Learn about Centmin Mod LEMP Stack today
Become a Member

SSL Comodo associated with SSL-Breaking, Ad-Hijacking "PrivDog" Malware

Discussion in 'Domains, DNS, Email & SSL Certificates' started by deltahf, Feb 25, 2015.

  1. deltahf

    deltahf Active Member

    203
    99
    28
    Jun 8, 2014
    Ratings:
    +149
    Local Time:
    5:59 AM
    I was within minutes of purchasing a Comodo SSL certificate, when I just happened to come across this story which has broken over the past few days:

    SSL-busting adware: US cyber-plod open fire on Comodo's PrivDog • The Register
    Adware Privdog worse than Superfish - Hanno's blog
    Lots more on Google News: https://www.google.com/search?hl=en....6.0.0.78.561.8.8.0...0.0...1ac.1.Ro4epXqyK60

    Comodo's "Internet Security" software targeted for consumers prompts them to install PrivDog, which just happens to be created by Comodo CEO Melih Abdulhayaglu. As if these security issues weren't enough, PrivDog is a really offensive, ridiculous piece of software: it blocks ads on publisher's websites and replaces them with its own "trusted ads". In other words, it doesn't just block the ads that pay the bills for most Centminmod users, it hijacks them!

    I know Comodo certificates are very popular, and I just want to make sure that the Centminmod community is aware of this. I want nothing to do with Comodo now, and certainly do not want to support them financially as they work to undermine my livelihood and the security of the Internet at large.
     
    • Informative Informative x 1
  2. eva2000

    eva2000 Administrator Staff Member

    28,935
    6,567
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,747
    Local Time:
    7:59 PM
    Nginx 1.13.x
    MariaDB 5.5
    Ouch that is related to it's Internet Security software

    but Comodo are saying PrivDog was never distributed by Comodo
    so question is whethere it's true if Comodo bundled in PrivDog and/or how it got into affected versions ?
     
  3. eva2000

    eva2000 Administrator Staff Member

    28,935
    6,567
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,747
    Local Time:
    7:59 PM
    Nginx 1.13.x
    MariaDB 5.5
    From PrivDog

     
  4. eva2000

    eva2000 Administrator Staff Member

    28,935
    6,567
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,747
    Local Time:
    7:59 PM
    Nginx 1.13.x
    MariaDB 5.5
    from Worse than Superfish? Comodo-affiliated PrivDog compromises web security too | PCWorld

     
  5. deltahf

    deltahf Active Member

    203
    99
    28
    Jun 8, 2014
    Ratings:
    +149
    Local Time:
    5:59 AM
    Comodo definitely distributes PrivDog in its security suite: Kenn White on Twitter: "@FiloSottile just confirmed: Comodo's firewall & AV (Internet Security 2014) installs Privdog by default. http://t.co/TrGbhbibng"

    Regardless of whether the browser plugin was affected, PrivDog is still Comodo software: PrivDog - PD

    I still can't believe a "security" company is distributing an ad-blocker which replaces ads on websites with their own banners. That is so wrong.
     
  6. eva2000

    eva2000 Administrator Staff Member

    28,935
    6,567
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,747
    Local Time:
    7:59 PM
    Nginx 1.13.x
    MariaDB 5.5
    Last edited: Feb 25, 2015
  7. eva2000

    eva2000 Administrator Staff Member

    28,935
    6,567
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,747
    Local Time:
    7:59 PM
    Nginx 1.13.x
    MariaDB 5.5
    Example of ad networks infected with malicious ads AdSense Abused with Malvertising Campaign | Sucuri Blog So I can see the other side of this as well.

