rapid-antivir-2009. com
rapid-antivir2009. com
rapid-antivirus2009. com = all redirect to:
secure.xsoftstore. com

Continued @ Hosts News

Duh! That's bad news indeed.

Btw, tell me about reporting stuff, I just shared today my frustrating experience with it in general on Malware Removal forums.

I saw that thread too.

Social networking sites just get too big and worry more about the bottom line, which is the real reason they all start up anyway. It's all a ploy to get users hooked and then sell out eventually. They all do the same thing.

Abuse gets written about here, there and everywhere and then nothing gets actually fixed. Or very little does.

Welcome to the Net.

That's true - and sad.
(Btw, what shocked me was a teenage internet user whom I have admonished about tolerant and responsible behavior, and they replied: "Sorry to tell you, but the internet is intolerant and doesn't care about responsibility" Hmmm... Nope, the internet doesn't do anything, the users are. Sigh.)

Any now, any plans "against" Comodo?

Typical kid.

As for COMODO, all you can do is spread the word about their involvement with malicious vendors and not recommend their software.

I'm headed now to check my site and remove any code which was pointing to them. I won't tolerate that or link to them any longer.

Thanks, will do

I heard that this issuance of certificate stuff to malware sites is not a problem of Comodo alone. It's the same with other vendors like GoDaddy and Verisign too. The problem they said is that there's no standard for issuing DV. Isn't singling out a particular vendor like Comodo and not the process itself would appear to others that it's just a mere anti-Comodo campaign?

I read a similar blog about this also that's why I ask.

Thank you.

It's not an anti-Comodo campaign at all. We're aware that other vendors are affected. However, what Comodo seem to fail to grasp is, the other cert vendors aren't claiming to be a security company, and aren't offering security software - in short, we're holding Comodo to a higher standard (the fact Comodo have been shown to have issued certs to known malware gangs, after they've already pulled their previous certs, just makes it worse).

Indeed, Melih himself has said, he doesn't like DV's - yet he still issues them? I don't buy his argument that other vendors do, so he must - this is irrelevant. If he's got a problem with them, stop issuing them, stop trying to use lame excuses that other vendors do - try setting the standard for others to follow (and nope, setting up a forum for people to report rogue certs, isn't going to cut it).

Well said MysteryFCM. These are supposed to be trusted certificates which we can rely on BUT if Comodo are not vetting the people they supply these to, then we, as the end user, suffer and eventually the cert's will have no meaning or trust. A company and person in Comodo's postition should be more responsible and less careless. If they can't or wont do their homework then stop trading, is my opinion.

I think it's pretty obvious why they keep issuing them even tho they say the system is broken. They keep making $$$

Common sense tells you that if there is any service which you use and acknowledge that the system is ripe for abuse, you should cease using that service or offering it. There is no advantage to using\offering it if you cannot trust it. Unless the advantage is financial gain, then it always seems all common sense arguments go out the window.

Funny how that works eh?

From the same blog I've read with the same topic Melih/Comodo is not denying that they are making money from DV. But I share his view that participating in the DV business do more good than harm. At least they have the control of those DV's that they issued because they can revoked that anytime they know it use by malware site. It's just like politics to me. Though politics is very dirty per se, not all politicians and/or political leaders are bad. Guns can kill - should all guns vendor stop selling guns? Internet is an environment for crime - should everybody stop promoting the use of it? The way in my opinion is not to stop but to have strong standard in obtaining/issuing DV or any other certificates.

Below are some quotes from other forum on what Melih/Comodo is doing as their part to prevent such abuse:








Just my opinion. Thanks

Pretty piss-poor excuse, using guns as a metaphor.

But it's expected from a COMODO shill like you.

I've read the forum quotes and all related blogs. Nothing changes for me on my opinion. They'll just keep taking the money and do nothing about actively trying to fix it, by first boycotting it, which should be done first and foremost and then getting some type of real action towards fixing the issue.

Ya know, like alot of anti- gun groups do. When they take up the cause in such a manner, maybe set an example for others, maybe I'll change.

