I challenged Symantec because of their scaremongering and misinformation about Free Anti Virus products. They said Free did not protect!

Just as a refresher, here is some of what they said:

in USA Today, (2010-09-22)

“Freeware vendors have created a false perception that free, basic security is enough to protect you from today’s online threats,” says Janice Chaffin, president of Symantec’s consumer business unit. “The reality is, free is not enough. It’s like wearing a light windbreaker in a snowstorm.”

So when Symantec was confronted with our challenge they said:

“When it came to answering Comodo’s challenge, Symantec said in a statement to several media outlets that Norton is included in a variety of independent, third-party tests from labs such as AV-Test and AV Comparatives”

and it continued to say… “We encourage Comodo to contact these testing labs if they are interested in having their product included in these tests,” it outlined.

So we obliged and asked AV-Test to do a test.

And here is the result:

Dynamic (Behaviour-Based) Detection of Malware

AV-Test GmbH (www.av-test.org)

________________________________________________________

Overall Detection and Blocking Rate  

 Comodo CIS Free  |   Norton Internet Security 2011

     100%            |             90%                          

________________________________________________________

Symantec….you were challenged…you responded by saying, go get tested…so we did!

Now what are you going to say?

Stop scaremongering, stop misleading users in an attempt to extract their hard earned $$.

Its time to apologise publicly Symantec, for spreading misinformation. Will you? 

Free Security Protects not just as well, but better than Symantec/Norton according to this test!! Yes the very test Symantec told Comodo to take.

Comodo is the first company to publicly challenge and beat Symantec at offering a superior protection and do so with a totally FREE product!

Melih

PS: Here is another test that PC Magazine did comparing many products..again Norton (a paid product) is behind Comodo (a FREE product) in its ability to Prevent Infection.

The misinformation continues..

Here is what Symantec said in USA Today, (2010-09-22) (thats, today)

“Freeware vendors have created a false perception that free, basic security is enough to protect you from today’s online threats,” says Janice Chaffin, president of Symantec’s consumer business unit. “The reality is, free is not enough. It’s like wearing a light windbreaker in a snowstorm.”

@ Symantec: when will you stop scare mongering end users to make them pay money to you? This strategy you follow is no different than what FAKE AV products do. They too scare the users to get them fork out $$$ based on misinformation and misrepresentation, and you do that too with these kind of public statements! Shame on you!

This is not the first time we are hearing this type of scare mongering from Symantec, so I can only assume this is the company policy being executed by its employees!

Melih

I read what Symantec has said about Free Anti Virus products. This kind of misinformation is just unacceptable from companies like Symantec! Enough is Enough..You can’t mislead end users with blatant lies like this!

If Symantec truly believes what they preach to the media then they will have no problem taking this challenge:

To Symantec: Comodo openly challenges you to an independent test to see which product can protect users better. A $$$ Norton product or totally Free Comodo!

Just let us know.  Our respective companies will choose a mutually agreeable independent testing organisation to test which product can “Protect” the end user better.

Eagerly awaiting your reply.

Melih

CEO

COMODO

Comodo has now become the No 1 company in the High Assurance Certificate Market worldwide.

There are two main markets in the SSL business.

Organisationally validated and Non Validated Certificates.

Verisign as a Verisign brand purely sells Validated Certificates. No other company was able to challange Verisign in the Validated Certificates market. Not Thawte, Not Geotrust and certainly not Godaddy. These companies offer cheap certificates that are not validated, hence able to gain market share quickly, but never really threaten Verisign’s core business. .

Enter Comodo….

Comodo has now taken over from Verisign as the No 1 provider of High Assurance Certificate Provider. Not only has Comodo claimed the No 1 position, but Comodo beat Verisign in their own game of “Brand Awareness”. Just look at Google Trend to see who has a more sought after brand according to Google . Remember the days of Verisign saying you should buy from them because they have brand awareness…..well gone those days….now there is Comodo………its not Verisign or Comodo proclaiming they are the bigger brand…but a third party….Google…

So Comodo has more sought after brand and is No 1 provider of High Assurance Certificates.

