Comodo, Lavasoft software bundled with Superfish-type code

Comodo in hot water

Lenovo is not the only one in adware hot water after separate reports accuse two antivirus software providers of using a similar exploit to Superfish.

Reports implicate both Lavasoft and Comodo in schemes that use secure socket layer (SSL) technology in different ways but are mainly focused on monitoring SSL traffic in some shape or form.

In the first case, Lavasoft's Ad-aware Web Companion was found to include the SSL-interception technology sold by Komodia that was at the heart of Superfish and 14 other programs.

The proxy software works by tricking browsers into trusting any self-signed certificate and Lavasoft put it inside the Web Companion to intercept and monitor SSL traffic.

Comodo's case, meanwhile, involves its Internet Security suite that comes with PrivDog built in, which apparently makes browsers trust any self-signed certificate and leaves users open to man-in-the-middle attacks and complete bypasses of HTTPS protection.

Still out there?

PrivDog is, according to Comodo, a piece of software that bolsters security by taking ads from web pages and replacing them with ads from sources that are trusted.

Lavasoft has so far been unable to confirm if the compromised part of Komodia SSL Digestor has been fully removed whereas Comodo has not come out publicly to comment on the PrivDog software.

Via: Ars Technica