But I'm quite certain that will never happen, not as long as they can make a buck off of it.

No offence but, re-iterating Melih's thoughts don't help. Melih should not be stating what should be done or needs to be done, unless HE is going to start doing it. Which again, he says he can't or won't do, because other cert vendors aren't doing it - which again, is NOT an excuse.

It's as simple as that.

Infact, unless I'm mistaken, one of Comodo's arguments for carrying on selling DV's, is because other vendors do, and his not doing, would lose Comodo money - which then questions his ethics (not that they need questioning anyway, he's made it pretty clear which side of the fence he's on as far as I'm concerned).

Making money off of criminals at the expense of your users, should not be okay, just because "other vendors are doing it" - remember, Comodo is a security company - which again means, they're held to a much higher standard - plain and simple.

Put simply, from what I've seen thus far, aslong as Comodo are making money from the criminals, they aren't going to do anything to prevent it - and their lack of action to prevent such, confirms this.

As far as guns, you can't really compare these to the guns issue, as they are two entirely seperate issues.

Is that a joke? If everyone who have different position than yours is a shill, how do you call yourself? I thought this is a constructive discussion, but I'm starting to believe the opposite. You really is a gang who wants to discredit Comodo no matter what. +1 to those who sympathize with Comodo. Not because I'm a shill but because you're irresponsible. Your actions speaks for itself.

You could do more to internet security than criticizing Comodo. Set an example as what you said.

Thank you anyway, for helping me decide who is more credible.

Little correction;

1. This is a place for constructive conversations and debate - but we won't abide irresponsible decisions or actions
2. We are not trying to discredit Comodo - simply trying to get them to act responsibly instead of hiding behind poor excuses

As far as "+1 to those who sympathize with Comodo", whilst I'm not surprised to see that, I am a little surprised to see someone claiming to not be associated with them, publicly supporting a company that fails to act responsibly? Would you mind expanding on exactly why you are supporting them? (and "because they're right" or "because I want to", isn't going to cut it here - if you're going to defend a company, much better reasons are required)

I had to laugh at the Comodo excuse for selling DVs and using their statement that there is no set standards as others do this too! Are ALL other compaines lemmings as you are implying?

Comodo sell the certificates and as such SHOULD have their own criteria in which to authenticate a buyer and the software it's provided for so Comodo can set whatever high standard they deem necessary to ensure this is met and malware software doesn't get the chance to use any DV in Comodo's name. As said earlier, Comodo can set the example by incorporating policy to ensure high standards are met for ALL companies to follow.

Comodo obviously choose to neglect this as the rewards exceed the need.

Nicely put

Calling someone a shill just because he has diff. view constructive?

I'm not a Comodo's defender, just same view regarding this DV matter. I'm not a blind follower who would do anything they say. My previous post is what I believe at the moment based on the other blogs/discussions regarding this matter.

Shill - a person who publicizes or praises something or someone for reasons of self-interest, personal profit, or friendship or loyalty. I don't have those reasons. My intention of joining this discussion is to learn, which can be achieved only by hearing both sides of the story and balancing them.

Shill are those who act as if their views of things are always correct, and the only view that is correct.

Could you please point me to any of your research/report of other vendors selling DV's to malware sites, if there is any. I also want to know how they view this DV thing.

I actually believe I wrote about a recent piece of malware using a third party cert, on my blog ...... lemme see if I can find it

/edit

http://hphosts.blogspot.com/2009/08/war ... s-new.html

Response from Thawte isn't there yet as they've not gotten back to me yet.

Thank you for the link.

Comodo is claiming that they only hold 10% of the total DV market. Though they stop selling certs, 90% still exist, and the 10% they currently have will just apply to other vendors. Sad but true, but because there is no strong standard in applying for DV and because those malware sites are difficult to check, even those that are holding 90% market share are also commiting the same mistake of selling certs to malware sites as Comodo.

As I mentioned on my previous post, Melih's suggestion to other (bigger) DV vendors to design/propose strong standard is better because it applies to all (100%) and not stopping the mere 10% of DV certs.

