back to article Google calls out Comodo's Chromodo Chrome-knockoff as insecure crapware

Google security boffins have thrown the book at Comodo for turning off Chrome security. As explained in this advisory today, users who install Comodo Internet Security may not realize that their Chrome installation is replaced with Comodo's own browser, Chromodo. That little bit of crapware isn't secure at all: it's set as …

  1. Justin Pasher

    Trust is gone

    If you've got Comodo's browser installed on your machine or using certificates issued by them on your server, get rid of it.

    FTFY

  2. Sebastian A

    Another one...

    Every few weeks there's another certificate authority that's been compromised or has been found guilty of dodgy practises. Makes a mockery of the whole system really.

    1. Anonymous Coward
      Anonymous Coward

      Re: Another one...

      Yet a simple measure of pulling the expected certificate hash from DNS when you get IP address seems to elude browser developers.

      Why is that?

  3. MrDamage

    Any news

    On their Dragon (Chrome) and IceDragon (Firefox) browser offerings?

    I don't use Dragon, but I do use IceDragon with various addons (ublock, ghostery, disconnect, noscript) for perusing the occasional grumble flick site.

    Might not take the chance, and just purge it from my system when I get home.

  4. wolfetone Silver badge

    FYI

    Google Chrome would install a binary on Linux systems automatically that took control of your microphone. The end user wasn't made aware of it, and it even made it's way in to Chromium. It was removed from Chromium, but not from Chrome (as far as I'm aware).

    Just saying, for balance.

    1. Anonymous Coward
      Anonymous Coward

      Re: FYI

      For context, as well as somewhat spurious balance, it was Google code in Chromium that supported the Chrome "OK Google" hotword detection. Subsequently removed from Chromium, but fairly obviously (since it's a Chrome feature) not from Chrome.

      1. wolfetone Silver badge

        Re: FYI

        But it would need to be listening to you all the time for it to be able to detect "OK Google" being said. This is a privacy issue and there should be a way to disable this or be prompted for it to be installed. That's the problem.

        1. Anonymous Coward
          Anonymous Coward

          Re: FYI

          "But it would need to be listening to you all the time for it to be able to detect "OK Google" being said."

          All the time only when on the New Tab page or google.com and when enabled. (Which it wasn't by default.)

          "This is a privacy issue and there should be a way to disable this or be prompted for it to be installed. That's the problem."

          Though the plugin download did happen automatically whether you wanted it or not, the "OK Google" behavior was opt-in, so there was no need to disable anything as far as privacy is concerned. That said, they removed the feature entirely back around October 2015 in Google Chrome proper. If I recall correctly, which I may not, Google removed the automatic download from Chromium before that; Debian and many other distributions most certainly did remove it long before.

          Chrome's real privacy issues stem from the "omnibox" sending everything you type into it to your selected search engine, the navigation error features, the "prediction service", the link prefetching, the "dangerous sites" protection (presumably what's mentioned in this article), telemetry data, and a few other "features".

  5. Bota

    Google talking about security issues, well, tickle me Elmo

  6. inmypjs Silver badge

    "If you've got Comodo's browser installed on your machine, get rid of it."

    Really? because google say so? If google think you shouldn't be running it I'm tempted to automatically think comodo are doing something right.

    Of course google don't want anyone putting anything in the way of them snooping all your web activity and history.

    1. DryBones
      Holmes

      Re: "If you've got Comodo's browser installed on your machine, get rid of it."

      If you get infested by malware that fakes ad clicks, the quality of the user impressions they are offering goes down, and their value along with it. So it is in their best interest to help keep the pool clean.

  7. ecofeco Silver badge

    Comodo has been crap for years

    Comodo screwed the pooch years ago. It's now total spamware shit.

    Which is too bad because in its day, it was really good.

    1. adnim Silver badge
      Big Brother

      Re: Comodo has been crap for years

      Still using the free version 5 of their firewall from 2012, can't complain... It even allows one to block access to Comodo servers, which of course was one of the first things I did. I don't believe the software is checking for updates every 5 minutes

  8. Anonymous Coward
    Anonymous Coward

    More commode than comodo.

    Reg we need a toilet icon.

    1. This post has been deleted by its author

  9. x 7

    problem is it appears to be the only free AV for Linux thats actually still available

    I wonder if theres a link there....

    1. Anonymous Coward
      Anonymous Coward

      Uh ?

      ClamAV ran on Linux the last time I looked, which was 30 seconds ago.

      1. x 7

        ClamAV doesn't count - no realtime scanner

        Less than useless

  10. LDS Silver badge

    DNS hijack?

    Sure, not everybody can run DNS like Google and lure people into using them so they can track, storea and analyze each and every request...

    1. GrumpenKraut Silver badge
      Boffin

      Re: DNS hijack?

      With just a few month of research I managed to find the IP of a DNS not run by Google. So can you!

    2. Vic

      Re: DNS hijack?

      not everybody can run DNS like Google

      Only those whose ISP blocks port 53 traffic cannot run their own DNS server. And that's not all that common anymore...

      Vic.

  11. bluest.one

    Firewall

    I use their firewall. Is there a better alternative?

    1. Adam Azarchs

      Re: Firewall

      The one built into Windows is perfectly adequate for most needs (though maybe a little tricky to configure for egress filtering). And on both windows and linux there are scores of good open source alternatives.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019