CFP3/Help Guide/Defense Task Center/Trusted Software Vendors

From ComodoWiki

Defense+ Tasks > Common Tasks - My Trusted Software Vendors

Comodo Firewall Pro can now validate digitally signed applications from trusted vendors. Trusted Vendors are those companies that digitally sign 3rd party software to verify it's authenticity and integrity. This signature is then counter-signed by an organization called a Trusted Certificate Authority. By detault, Defense+ will detect software that is signed by a software vendor and counter-signed by a Trusted Certificate Authority. It will then automatically add that software to the Comodo safe list.

The 'My Trusted Software Vendors' section can be found by navigating to Defense+ > Common Tasks > My Trusted Software Vendors.



Click here to read background information on digitally signing software
Click here to learn how to Add / Define a user-trusted vendor

Background

Many software vendors digitally sign their software with a code signing certificate. This practice helps end-users to verify:

(i) Content Source: The software they are downloading and are about to install really comes from the publisher that signed it.

(ii) Content Integrity: That the software they are downloading and are about to install has not be modified or corrupted since it was signed.

In short, users benefit if software is digitally signed because they know who published the software and that the code hasn't been tampered with - that are are downloading and installing the genuine software.

The 'Vendors' that digitally sign the software to attest to it's probity are the 3rd party software developers. These are the company names you see listed in the first column in the graphic above.

However, companies can't just 'sign' their own software and expect it to be trusted. This is why each code signing certificate is counter-signed by an organization called a 'Trusted Certificate Authority'. 'Comodo CA Limited' and 'Verisign' are two examples of a Trusted CA's and are authorized to counter-sign 3rd party software. This counter-signature is critical to the trust process and a Trusted CA will only counter-sign a vendor's certificate after it has conducted detailed checks that the vendor is a legitimate company.

All files that are signed by the listed 'vendors' will be automatically trusted by the Defense+ module of Comodo Firewall Pro. (if you would like to read more about code signing certificates, see http://www.instantssl.com/code-signing/).

One way of telling whether an executable file has been digitally signed is checking the properties of the .exe file in question. For example, the main program executable for Comodo Firewall Pro is called 'cfp.exe' and has been digitally signed.

• Browse to the (default) installation directory of C:\Program Files\Comodo\Firewall

• Right click on the file 'cpf.exe'

• Select 'Properties' from the menu

• Click the tab 'Digital Signatures' (if there is no such tab then the software has not been signed)

This willl display the name of the CA that signed the software as shown below:


Click the 'Details' button to view digital signature information. Click 'View Certificate' to inspect the actual code signing certificate. (see below)



It should be noted that the example above is a special case in that Comodo, as creator of 'cpf.exe', is both the signer of the software and, as a trusted CA, it is also the counter-signer (see the 'Countersignatures' box). In the vast majority of cases, the signer or the certificate (the vendor) and the countersigner (the Trusted CA) will be different. See this example for more details.

Adding and Defining a user-trusted Vendor

A software vendor can be added to the 'Trusted Software Vendors' list in two ways:

• By reading the vendor's signature from an executable file on your local drive

• By reading the vendor's signature from an running process

Click the add button on the right hand side and select 'Read from a signed executable...'. Browse to the location of the executable your local drive. In the example below, we are adding the executable 'YahooMessenger.exe'.

After clicking 'Open', Comodo Firewall will check that the .exe file is signed by the vendor and counter-signed by a Trusted CA. If so, the vendor (software signer) will be added to the Trusted Vendor list:

In the example above, Comodo Personal Firewall was able to verify and trust the vendor signature on YahooMessenger.exe because it had been counter-signed by the trusted CA 'Verisign'. The software signer 'Yahoo! Inc' is now a trusted vendor and is added to the list. All future software that is signed by the vendor 'Yahoo! Inc' will be automatically added to the Comodo safe list UNLESS you change this setting in Defense+ settings.

Comodo Firewall Pro also allows you to add a trusted vendor by selecting from processes that are currently running on your PC. To do this, click the 'Add...' button and select 'Choose from a running process...':

Select the signed executable that you want to trust and click the 'Select' button. Comodo Firewall Pro will perform the same certificate check as described above.

If the firewall cannot verify that the software certificate is signed by a Trusted CA then it will not add the software vendor to the list of 'My Trusted Vendors' . In this case, you will see the following error message:

Note - The 'My Trusted Software Vendors' list displays two types of software vendors:

• User defined trusted software vendors - As the name suggests, these are added by the user via one of the two methods outlined earlier. These vendors can be removed by the user by selecting and clicking the 'Remove' button. All software created by user certified vendors is automatically added to the firewall safelist.
  

• Comodo defined trusted software vendors - These are the vendors that Comodo, in it's capacity as a Trusted CA, has independently validated as a legitimate company. Comodo certified vendors are hardcoded into the firewall and cannot be removed. All software created by Comodo certified vendors is automatically added to the firewall safelist.