I actually do agree, and have said before, Comodo aren't the only ones affected, but as mentioned, since they know the problem, and are so vocal about "suggestions" for stopping it, and run a security company with a vested interest in preventing and removing infections, are held to a higher standard.

Comodo cannot use the excuse that other cert vendors are doing it - this simply won't wash with us. I can't speak on percentages of the market they hold as I don't know that, and won't pretend to, but if they want to be taken seriously, and seen to be taking action instead of sitting back and raking in the $$ from the malicious guys - they need to stand up and stop issuing them - period, irrespective of whether it's 10%, 20% or 100% of the market they hold.

The other vendors aren't being let off with this, nor are we pretending they aren't in the same position - but they aren't selling or developing security software either.

I personally can't see the relation with Comodo selling other security software with them selling DV certs, or either Comodo's giving off free security software. Users will be fooled by the yellow padlock whether its from Comodo or any others, independent of whether they use or even just aware of Comodo's selling of other security product.


I think Melih's point is that research such as yours should be more focus on the bigger DV provider and not to them as he sees it. Just my thinking.

But you're right, they should do their share too. I saw on other forum and I quoted on my previous post that Melih already suggested to other vendors to set a standard for DV issuance which they (other vendor) opposed. If that is true, isn't it better if we help him (Melih) in pushing other vendors to do as he propose? Maybe doing some (or more) research focusing on those other vendors would make them see the point that the current DV certs issuance has security hole. I quote again Melih below.

But that brings us back to the primary question - why should Comodo wait until other vendors change, before they do? Their moto is "Creating security online" not "Following the herd".

Again, Comodo's issuing DV's to criminals is in direct contradiction to their selling/giving away, security software - security software that is meant to prevent the bad guys infections - the same infections that they are helping propogate.

The attached pix is from Comodo forum. I'm also reading the same topic there. I don't know this gusy and I have nothing against him. I just attached it to make my point. He is also a security guy and as what I read on their forum they (Comodo guy) knows him. My point is, he is also promoting security just like Melih. Melih is representing his company Comodo, and this guy is representing his title as MVP. Both have good intention, to fight/prevent malicious acts online. But both happened to promote bad site(s) unintentionally. It only shows how good at disguising those bad guys are. If they can fool Comodo and the MVP guy, how much more ordinary user like me.

Same reason why I agree with Melih that a standard is needed. If guys like you could do/report more researches like this focusing on all DV vendors (the whole DV system maybe better), then hopefully they will be obliged to make the system better.

On Comodo's forum, they showed several bad sites with DV certs from other vendor, but on other blogs/forums I only see Comodo on the center. The reason why I feel sympathy with them when they say that they are singled out. I'm not questioning your intention, but until I saw a research of this topic with ALL (big) DV vendors on the limelight, that sympathy will remain. I'm not a shill, just basing on the reasons presented.

Regards

Just a little correction, the only reason the spywareinfo.com site is listed on his profile is because he's not updated it yet. The SI forums used to be a legit website.

I'll drop him a note to update it.

Thank you MysteryFCM. You helped not only him but other users too like me who believes in knowledgeable guy like him.

Though it's not intentional, it's still his mistake having malware site on his profile, as it's Comodo's mistake too issuing some DVs to bad guys. SI forum used to be a legit site, the reason why Mr. Mike trusted them before. Malware sites are like wolves in lambs clothing, passing Comodo's criteria when they apply for certs. You informed Mike about the bad site on his profile and i believe he will remove it immediately. Melih said that once informed about malware sites having their cert they investigate them and the cert will be recalled (I'm not sure if the term is correct) immediately if true. Maybe not same, but similar.

It also shows that only through helping each other can we achieve higher cause. The problem is on the DV system itself and not with Comodo's mistakenly selling certs to some malware sites alone. Melih's proposal to have a strong standard is I believe better solution than just stopping Comodo from selling DV certs.

Regards

No problem and sorry for taking so long to reply.