ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > Living Room

Preloaded spyware, courtesy Lenovo

<< < (5/7) > >>

Target:
I think the most irritating thing here is that these are 'trusted' vendors

Comodo seems to be a well regarded security vendor which is doubly disturbing (though i suppose not altogether surprising, it's not like it's the first time something like this has happened)

ewemoa:
So when will legitimate security vendors (whoever they might be) start reporting when there are fishy root certs installed?  Because I don't know about you, but when I look at the collection of root certs installed on my machine (run the certmgr.msc management console plug-in program), there's no way I could say which (if any) didn't belong. 

There are 100 or so certificates (including 27 "Untrusted certificates") installed on my system - and I think that my anti-malware should tell me if they're OK or not.
-mwb1100 (February 23, 2015, 11:50 PM)
--- End quote ---

I agree about it being impractical to tell -- didn't have that many here, but there were a few completely unfamiliar ones.

Something to help assess what should and shouldn't be there does sound like it could be useful....not sure how practical and effective it would end up being, though perhaps much better than nothing.

Wouldn't really trust what one specific vendor had to say about a specific cert (cf. the value of VirusTotal, Jotti, etc.), but with a collective assessment, may be some suspicious things could be detected.

SpoilerIt's not like the whole root cert idea is foolproof, but that would be a different type of discussion I guess :)

ewemoa:
I think the most irritating thing here is that these are 'trusted' vendors

Comodo seems to be a well regarded security vendor which is doubly disturbing (though i suppose not altogether surprising, it's not like it's the first time something like this has happened)
-Target (February 23, 2015, 11:57 PM)
--- End quote ---

So where's our "anti-virus / security vendor" scanner ;)

Stoic Joker:
There are 100 or so certificates (including 27 "Untrusted certificates") installed on my system - and I think that my anti-malware should tell me if they're OK or not.-mwb1100 (February 23, 2015, 11:50 PM)
--- End quote ---

Why? SSL Certs only serve to verify the identity of the entity on the other end of a connection ... Not the purity of their intentions..

mwb1100:
There are 100 or so certificates (including 27 "Untrusted certificates") installed on my system - and I think that my anti-malware should tell me if they're OK or not.-mwb1100 (February 23, 2015, 11:50 PM)
--- End quote ---

Why? SSL Certs only serve to verify the identity of the entity on the other end of a connection ... Not the purity of their intentions..
-Stoic Joker (February 24, 2015, 06:31 AM)
--- End quote ---

Because a company that is in the business of to helping deal with malware on my computer is in a better position to track certs that are known to be used for MITM schemes than I am.  Or they could track certs that are trustworthy and flag the other ones as something suspect.  That's what some of the more aggressive anti-malware does with programs.

I'm not sure how it would work. I'm just suggesting that it's a service that I would like to be included in the package for the fee that I'm paying.

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version