivirus 5.0". PC Magazine. Ziff Davis, Inc. Retrieved 2010-09-29. 
  40. ^ Neil J. Rubenking (29 September 2010). "Comodo Antivirus 5.0 malware blocking chart". PC Magazine. Ziff Davis, Inc. Retrieved 2010-09-29. 
  41. ^ Abdulhayoğlu, Melih (18 September 2010). "Challenge to Symantec from Comodo CEO!". Comodo Group. Retrieved 2010-09-22. 
  42. ^ Rubenking, Neil J. (22 September 2010). "Comodo Challenges Symantec to Antivirus Showdown". PC Magazine. Ziff Davis, Inc. Retrieved 2010-09-22. 
  43. ^ a b c d e "Report of incident on 15-MAR-2011". Comodo group. Retrieved 2011-03-24. 
  44. ^ Hallam-Baker, Phillip (March 23, 2011). "The Recent RA Compromise". Comodo Blog. Retrieved 2011-03-24. 
  45. ^ Eckersley, Peter (March 23, 2011). "Iranian hackers obtain fraudulent HTTPS certificates: How close to a Web security meltdown did we get?". EFF. Retrieved 2011-03-24. 
  46. ^ "Iran accused in 'dire' net security attack" (BBC). BBC News. March 24, 2011. Retrieved 2011-03-24. 
  47. ^ "Detecting Certificate Authority compromises and web browser collusion". TOR. March 22, 2011. Retrieved 2011-03-24. 
  48. ^ Elinor Mills and Declan McCullagh (March 23, 2011). "Google, Yahoo, Skype targeted in attack linked to Iran". CNET. Retrieved 2011-03-24. 
  49. ^ "Microsoft Security Advisory (2524375)" (Microsoft). March 23, 2011. Retrieved 2011-03-24. 
  50. ^ "Microsoft Security Advisory: Fraudulent Digital Certificates could allow spoofing". Microsoft. March 23, 2011. Retrieved 2011-03-24. 
  51. ^ Bright, Peter (March 28, 2011). "Independent Iranian Hacker Claims Responsibility for Comodo Hack" (WIRED). Wired. Retrieved 2011-03-29. 
  52. ^ "ComodoHacker's Pastebin". Pastebin.com. Retrieved 2015-03-30. 
  53. ^ http://www.pcworld.com/article/2887632/secure-advertising-tool-privdog-compromises-https-security.html
  54. ^ http://www.cnet.com/forums/discussions/comodo-continue-to-to-issue-certificates-to-known-malware-343022/
  55. ^ https://code.google.com/p/google-security-research/issues/detail?id=704
  56. ^ "Trademark Status & Document Retrieval". tsdr.uspto.gov. Retrieved 2016-06-23. 
  57. ^ "Trademark Status & Document Retrieval". tsdr.uspto.gov. Retrieved 2016-06-23. 
  58. ^ "Trademark Status & Document Retrieval". tsdr.uspto.gov. Retrieved 2016-06-23. 
  59. ^ Tsidulko, Joseph. "Let's Encrypt, A Free And Automated Certificate Authority, Comes Out Of Stealth Mode". CRN. Retrieved 2016-06-23. 
  60. ^ "Topic: Trademark registration". Retrieved 2016-06-24. 
  61. ^ "Keeping Positive - Obtaining Arbitrary Wildcard SSL Certificates from Comodo via Dangling Markup Injection | The Hacker Blog". thehackerblog.com. Retrieved 2016-07-29. 

Bibliography[edit]

External links[edit]