News

The latest news from Comodo

Digital Verification

Why is it crucial to E-commerce success?

New York, 26th March 2004. Trustix™, provider of the worlds most secure Linux Operating System for Servers - Trustix™ Secure Enterprise Linux, today announces the release of a new flexible pricing system specifically designed with payment packages tailored to match the billing cycle of the web hosting community.

The demise of pay-per-incident support by Microsoft for NT towards the end of 2004 and the withdrawal by Sun Microsystems of the Cobalt brand, which holds some 21% of the Web Hosting market, is leaving a void that Trustix™ Secure Enterprise Linux is perfectly suited to fill.

"The Web Hosting community has always been a critical element to our success as the fastest growing Certification Authority in 2003. We have always listened to our web host customers and subsequently created packages which have met their needs both in terms of pricing levels and private branding capabilities for SSL. As the industry's leading secure operating system for servers Trustix™ Secure Enterprise Linux provides an excellent platform for web hosts whose customers are increasingly concerned with security yet also pay on monthly or quarterly payment plans. With our new flexible payment system, web hosts can effectively 'rent an OS' from us in perfect synergy with their own pricing models." comments Chief Financial Officer, Michael Whittam.

Providing protection against stack-smashing and buffer overflow attacks Trustix™ Secure Enterprise Linux includes the industries leading fully automatic update engine SWUP™. Recent enhancements also include full Samba 3.0 support and support for XFS, the high-performance journaling file system. With patch management now being such a critical feature of any business infrastructure SWUP™ removes all the headaches and provides stability for both the OS and the business it supports.

Pricing starts from $349 per server per year with full advantage of the FlexiPay scheme and options to purchase essential SSL certification services from the same one stop shop.

Any infrastructure that is built with inherent weaknesses is bound to crumble, sooner or later! Similarly, the huge potential of the Internet, e-commerce, and all it can offer cannot be expected to be realized and flourish long term unless its weaknesses in the areas of trust and security issues are addressed.

Establishing trust

How can you be sure of the credibility of an Internet retailer? You go to a website selling goods very cheaply, perhaps one third of the price you could pay elsewhere. You are suspicious, so you look at their website to see if they are authorised to sell these goods to you. Aha! - they have an "Authorised Dealer" logo displaying on their website. But, you think to yourself, ‘how come, this is too good to be true.’ Maybe it is maybe it is not – but you just don’t know. The real problem is that you don’t have any means of verifying this either!

The outcome might be that you decide not to buy it from this particular merchant, but stick to your tried and tested web merchants! Thus the inability to verify a logo or hallmark on a particular site stifles one of the benefits of the Internet, namely freedom of choice! You don’t know that the logo you see on a web site is authorised by the logo issuer. This is why the majority of us only shop with the known brands - lack of ability to establish Trust! And this is not because other sites don’t display logos saying they are authorised – it is simply the inability to verify the legitimacy of these logos.

Let us consider this in more detail. To the question of "Are you a fraudster" you will never get a "Yes" answer (unless you are "dumb fraudster" in which case we don’t mind you being a fraudster). An honest person will answer "of course I am not" and the fraudster will answer "of course I am not" (because he/she is a fraudster!). Generally, when we want a reference about a person or a company we go to third parties to get that reference, yet when it comes to Internet we have "click to verify" systems! Who is the dumb one here then?

How can we possibly be satisfied by a logo on a website that will offer us verification? By clicking to verify within the boundaries of the website’s control we are simply asking the website to provide us with the verification! It would be easy for the website authors to fake a verification page. So how do you know the supposed verification page is an authentic one? You don’t!

What is needed is a way of verifying the logos or hallmarks in online content in such a way that the website for whom the reference is required will not even be aware that the request for reference has taken place! After all, if the website does not know when you have requested the reference then it won’t know when to fake it!

How does the Physical world deal with Insecurities?

Consider a new British £10 note that we use in the physical world. In order for this banknote to be recognized as having its true value we have integrated ten different technologies to provide the following:

  • Feel of the paper
  • Micro Lettering
  • Metallic Thread
  • Print Quality
  • Fluorescence
  • Foil Hologram
  • Unique Numbering
  • Copyright
  • Watermark
  • Identification
Without verification, what would happen to our physical economy?

If we had none of the verification technologies mentioned above to verify the banknote, what would happen to our economy? Lets say that you are given a banknote and you don’t have a clue about its authenticity and no means to ascertain/verify it either - i.e., what if we had no verification technology - what would happen?

Quite simply there would be no economy! The only way an economy without verification technology could possibly work would be if everyone was completely trustworthy – a set of circumstances we cannot envisage even in another thousand years!

So, we need verification in the digital economy and probably even more than we do in the physical one. The only interface we have in the digital world is a few pixels of display on your computer monitor. In the physical world you can touch, smell, interact with the person you are transacting with. In the Digital world you just have an image, all you have is what you see on your monitor! So, we need verification technology even more in the Digital world than the physical world, unless everyone promises to be trustworthy from now on!

Verification allows online content to be verified

In a world where copying is as simple as a couple of ‘clicks’ of a mouse, digital content is worth a lot less than its physical counterpart, because there is no way of establishing authenticity. We need to know what is authentic or not otherwise there will be no trust.

Internet use should not be a simple replacement for conventional mail or telephone. We should not be using the Internet simply as our shop window or to send somebody email. The true potential of the Internet and our digital world is so much more - all we need is the technology to unlock these potentials.

Melih Abdulhayoglu
Chief Security Architect - Comodo Group

About Comodo

The Comodo companies provide the infrastructure that is essential in enabling e-merchants, other Internet-connected companies, software companies, and individual consumers to interact and conduct business via the Internet safely and securely. The Comodo companies offer PKI SSL, Code Signing, Content Verification and Email Certificate; award winning PC Security software;  Vulnerability Scanning services for PCI Compliance; secure e-mail and fax services.   

Continual innovation, a core competence in PKI, and a commitment to reversing the growth of Internet-crime distinguish the Comodo companies as vital players in the Internet's ongoing development. Comodo secures and authenticates online transactions and communications for over 200,000 business customers and 3,000,000 users of our desktop security products. 

For additional information on Comodo - Creating Trust Online® visit Comodo.com

For more information, reporters and analysts may contact:

Comodo
Email: media-relations@comodo.com
Office: +1 (888) 266-6361