Of course its been hard work with dedication of around 700 Comodo employees to make it all happen…..

but wait…..

The work of “Creating Trust Online” has just began……

Melih

Talk Back

Verisign has now removed the “Revoke” button while still publicly denying there was ever a vulnerability.

As can be seen in the pdf attached in the post made in our Comodo forums, the Revoke button that existed previously, has been removed.

Unfortunately, there are no winners here. Verisign loses, and Comodo loses. The way that Verisign handled the whole affair is irresponsible and damaging to the industry in my opinion. I hope they can learn from this.

The whole thing could have been avoided, if they simply acknowledged that there was an issue when we reported and did something to fix it.

So far we know that after we went public:

Verisign has changed their server settings so that Google doesn’t index these security pages

Verisign has removed the “revoke” button from these security pages

Verisign has asked Google to delete these entries from their database.

Every single one of these actions could have been done when we contacted Verisign early last week and the whole fiasco could have been avoided. They forced Comodo to go public before they reacted to the vulnerabilities reported.

All these are positive moves in the right direction, although a bit late and unnecessarily public and after they claimed there was no issue, which makes them look not so with it. However, the most important factor is their customers, some of which are major banks. We do not know if they contacted their customers and ask them to verify if there was any breach or not in their security or if that resulted in any Compliancy breach. I believe they should inform their customers who used this service so that they can check to see if there was a breach or not.

Verisign: Trying to keep things quite is NOT the way to deal with these kind of situations.. You are NOT an ostrich..do not bury your head in the sand for god sake!!!

We compete at business level, but we share the same industry! It is NOT in anyone’s interest for anyone in the industry to get a bad name. Stop acting irressponsibly and start working with your Industry Partners!

After all said and done, Verisign is a respectable company and their Authentication division is in good hands with Symantec. I just hope they learn from this experience for the sake of the authentication industry.

Melih

Talk Back

Well, the only thing we can ask from our users is for them to trust us! We could have asked for money, but decided not to

Just trust us to protect you we said.. They responded, We Trust Comodo! For that we are grateful.

Does that give us card blanch to do whatever we want going forward? Of course not, its quicker to lose the hard earned trust than to gain it.

So how do we keep our user’s trust? Well, you can buy the domain name usertrust.com….but we already own it so the next best thing is to make sure we continue to listen our users and implement their wishes.

Our users need to see that we listen and react to them. We deliver them what they need. We deliver them what they need plus exceed their expectations.

Our users loved Default Deny architecture, but they said it was bit chatty. We went back to drawing board and came up with “Auto Sandboxing” architecture to give them Default Deny architecture that is almost silent!

Lately, some of the most discussed issues by our users have been some of the additional products/services we bundled with CIS (Comodo Internet Security).

All these products were carefully selected and bundled with CIS only with good intentions. From Hopsurf, to search results provided by Ask, to Live PC support help.

Although many do understand our reasons for bundling these products/services, few do not like it.

So, we thought long and hard about how and what we can do!

We decided to come up with a “Premium” product for you all!

Yep, shiny, funky, brand spanking new CIS Premium!

The reason why its Premium is NOT because it has all this additional stuff in it…BUT…its because it doesn’t have

Hopsurf

Ask search thingy

Live PC support

and has a lot of bugs fixed with sandbox etc…

Now you have a PURE Protection Engine, Rock Solid CIS Premium, (CIS v4.1) and nothing else!

We do listen to you!

We always have!

We always will!

Your Trust is our Currency!

Thank you for allowing us to serve you, and serve we will!

Thanks

Melih

TalkBack

I got inundanted with calls from analysts to potential customers asking my views on the deal, so here it is:

First of all, my hats off to Verisign management team for getting such a good deal! They did change 4 CEOs in the recent few years, and hit a plateau with their revenue.

Verisign, like the grasshopper, jumped once by buying thawte (and they got their market share),

they jumped twice by buying Geotrust (and once again got back their lost market share)…

but 3rd time?

