There is an adware called Privdog that gets shipped with software from Comodo. It totally breaks HTTPS security.
https://blog.hboeck.de/archives/865-Comodo-ships-Adware-Privdog-worse-than-Superfish.html
Greetz, Red.
Hi Rednose,
Thanks for reporting. As I said here in the forums earlier this Superfish drama will only be the tip of an iceberg. All try to trick us into these MIM attacks that breaks fundamental privacy security and it goes on and on. HTTPS has been downgraded, backdoored and is pn*wned big time, thanks to big commerce and various government services.
polonus
Comodo owns PrivDog. Caution…always use the custom install if available.
Great - NOT.
Considering that Comodo is also a Security Certificate Issuing Authority - this really is a huge no, no.
Again another huge trust issue and worse still from a company that issues security certificates, exactly a big point being made in the above article.
For those with a long memory they will probably remember Comodo’s Certificate Issuing Authority having another fail with a number of certificates having to be blacklisted or banned, etc…
Hi DavidR and Rednose,
The risks are there with us to stay:
SSL/TLS traffic now comprises 15-25% of total web traffic. While SSL/TLS provides privacy and authentication, cybercriminals can use SSL to hide their exploits from an organisation’s security controls by hiding attacks, evading detection, and bypassing critical security controls.Most organisations lack the ability to inspect and decrypt SSL communications to detect these threats. This undermines traditional layered defenses and creates an unacceptable risk of breach and data loss.
As I said Superfish and PrivDog just the tip of the iceberg that SSL Titanic, huge but vulnerable, has struck… ;D
Interesting article: https://theoverspill.wordpress.com/2015/02/20/start-up-lenovo-superfish-and-its-implications-identifying-jackson-pollocks-tech-v-fashion-and-more/ article author = Charles Arthur
Everybody now seems woken up about this Adtrustmedia PrivDog injection scam: http://www.kb.cert.org/vuls/id/366544
polonus
Privdog is Superfish all over again
http://www.ghacks.net/2015/02/23/privdog-is-superfish-all-over-again/
In case you are wondering what the connection between Comodo and PrivDog is: the CEO and founder of Comodo seems to be behind Privdog as well.
Hi Pondus,
So we all are gonna test here: https://www.ssllabs.com/ssltest/viewMyClient.html
You only can see whther there is a proxy service running.
polonus
I always knew there was a reason to avoid the Comodo Dragon.
It just took a while for everyone else to find out I made the right choice. 
Well you know me and tests - they can’t run unless I allow them.
I can only assume what they report is based on the standard headed information browser, OS etc.
If I do allow ssllabs.com, relatively clean bill of health.
Hi bob3160, others had short memories, those Comodo warans were caught red-handed last time. They did not learn anything, while proceeding in the same way and they were only concerned how long they could do this unnoticed, and if not found out they would have continued the scheme. Apparently all have short memories here and do not take any consequences from what happens. We had the DigiNotar scandal, we had BEAST, we had POODLE, lenovo, now PrivDog and not a lot of users, like you, bob3160, discontinued their services. Keep it off of your comp and they will learn the hard way. Just as with ABP, found out uBlock is better. So out went ABP.
Bad reputation, with me it is only once, and they won’t get another chance to play such a trick again, easy enough…
polonus
A refresher from 2013:
https://forum.avast.com/index.php?topic=19387.msg955615#msg955615
https://forum.avast.com/index.php?topic=68145.msg575627#msg575627
Hi bob3160,
And that is what I like about you, bob3160, somewhere you will draw a line and they won’t cross that line again.
That is what I learned from you and it brought respect. Thanks, bob3160,
“In God we trust, rest we test”.
Damian
The scope of the recent SSL Interception scandal, read: https://www.facebook.com/notes/protect-the-graph/windows-ssl-interception-gone-wild/1570074729899339
polonus
Update - the Superfish, PrivDog etc. scandal is spreading. I told you all this could be the proverbial tip of the iceberg detected, and it seems however true - much more parties were (are) into the same despicable schemes, so cybercriminals can hop onto the this band-waggon of Browser Hijacking as well:
http://www.howtogeek.com/210265/download.com-and-others-bundle-superfish-style-https-breaking-adware/
and two of the top ten downloads on CNET (KMPlayer and YTD) are bundling two different types of HTTPS-hijacking adware,
polonus
OT, but that is why I don’t like to download anything from cnet.com unless I absolutely have to.
Simply having Unchecky installed and running in the background would have prevented the installation of these PUP’s
Using the secure download link at Download.com will prevent getting their down-loader which is the cause of much of the unwanted crapp.
Howdy bob3160,
Agree with you here fully and it is great how you educate users into how to better protect themselves, but you should also agree with me that with these stealthy schemes the unaware and uneducated user has to get into a lot of trouble to circumvent these trap-doors not to be fed with crap, junk and undesirable adware.
By coming here on a daily basis and with the Avast support forum education, we know what we are up against, but the average end-user/consumer just clicks and get infested or is abused so that a few rich may sit on some more piles of easy money. And we are living in days where you have to protect yourself, others are not doing this for you, at least no authority as I know of to halt the abuse or even condemn it. We are left out in the cold, we are completely on our own.
Damian
For the time being we still will have to learn and live with bloatware to come with devices
http://www.gfi.com/blog/its-time-for-devices-not-to-ship-with-unwanted-risky-software/
Link article author = Debra Littlejohn Shinder
polonus
But the counter-forces are also active as I see connections now for unknown.prolexic.com
Prolexic is The Global Leader in DDoS Protection and Mitigation.
polonus
A perfect example of what to use and what to avoid at Download.com
http://www.screencast-o-matic.com/screenshots/u/Lh/1425075676354-45672.png
For those of you that would like to try the Vivaldi Browser,
remember this lesson when you go to:
http://download.cnet.com/Vivaldi-Technical-Preview/3000-2356_4-76275671.html?tag=mncol;txt