Melih Abdulhayoğlu

I am Melih Abdulhayoglu, founder of Comodo. But it's my blog's viewpoint that is important. I believe human achievement can't be optimized until its central communications engine, the Internet, is a trusted environment. My mission is to help lead the effort to achieve this trust.
January 05, 2014 | Posted by Melih, under Uncategorized

But we are not in the business of taking the easy route out nor in the business of being one ... Read More
March 13, 2014 | Posted by Melih, under Uncategorized

I and Comodo have one goal, to empower and protect our end users. Our motto is,  "look after our users, ... Read More
March 28, 2014 | Posted by Melih, under Uncategorized

Now, we all heard about detection, prevention, cleaning, behaviour blocker, firewall, Antivirus, Anti malware, detection tests, antivirus can ... Read More
May 10, 2014 | Posted by Melih, under Uncategorized

Thank you Symantec for listening to my call and admitting that Legacy Antivirus is no longer enough to do the ... Read More
February 17, 2015 | Posted by Melih, under Uncategorized

Today is a special day, a very special day indeed and it is all thanks to our amazing users, customers ... Read More
February 25, 2015 | Posted by Melih, under Uncategorized

With what is happening in the market place with superfish, there is a "realization" of an old and established method ... Read More
Comodo Internet Security v4.1….Premium!

Well, the only thing we can ask from our users is for them to trust us! We could have asked for money, but decided not to :)

Just trust us to protect you we said.. They responded, We Trust Comodo! For that we are grateful.

Does that give us card blanch to do whatever we want going forward? Of course not, its quicker to lose the hard earned trust than to gain it.

So how do we keep our user’s trust? Well, you can buy the domain name….but we already own it :) so the next best thing is to make sure we continue to listen our users and implement their wishes.

Our users need to see that we listen and react to them. We deliver them what they need. We deliver them what they need plus exceed their expectations.

Our users loved Default Deny architecture, but they said it was bit chatty. We went back to drawing board and came up with “Auto Sandboxing” architecture to give them Default Deny architecture that is almost silent!

Lately, some of the most discussed issues by our users have been some of the additional products/services we bundled with CIS (Comodo Internet Security).

All these products were carefully selected and bundled with CIS only with good intentions. From Hopsurf, to search results provided by Ask, to Live PC support help.

Although many do understand our reasons for bundling these products/services, few do not like it.

So, we thought long and hard about how and what we can do!

We decided to come up with a “Premium” product for you all!

Yep, shiny, funky, brand spanking new CIS Premium!

The reason why its Premium is NOT because it has all this additional stuff in it…BUT…its because it doesn’t have


Ask search thingy

Live PC support

and has a lot of bugs fixed with sandbox etc…

Now you have a PURE Protection Engine, Rock Solid CIS Premium, (CIS v4.1) and nothing else!

We do listen to you!

We always have!

We always will!

Your Trust is our Currency!

Thank you for allowing us to serve you, and serve we will!




Symantec acquires Verisign……

I got inundanted with calls from analysts to potential customers asking my views on the deal, so here it is:

First of all, my hats off to Verisign management team for getting such a good deal! They did change 4 CEOs in the recent few years, and hit a plateau with their revenue.

Verisign, like the grasshopper, jumped once by buying thawte (and they got their market share),

they jumped twice by buying Geotrust (and once again got back their lost market share)…

but 3rd time?

Nope…couldn’t jump…There was no company for sale for the 3rd jump ;), but like I said, hats off to them for surviving this long thru acquisitions and almost no innovation for the last 10 years.

How will all these Verisign customers who bought into the “marketing” of Verisign and bought the “Verisign brand” will feel, now its the Symantec brand they have to switch to? Whats the point of paying those extra $$ for a brand they can’t benefit from? Well, was there a brand worth paying that extra $$ in the first place? Obviously not in my opinion! Just take a look at google trends . That brand had passed its sell by date if you ask me. And Symantec choosing to use their own name rather than acquiring the Verisign name, the so called “Most Trusted Name” is a good indicator of the value that Symantec puts to it.

