Privdog is Superfish all over again

Martin Brinkmann
Feb 23, 2015
Updated • Mar 3, 2015

Privdog is a privacy protection software that is available as a standalone product for the Google Chrome Microsoft Internet Explorer and Mozilla Firefox web browser and bundled with select Comodo products including Comodo Dragon and Internet Security.

According to Comodo's website it ships with the company's Internet browser and Internet Security products. The company did not bundle the standalone version of PrivDog with its products though.

A user on Hacker News noted that the Superfish test would return a hit even though Superfish itself was not installed on the system. After some analysis it appeared that the privacy software Privdog was the culprit in this case.

Note: I installed the latest version of Comodo Dragon on a test system and it shipped with Privdog. It did not install a root certificate on the other hand.

Privdog has been designed to block certain trackers and advertisement from showing up while you browse the Internet. It blocks all advertisement that is not hosted directly on the domain you are visiting and replaces it with AdTrustMedia advertisement.

What's worse however is the fact that it installs a certificate on the system as well. While it does not share the same key on all installations, it has an arguably even bigger flaw than that: it intercepts all certificates and replaces them with one signed by its own root key.

All in this regard means valid and invalid certificates which in turn means that the browser you are using accepts any certificate regardless of whether it is valid or not.

That's bad on many levels and means basically that you are not secure while Privdog's certificate is installed on the system.

It is therefore highly suggested to remove the software from the system and make sure that its root certificate is gone too after the removal. If it is not, you need to remove it manually from your system which you can do in the following way:

  • Tap on the Windows-key, type mmc.exe and hit enter.
  • Go to File -> Add/Remove Snap-in
  • Pick Certificates, click Add
  • Pick Computer Account, click Next
  • Pick Local Computer, click Finish
  • Click OK
  • Look under Trusted Root Certification Authorities -> Certificates

In case you are wondering what the connection between Comodo and PrivDog is: the CEO and founder of Comodo seems to be behind Privdog as well.

So why is this Superfish all over again? Both products add a root certificate to the user's computer and both make the user's computer insecure in the process and are used to earn revenue for the parent company. While they don't work the same, Privdog is arguably worse in terms of security than Superfish, they have been designed for the same purpose.

Privdog is Superfish all over again
Article Name
Privdog is Superfish all over again
Find out why Privdog is as bad as Superfish when it comes to Internet Security and what you should do about it.

Previous Post: «
Next Post: «


  1. Jojo said on February 25, 2015 at 8:25 am

    Per the article below, the certificate replacement only occurred in the recently released stand-alone version of Comodo’s PrivDog. This does not happen in the browser extension in Comodo Dragon.

    However, I have removed the PrivDog browser extension from Comodo Dragon anyway. I have AdBlock Plus installed, so why do I need PrivDog anyway?
    SSL-busting adware: US cyber-plod open fire on Comodo’s PrivDog
    Superfish sequel: I’m looking at the man in the middle
    24 Feb 2015 at 11:01, John Leyden

  2. PhoneyVirus said on February 24, 2015 at 11:51 pm

    Apparently I don’t have Privdog’s certificate installed on the system and did a check from the link in the comment selection returns clean with Mozilla Firefox.

    Martin can you take the Untrusted certificate and moved them to Trusted Root?

    Example certificate or is that how it even works, this was kinda where I left off with the operating system years ago before I lost my mind with the machines. Pure Administration tasks that took extreme testing and tweaking. Nonetheless thanks for the information on Privdog’s certificate.

    Thanks for the Article Martin

  3. Eli said on February 24, 2015 at 7:33 pm

    Here’s a handy online tool that will check if your vulnerable to these recent blunders.

  4. Ashrak007 said on February 24, 2015 at 12:37 am

    Got tired of CIS and all the problems with it recently. Like blocking Xbox. Switched to Windows Firewall Control from BiniSoft.

  5. Jojo said on February 24, 2015 at 12:31 am

    SSL-busting code that threatened Lenovo users found in a dozen more apps
    “What all these applications have in common is that they make people less secure.”
    by Dan Goodin – Feb 22, 2015 12:45pm PST

  6. smaragdus said on February 23, 2015 at 9:44 pm

    Using any Comodo product is a major security risk, I would never touch a program that comes from companies like Comodo and IObit for example.

  7. Jojo said on February 23, 2015 at 8:10 pm
  8. Eli said on February 23, 2015 at 7:28 pm

    Here is the advisory from the privdog team.

    Still cause for worry?

  9. Nerdebeu said on February 23, 2015 at 7:16 pm

    I tried Chromodo which is bee to run the Virtual Desktop (SandBox) of the Comodo security Suite.

    If one removes the embedded privatdog extension and after the certificate, simply restart the browser and the certificate reappears

    I use CIS, but during the installation of the suite, I decline the Privatdog installation that is not installed on the PC. So it is the browser itself which installs the certificate…

    1. Jojo said on February 23, 2015 at 7:56 pm

      I did not find a Privdog cert on my machine. But there are plenty of Comodo certs. Some ar elikely added by their firewall but Comodo is considered a “trusted publisher” and I think Microsoft also adds [at least] their root cert on any Windows build.

      1. Nerdebeu said on February 23, 2015 at 8:31 pm

        If I delete the certificate, it disappears.
        If I do not run the browser integrated into the virtual desktop (Chromodo), the certificate is not in the list.
        If I run the built-in browser, as soon as the certificate reappears in the list.
        During the installation of the Firewall, I refuse Privatdog, it is just the launch of the browser that creates the certificate. (even if it deletes its extension)

  10. chesscanoe said on February 23, 2015 at 5:54 pm

    Additional actual and potential vulnerabilities are described here – it’s not just Lenovo.

