Wednesday 22 September 2010

Comodo = Software Leak?

Now I've got a lot of good things to say about Comodo Internet Security suite. Firstly it has proper 32bit and 64bit versions and has for some time now. Secondly its feature "Defense+" is possibly the most comprehensive and ambitious pro-active security solution ever (though you really need to be a computer developer to make the most from it).

Now for the whine:

Defense+ includes a section called "Pending Files" which I hadn't really investigated much until today (that is Comodo Internet Security version 4.1.1500349.920). This section reportedly maintains a list of unrecognised executable files (which on the surface seems fine). It gives the option to submit these unrecognised files to Comodo (presumably for approval or whatever).

So, today I was investigating a Virus Report from the engine. Comodo has had a bit of a spotted history with its Anti-Virus solution. Specifically if is quite prone to false or incorrect reports. So, I was attempting to validate its claim using http://www.totalvirus.com/ which seems like a good site. Whilst I was looking into this I came across "My Pending Files" and I looked and there where a list of executables (fair enough) and amoung them some of my own peices of software.

Then I looked again, and noticed that 2 of the files in the list had been "submitted" to Comodo. I was not aware of ever agreed to this! One of these files was an application I develop that contained propritory code I would very much not like to distribute anywhere for any reason. Whilst I'm not saying Comodo are going to be stealing code, they are probably going to be performing a threat analysis upon the executable in question and to do that understanding its function and purpose is key. So, then they will understand the function and purpose of my propriotory code and well, if you understand something you use that knowledge!

This, to me, is a serious risk of software leak. One I felt I was not given the option to prevent (or at least there was no clear warning it would be sending this file out).

So in summary. If your a software developer, Defense+ is both a boon and a danger. I am not going to disable it because it does guard my system well in all other respects.

This post on their forums has also pacified me for now :

http://forums.comodo.com/help_for_v3/how_do_i_disable_my_pending_files-t15799.0.html;msg124795

Lastly at least it DID tell me it had leaked my executable. I will be keeping a close eye on it in future and possibly doing my development on a different machine to my internet connected system.




AMMENDIUM: I now noticed this:

The "Submit the file to COMODO for analyis" button must have been checked when I was wanting / expecting to check / select "Do this for every" checkbox from the older Comodo dialog. So, sadly, I guess I have been my own leak. Still far to easy to do and no way to disable this.