     
  8. deltahf

    deltahf Active Member

    203
    99
    28
    Jun 8, 2014
    Ratings:
    +149
    Local Time:
    5:59 AM
    It doesn't really matter - PrivDog is Comodo's software, both the browser plugin and the standalone version.
    "Blocking malicious ads" is just their pitch to get you to install it. They block all ads and then insert their own ads in their place, literally stealing ad revenue from web publishers like us - that's their business model. That thread - where people are reporting malicious ads delivered from PrivDog's own ad network - is clear proof the company has no interest in actually delivering "safe ads". They just want to get as large an install base as possible on a false premise and then leech away ad revenue like a parasite. It's disgusting.
    Yes, malvertising is a huge issue that infuriates me because it's something that I've had to deal with as a web publisher for many years, but that is absolutely no justification for another company to hijack a website's source of revenue. This is borderline criminal and highly unethical; if someone were doing this to a business in the "real world", they'd be thrown in jail.
     
  9. eva2000

    eva2000 Administrator Staff Member

    28,935
    6,567
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,747
    Local Time:
    7:59 PM
    Nginx 1.13.x
    MariaDB 5.5
    Yeah if they are blanket replacing ads that that is a problem .. for those installing Comodo's Internet Security software. This might be a good wake up call for folks to take closer look at similar security software too.

    While I love to boycott Comodo as a whole, they hold 25% of SSL market and are priced most competitively for SSL certificates where you can get standard SSL for just $5/yr or SSL Wildcard for $39/yr. Alternatives other than Comodo are nearly twice that price !

    Guess each person needs to decide for themselves :)
     
  10. deltahf

    deltahf Active Member

    203
    99
    28
    Jun 8, 2014
    Ratings:
    +149
    Local Time:
    5:59 AM
    Yeah, they block all 3rd-party ad scripts which are not served by the site's domain, which would apply to AdSense and pretty much every other ad network out there. From the PrivDog FAQ:
    Yeah, it's really unfortunate. I'm going to look at RapidSSL or GeoTrust QuickSSL now.
     
    • Informative Informative x 1
  11. eva2000

    eva2000 Administrator Staff Member

    28,935
    6,567
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,747
    Local Time:
    7:59 PM
    Nginx 1.13.x
    MariaDB 5.5
    hmm if it's in their FAQ it's in public domain of awareness it's not something they're hiding you could argue. But I guess their focus is protecting end user and not web publishers. As does any ad blocking software / browser extension.

    yeah RapidSSL would be at least 2x times the price for standard SSL and at least 2x times price for RapidSSL Wildcard while GeoTrust would be at least 11x to 30x times more expensive for standard SSL
     
    Last edited: Feb 26, 2015
  12. deltahf

    deltahf Active Member

    203
    99
    28
    Jun 8, 2014
    Ratings:
    +149
    Local Time:
    5:59 AM
    If they actually were interested in protecting users, they wouldn't be serving their own sketchy ads from "AdTrustNetwork"! :)
    No, open-source non-profit software like AdBlock Plus just block ads. PrivDog blocks them and inserts their own ads in their place, profiting directly off the content and hard work of website owners and giving them nothing in return. That is very, very different.
     
    • Like Like x 2
  13. eva2000

    eva2000 Administrator Staff Member

    28,935
    6,567
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,747
    Local Time:
    7:59 PM
    Nginx 1.13.x
    MariaDB 5.5
    Yeah just blocking the ads would be sufficient
     
  14. deltahf

    deltahf Active Member

    203
    99
    28
    Jun 8, 2014
    Ratings:
    +149
    Local Time:
    5:59 AM
    • Informative Informative x 1
  15. eva2000

    eva2000 Administrator Staff Member

    28,935
    6,567
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,747
    Local Time:
    7:59 PM
    Nginx 1.13.x
    MariaDB 5.5
    Sad to hear but FYI GoGetSSL ssl brand certs are Comodo ssl certs ;)
     
  16. deltahf

    deltahf Active Member

    203
    99
    28
    Jun 8, 2014
    Ratings:
    +149
    Local Time:
    5:59 AM
    Yeah, I know, I went with RapidSSL (owned by GeoTrust) instead! :D
     
    • Funny Funny x 1
  17. eva2000

    eva2000 Administrator Staff Member

    28,935
    6,567
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,747
    Local Time:
    7:59 PM
    Nginx 1.13.x
    MariaDB 5.5
    heh I still prefer comodo/gogetssl just for the price heh
     
    • Like Like x 1