Comodo Internet Security installs and launches a VNC server by default.
Tavis Ormandy, a security researcher from Google Project Zero, has discovered yet another problem with a software product from Colomo. This time software at issue is Comodo Internet Security, which installs and launches a VNC server, allowing remote access to the PC, by default.
As it turned out, when this product is being installed, a new browser called Chromodo is installed too. Chromodo is a modified version of the browser Chrome. Chromodo looks very much like Chrome and imports all the user’s settings, cookies, etc.
According to the researchers, when a user installs such products as Comodo AntiVirus, Comodo Firewall or Comodo Internet Security, on his or her OS Windows computer, the application GeekBuddy is installed too with the purpose of providing remote tech support.
GeekBuddy, in its turn, installs and starts a VNC server with admin privilege that can be accessed via local network. During certain period, there wasn’t any password protection on the server. Later, Comodo changed the situation for the better, though the passwords set by the company appeared to be easily predictable, says Ormandy. “Any authorized user or software started in the system could get a password from Windows registry and raise privileges after getting access to the server. It is not hard to guess the password, as it is short, simple and predictable”, Ormandy noted.