[LINK] One for privacy and security

David Boxall david.boxall at hunterlink.net.au
Tue Sep 20 20:49:38 AEST 2011


I ran across mention of Comodo Dragon at 
<http://www.techishare.com/tech/comodo-dragon-vs-google-chrome-updated/> 
and decided to give it a try. So far, I'm impressed.

Google Chrome's behaviour is a bit of a worry.

 From 
<http://forums.comodo.com/help-cd/how-is-dragon-better-t67998.0.html;msg481398#msg481398>
Comodo Dragon internet browser is based on the source code of Google 
Chrome browser but has a number of improvements, which includes fixes 
some privacy and security improvements.

ADDED Certificate Domain Validation checking warning
Comodo Dragon uses advanced domain validation technology originally 
developed in Comodo Verification Engine.  It performs additional 
analysis of a domain's SSL certificate to warn about those that been 
issued with Domain Only Validation.

FIXED Client identification number privacy issue.
Comodo Dragon fixes this privacy issues, which exists in Chrome browser. 
Chrome creates an ID for each client (user). This security gap 
theoretically can be used to identify a user. This ID has been removed.

REMOVED RLZ-Tracking capability.
RLZ-Tracking is a Chrome's feature which informs Google about when and 
where the browser has been downloaded. This capability has been removed 
in Dragon. This has been done to protect user privacy

Comodo's traditional product update technology is used.
Dragon uses Comodo's own installer and update technology. Chrome, on the 
other hand, checks for updates and makes update via Google Updater, 
legality of which was put under question by Red Bend Software. Google 
Updater was entirely eliminated in Dragon

REMOVED error reporting mechanism.
Error reporting is used by Google to find and remove problems in their 
software however the information, which is sent to Google,  includes 
some data about the computer's software. In case it this information is 
intercepted by an attacker, it can be used to reveal vulnerabilities in 
the computer's security system. Comodo Dragon has eliminated this 
mechanism is order not to compromise user's security and privacy.

REMOVED installation time-tracking.
Comodo's installation technology doesn't use and store information about 
when the software was installed and updated, all actions are based only 
on your current version number, whereas Chrome installation stores 
detailed (up to the second) information about software installation time

ADDED smart software removal
During software remove Dragon asks user whether he or she wants to keep 
user preferences data (home page, search engine customizing, etc) and 
leaves or removes user profile based on his or her choice. This is done 
for user's convenience. Leaving user's profile on your computer is 
recommended if you are going to return to using Dragon in future

EXCLUDED remote error pages usage
Dragon uses locally stored error messages (such as "Page not found"), 
whereas Chrome in its default configuration uses server-stored error 
messages. In Dragon information about your network input errors is 
limited to your browser instead of being sent to Google’s remote server.

-- 
David Boxall                    |  Any given program,
                                |  when running correctly,
http://david.boxall.id.au       |  is obsolete.
                                |       --Arthur C. Clarke




More information about the Link mailing list