More insecure security software: Comodo’s on-by-default VNC app

(credit: Tavis Ormandy)

A reasonable expectation of security software is that at worst it should make your system no less secure than would be without the software. Sadly, it often seems that such hardware fails to meet even this low bar.

Comodo Internet Security is a security suite that includes anti-virus, firewalling, and sandboxing to allow applications to be run in a notionally secure unprivileged environment. By default, it also includes a component called GeekBuddy. GeekBuddy is a VNC server, providing full remote access to your system. In May of 2015 it was pointed out that this VNC server was running without a password—yes, really—providing, at the very least, local privilege escalation. Sandboxed applications such as Google Chrome, or even those running in Comodo's own sandbox, could connect to this VNC server and have full access to your system.

With the right (or rather, in this case, wrong) network configuration, the VNC server might even be exposed to remote attackers.

Read 4 remaining paragraphs | Comments