  11. Bauerston said on February 23, 2015 at 5:36 pm

    OK, so Comodo & Lenovo just earned a permanent slot on the consumer blacklist– do not use/buy any of their stuff. They can not be trusted. The US military banned Lenovo products about two years ago for that reason

    Sony BMG earned the blacklist ten years ago with their CD DRM rootkit scheme. The temptation to go-rogue must be very strong even for nominally reputable companies. They calculate that extra profits will outweigh the risk of discovery of their schemes… and there are always more tricks to try if they get caught. Consumer boycott of all their products is the effective way to react.

    1. clas said on February 24, 2015 at 3:02 pm

      Bauerston …yes, i agree…i added lg to that list as it seemed they started that “phone home” deal.

  12. chesscanoe said on February 23, 2015 at 4:33 pm

    Perhaps it’s appropriate in their Feedback to tell them of additional exposures or information.

  13. Straspey said on February 23, 2015 at 3:55 pm

    For those who are interested, over at How-to-Geek, Lowell Heddings has posted a similar article today about this topic:

    **Don’t use Comodo, Their Crapware Completely Breaks the Fundamental Security of the Web!

  14. br0adband said on February 23, 2015 at 3:38 pm

    Just for the record, it’s much easier to just:

    – click Start (or tap the Windows key on a keyboard)
    – type certmgr.msc (and press Enter) to get the Certificate Manager

    1. clas said on February 24, 2015 at 3:00 pm

      thanks broadband…so easy

    2. RodsMine said on February 24, 2015 at 3:23 am

      An article about Superfish said certmgr.msc displays certificates at the user level and the Superfish certificate is installed at the computer level; thus Martin’s procedure to display the computer-level certificates.

  15. anon said on February 23, 2015 at 12:43 pm

    I have CIS installed and I can’t find the privdog certificates even after following your advices.

  16. Day said on February 23, 2015 at 10:50 am

    hey martin, can you check adguard for windows desktop too?
    I’m using it & to me it seems, that it works in a similar manner to this:

    1. Martin Brinkmann said on February 23, 2015 at 11:40 am

      Did you run it against the Superfish test site?

      1. Dany said on February 23, 2015 at 12:33 pm

        acc to that site, my system seems ok?
        Also no other SSL-disabling product was detected on your system.

        but i still have adguard cert. on all https websites, maybe this is the way they provide adblocking on https sites?
        guess i should ask the developer

      2. Martin Brinkmann said on February 23, 2015 at 12:39 pm

        Dany, that was my first thought as well. Maybe it is using the cert to protect you own https pages as well. I do think it is best to ask the developers to see what they have to say about it. I just checked the homepage briefly but could not find many information about the implementation on it.

  17. Tom Hawack said on February 23, 2015 at 10:43 am

    Privdog, but not only. Self-signed certificates on the go, using evil to combat evil …

    Two more software makers have been caught adding dangerous, Superfish-style man-in-the-middle code to the applications they publish. The development is significant because it involves AV company Lavasoft and Comodo, a company that issues roughly one-third of the Internet’s Transport Layer Security certificates, making it the world’s biggest certificate authority.

    Now Lavasoft (I mean Lavasoft itself! using Komodia which self-signed its certificate in the same way as SuperFish and Privdog) is concerned with its Ad-aware Web Companion

    This is the end or the beginning, my friend?

    1. Tom Hawack said on February 23, 2015 at 10:54 am

      Forgot to include the link of the quote’s source : / security / 2015 / 02 / security-software-found-using-superfish-style-code-as-attacks-get-simpler/

  18. Tom Hawack said on February 23, 2015 at 10:19 am

    And the beat goes on. Lenovo & Superfish, Comodo & Privdog, what next (to be discovered)?
    How can certificates be issued so easily? I ignore everything of the mechanism but at the end, that is at the user’s start : who, what to trust? Is the Internet becoming a no man’s land?

  19. alan said on February 23, 2015 at 10:10 am

    I am not surprised considering the shady nature of their CEO..
    I used their firewall in the past not a bad product, but unnecessary for me today on systems newer than XP.

    1. Guest said on February 23, 2015 at 9:21 pm

      I used to use Comodo HIPS, then it turned to shit with a large update (version 6 if I recall)
      Using Online Armor now, it’s free, and so far I’ve found it more powerful than Comodo HIPS was even.

      Don’t kid yourself though that you’re secure without a HIPS defense just because you’re no longer on XP. Since I’ve started using HIPS, I won’t go back to computing without.

      1. intelligencia said on February 23, 2015 at 9:58 pm

        I have been using Armor Online for a long time and I love it . . . ’cause it works and it’s F-R-E-E!
        (I did not pay anything for it but plan to upgrade to a paid version in the future – – as it is Definitely Worth IT!)


      2. Boris said on February 23, 2015 at 9:36 pm

        Online Armor is shareware (not free)

    2. dwarf_t0ssr said on February 23, 2015 at 3:31 pm

      Comodo firewall was great on XP. Used Zonealarm before that, and currently use Windows Firewall Control on 7. Gotta have the pop-ups heh.

  20. Vignesh said on February 23, 2015 at 10:08 am

    It should be “Note: I installed the latest version of Comodo Dragon on a test system” instead of “Note: I installed the latest version of Comodo Dragon on a text system”.

    1. Martin Brinkmann said on February 23, 2015 at 10:23 am

      You are right, thanks for spotting the typo. Corrected.

  21. MarkB said on February 23, 2015 at 10:04 am

    Doesn’t Commodo Dragon bill itself as the chromium browser with added security and privacy features? Bit ironic isn’t it.

  22. Jojo said on February 23, 2015 at 9:47 am

    Here is a post in the Comodo PrivDog help forum:

    As of right now, it has gotten 22 views but no replies.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.