Nope…couldn’t jump…There was no company for sale for the 3rd jump , but like I said, hats off to them for surviving this long thru acquisitions and almost no innovation for the last 10 years.

How will all these Verisign customers who bought into the “marketing” of Verisign and bought the “Verisign brand” will feel, now its the Symantec brand they have to switch to? Whats the point of paying those extra $$ for a brand they can’t benefit from? Well, was there a brand worth paying that extra $$ in the first place? Obviously not in my opinion! Just take a look at google trends . That brand had passed its sell by date if you ask me. And Symantec choosing to use their own name rather than acquiring the Verisign name, the so called “Most Trusted Name” is a good indicator of the value that Symantec puts to it.

So how will Symantec benefit from this? The question is will they? Verisign’s main revenue,I believe, is from the enterprise segment.  Cross selling to that segment is difficult in this scenerio because:

a) the buyers of certificate services are different departments compared to buying desktop security, storage etc.

b)the no of enterprise who use verisign but not Norton/symantec is fairly limited. Lets be honest, for now Symantec does have a good enterprise presence, so they will be hard pushed to get that cross pollunation they are hoping.

c)Verisign had mentioned in one of their recent financials that they were getting pressure in the enterprise segment, and I am not sure if Symantec can mitigate that pressure or contribute to it with this acquisition. I personally think the latter.

Also, it will be interesting how Symantec will react to issuing Domain Validation(DV) certs to malware websites, hence help create legitimacy to malware providers, while on the other hand selling protection from them! This will put them in a difficult position. To majority of the readers: you will be scratching your head wondering what the hell I just said…..well, I said, Symantec cannot keep a position of end user protection while issuing “Trust Indicator” without any authentication and allowing malware authors to obtain them in order to spread their viruses! Yep…it happens in a big way and Verisign  is a big offender as they hold a good majority in the DV market through their Geotrust and Thawte brands. So will Symantec fix that? Or will they aid the malware industry by issuing DV certs?

This leaves Comodo to be the only High Assurance  Certification Authority that has not changed hands last 10 years! The most stable Certification Authority, who has, year over year, grown its market share and revenue. The certification authority who has over 400,000 certificates and Comodo trust mark displayed and trusted by tens of millions of Comodo desktop security users.

Thanks

Melih

Talk Back

Legacy AntiVirus products allow Unknown applications to execute on your computer!

(before we start you must listen to the music by clicking on the link below..its not the same without it )

The Good, The Bad, The Ugly (aka unknown)

A computer file could be an executable or non executable type in general. The executable one is full of instructions telling the CPU (the intel thingy ) what to do, like show this character on the screen etc..just full of instructions..sometimes, these instructions could be some malicious things like, copy the password and email it to fraudster etc…Unknown

A file can be in 3 states

1) A good file

2)A bad file

3)Unknown file

A system, like legacy Anti virus products work in the main with “Blacklisting” architecture.

They work by saying: “if you are in the blacklist you are not allowed to execute in this computer”.

So lets take the files and push it thru a legacy antivirus to see if their architecture works.

Journey of a Good file…

We take a Good file and push it thru an antivirus…antivirus checks this against their blacklist..it can’t find it there so lets it go ahead and execute…all well and good so far…great…..

Journey of a Bad file…

next…lets take a bad file….(lets be nice and say that this is a bad file that the legacy antivirus knows about, cos there are many bad files that legacy Anti virus products know about, as No single Antivirus company can have 100% visibility to ALL the malware out there, period)..but lets be nice …so take the bad file and push it thru a legacy Antivirus….antivirus check this against their blacklist and bingo..it detected it and stopped it from executing….welldone legacy antivirus!!

Journey of an Unknown file…

Now lets take an unknown file and push it thru a legacy antivirus product, it will check against its blacklist…is it there? Nope…so lets just let it go ahead and execute..after all its not in its blacklist….

so what did i just execute?