So how will Symantec benefit from this? The question is will they? Verisign’s main revenue,I believe, is from the enterprise segment.  Cross selling to that segment is difficult in this scenerio because:

a) the buyers of certificate services are different departments compared to buying desktop security, storage etc.

b)the no of enterprise who use verisign but not Norton/symantec is fairly limited. Lets be honest, for now Symantec does have a good enterprise presence, so they will be hard pushed to get that cross pollunation they are hoping.

c)Verisign had mentioned in one of their recent financials that they were getting pressure in the enterprise segment, and I am not sure if Symantec can mitigate that pressure or contribute to it with this acquisition. I personally think the latter.

Also, it will be interesting how Symantec will react to issuing Domain Validation(DV) certs to malware websites, hence help create legitimacy to malware providers, while on the other hand selling protection from them! This will put them in a difficult position. To majority of the readers: you will be scratching your head wondering what the hell I just said…..well, I said, Symantec cannot keep a position of end user protection while issuing “Trust Indicator” without any authentication and allowing malware authors to obtain them in order to spread their viruses! Yep…it happens in a big way and Verisign  is a big offender as they hold a good majority in the DV market through their Geotrust and Thawte brands. So will Symantec fix that? Or will they aid the malware industry by issuing DV certs?

This leaves Comodo to be the only High Assurance  Certification Authority that has not changed hands last 10 years! The most stable Certification Authority, who has, year over year, grown its market share and revenue. The certification authority who has over 400,000 certificates and Comodo trust mark displayed and trusted by tens of millions of Comodo desktop security users.



Talk Back

The Good, The Bad, The Ugly (aka Unknown)

Legacy AntiVirus products allow Unknown applications to execute on your computer!

(before we start you must listen to the music by clicking on the link below..its not the same without it :) )

The Good, The Bad, The Ugly (aka unknown)

A computer file could be an executable or non executable type in general. The executable one is full of instructions telling the CPU (the intel thingy ) what to do, like show this character on the screen etc..just full of instructions..sometimes, these instructions could be some malicious things like, copy the password and email it to fraudster etc…Unknown

A file can be in 3 states

1) A good file

2)A bad file

3)Unknown file

A system, like legacy Anti virus products work in the main with “Blacklisting” architecture.

They work by saying: “if you are in the blacklist you are not allowed to execute in this computer”.

So lets take the files and push it thru a legacy antivirus to see if their architecture works.

Journey of a Good file…

We take a Good file and push it thru an antivirus…antivirus checks this against their can’t find it there so lets it go ahead and execute…all well and good so far…great…..

Journey of a Bad file…

next…lets take a bad file….(lets be nice and say that this is a bad file that the legacy antivirus knows about, cos there are many bad files that legacy Anti virus products know about, as No single Antivirus company can have 100% visibility to ALL the malware out there, period)..but lets be nice :)…so take the bad file and push it thru a legacy Antivirus….antivirus check this against their blacklist and detected it and stopped it from executing….welldone legacy antivirus!!

Journey of an Unknown file…

Now lets take an unknown file and push it thru a legacy antivirus product, it will check against its blacklist…is it there? Nope…so lets just let it go ahead and execute..after all its not in its blacklist….

so what did i just execute?

What was that unknown file that I just executed? Was it good or bad? Afterall it can either be good or bad…. so using a “blacklisting” architecture you just allowed potentially malicious application to run and damage your computer!

If you were writing Viruses…

Now, lets say you are writing viruses for living…and believe me there are many out there that does that and many more who use these to make money from them. What would be the first thing you would do when you created your malicious creation?

Yep, you guessed it right…you would first check to make sure popular legacy Antivirus products don’t detect it. Afterall, if you are intelligent enough to write a virus, you should have an ounce of brain (used for wrong purposes….) to check if your virus is detected or not. And yes you make sure its not detected and then you release it on people….

But wait!!!

This new virus/malware that this Virus author just released will be an “unknown” file and will be executed….errrmm…yes…it will… now you know you are MAD MAD MAD to rely on a legacy Antivirus that still uses “blacklisting” techniques in an attempt to protect you but fail miserably!

Yeah but Legacy AntiVirus products have heuristic built in…..

Damn, didn’t know that :) oh really, well everything is fine then…:) (sorry for the sarcasm….:) Heuristic is also based on “blacklisting method”, these are rules that identifies files/behaviours that matches a blacklist of rules. The architecture is still the same! You are still running the “risk” by “executing” “unknown” applications. Do these things detect more..sure they do…do they eliminate the risk, hell no!

So if you don’t want to run your computer or your business like a lottery and letting your security applications run “unknown” applications, then better use Comodo ;)