What was that unknown file that I just executed? Was it good or bad? Afterall it can either be good or bad…. so using a “blacklisting” architecture you just allowed potentially malicious application to run and damage your computer!

If you were writing Viruses…

Now, lets say you are writing viruses for living…and believe me there are many out there that does that and many more who use these to make money from them. What would be the first thing you would do when you created your malicious creation?

Yep, you guessed it right…you would first check to make sure popular legacy Antivirus products don’t detect it. Afterall, if you are intelligent enough to write a virus, you should have an ounce of brain (used for wrong purposes….) to check if your virus is detected or not. And yes you make sure its not detected and then you release it on people….

But wait!!!

This new virus/malware that this Virus author just released will be an “unknown” file and will be executed….errrmm…yes…it will…..so now you know you are MAD MAD MAD to rely on a legacy Antivirus that still uses “blacklisting” techniques in an attempt to protect you but fail miserably!

Yeah but Legacy AntiVirus products have heuristic built in…..

Damn, didn’t know that oh really, well everything is fine then…:) (sorry for the sarcasm….:) Heuristic is also based on “blacklisting method”, these are rules that identifies files/behaviours that matches a blacklist of rules. The architecture is still the same! You are still running the “risk” by “executing” “unknown” applications. Do these things detect more..sure they do…do they eliminate the risk, hell no!

So if you don’t want to run your computer or your business like a lottery and letting your security applications run “unknown” applications, then better use Comodo

Melih

TalkBack

Nothing else to say

Melih

TalkBack

I hear you asking….

How can there be a solution to a problem, yet the problem keeps getting bigger?

How can I be infected while I am still using an Anti Virus product?

Why am I paying to be protected yet still getting infected?

Did I buy snakeoil when I purchased my Anti Virus product?

Well…..

Lets first look at what an Anti Virus product is!  The very first Anti Virus product came about around 1987 to clean one of the early viruses.

Did you notice?

Notice what?

Notice the important keyword…”clean”. I didn’t say Protect…I said clean….

So what?

Well, Cleaning is a reactive thing. it happens afterwards. After you got infected. So Anti Virus products were invented as “cleaning” products!

Just like a washing up liquid won’t keep a plate clean when you put food on it, just like shampoo cannot keep your head clean, an Anti Virus product is mainly a reactive technology which cannot keep your PC clean from malware it doesn’t know. Just like  laundry detergent that cannot remove stains, Anti Virus products cannot remove malware they don’t know about. So they can’t even guarantee that they can clean your computer, nevermind protect it in the first place!

WHAT??

You heard!

An Anti Virus product cannot guarantee that a clean computer can stay clean!

So why do we buy these products then or they get bundled with our computers when we buy them?

Good question

Perhaps you can answer my question first: “Between 1987 and now (so far its still 2010), what has changed in an Anti Virus product to make us think that they can Keep a clean computer clean?” Can you please point me to a technological breakthru or innovation or anything of that nature to tell me that “hey, thanks to this advancement we can use an Anti Virus product to keep our computers clean”?

And the answer is?

…………………………..

…………………………………

……………………………………………

………………………………………………………

…………………………………………………………….

……………………………………………………………….. still waiting………

Nothing! Just like an anti virus of 1987 could not keep a clean computer clean, the anti virus of 2010 cannot keep a clean computer clean! That is why you still get tens of millions of people falling victim to malware and being part of botnets!

The only thing that has changed between 1987 and 2010 is the way these Anti Virus products are marketed! Now you are buying laundry detergent (which can only wash limited stuff) as a tool to stop your clothes from getting dirty…

Silly right?

If you were buying some teflon spray as a preventative tool, then I would understand how it could help you keep your clothes clean…but buying laundry detergent thinking that it would keep your clothes clean…….madness! Its a multi-billion $$ madness!

Time to innovate…time to really deliver that teflon spray for your computer so that a clean computer can stay clean! Time to clean up the Anti Virus industry! Maybe It is infected? Maybe it is infected with a malware called “Troj.False.marketing.32″ ?

Melih

Talk Back