Firewall Provider Comodo CEO and Chief Security Architect A featured guest on popular radio program ComputerAmerica.
Comodo’s Melih Abdulhayoglu discusses strategy behind push to protect every computer in the world for free.
For nearly a decade Melih Abdulhayoglu, Chief Security Architect and CEO of Comodo has been exploring technologies that provide online security and safety for both consumers and businesses. In a recent interview with host Carey Holzman of Craig Crossman’s ComputerAmerica, Melih discussed how Comodo has been actively working to make the Internet more secure, more authenticated, and more verifiable for free for consumers.
An edited transcript of the interview with Melih Abdulhayoglu’s follows. (The broadcast aired on March 19, 2007 at 7:00 PM PST. The host was Carey Holzman (CH), is the author of a number of publications including The Healthy PC).
CH: Our guest tonight is the Chief Security Architect and CEO of Comodo, Melih Abdulhayoglu. They are the makers of a free firewall.
CH: You have an interesting product, can you tell us about it?
MA: Thank you. Sure. We thought, “Why not build one of the best firewalls around and give it away for free?”. And [then] we went ahead and did that.
CH: I like that thought, but while there are lots of good firewalls, the problem is that people don’t know how to use them. They don’t know if an application wants to access the internet, whether they should allow it or not. So they end up clicking “No” and ultimately locking themselves out of their computer, or they “allow all” which defeats the whole point of having a firewall. Melih, could you tell me how Comodo is different from other firewalls, paid or free?
MA: Sure. When the firewall is asking this question, it is checking to see what sort of executable application is running on your computer trying to make a connection to the Internet. The reason it is asking is because it does not know what that specific application is about. So we thought, “Why not create a huge safe list with a safe list of applications so that your firewall will ask you less often?”
CH: Yes, that’s mind blowing. Usually 90% of us use regular programs, yet firewalls force people to allow access each and every time one of these people tries to access that program. How many applications do you have in your safe lists that are known to be safe?
MA: We have around 300,000 applications at the moment.
CH: Wow, 300, 000!
MA: And we are getting 3,000 executables a day to review. On daily basis, we keep updating our lists.
CH: And what about some hacker putting something in your safe list?
MA: That’s where being the world’s 2nd largest Certification Authority comes in. We are the guys who put the padlock on websites, so we have full Public Key Infrastructure. What that means is we have the ability to digitally sign a file so that any modification to it can be protected. If any modification is made, our firewall will know about it and it would reject it.
CH: Is your firewall fast and light-weight or is it going to strain my system resources?
MA: A firewall is all about controlling and stopping malware from making a connection from your home to the Internet. So, how do you test firewall security? This is known as the “leak test”. What you do is see is if your firewall is leaking or not. According to independent tests, in terms of having best scoring leak test, we scored top of the list. And we do it in a way whereby it don’t take too much system resources.
CH: OK but I could be sending data right now and just not know it
MA: That is one of the biggest problems facing us today. I mean, look at spam. 80% of it comes from Zombie computers that have not been protected. Somehow we are going to have to protect all of those machines or else the army of Zombie PCs will deter all of us from using the Internet.
CH: That’s true.
CH: Is there any plan of selling or charging for this firewall or other desktop security products?
MA: No, anything in desktop security that we are going to give to consumers is free.
CH: God bless you. So how do you get paid?
MA: Very good question, actually. Let me explain. First of all, why free? Someone has to provide it for free since the problems we are facing today from spam to spy ware are all because we don’t have our machines secured. Many people around the world cannot afford $60 or $70 in countries such as China where the average income is about 100$ a month. So what happens is that all of those machines are left vulnerable, and China has the second largest Internet population in the world.
So spam, spyware, and hacking often come from these machines. To solve this problem, we need to create the idea of a secure and trusted Internet. Once we have done that, we need to come up with a business model that allows us to make money from that.
By giving free products to end-users, we are creating a secure ecosystem for our users and our online businesses. In return, businesses pay Comodo to protect their websites. So, the more users we have using our firewall, the more trusted the Comodo brand is, and the more business customers will choose Comodo to secure their online environment. Our customers are happy because they are using our services to protect their websites and consumers are happy because they can do business online confidently.
CH: That sounds like a good plan. When it comes to AV or firewall, I am a big believer in paying money in exchange to getting something back. But with many solutions, you pay to not get anything.
MA: That’s a very important point. Imagine that there is a burglar alarm that only recognizes certain burglars but not all burglars. That’s the current flawed model for anti-virus solutions. You can no longer use what is known as black listing technologies and only stop known malware.
Let’s look it in this way. In the physical world, there is a door. The door is your ‘prevention’. Also, you have a burglar alarm. The burglar alarm is your ‘detection’. Thirdly, you have insurance. Insurance is your ‘cure’. In a security system, you need all three. You need prevention, detection and cure. In today’s security solutions, there is no ‘prevention’ – only ‘detection’ technologies such as AV and firewall. For example, in our next version of firewall, is going to have what is known as HIPS to include prevention technologies. What HIPS does is, instead of setting the default to be “allow”, we are changing it so the default is “deny”.
CH: Companies like McAfee seem like they have lost the way. They put in lots of processes, features, and packaging and ended up with product that was heavy. They give you big boxes and charge $20 or $30 more. What makes Comodo different?
MA: Well, first of all, we have the luxury of not charging people, so we don’t have to justify the price by including lots stuff that people don’t need. You know, adding features for more and more functionality makes the product not feasible.
CH: That’s good to hear, and that’s promising in the future. I note that on your website “free” means “free for your firewall, antivirus, email security certificate free and password manager free”. Tell me about those.
MA: We believe everyone should be offered free desktop security because it’s in everyone’s interest to create a more secure and trusted Internet. We are the guys that let you encrypt and digitally sign your email for free. We have products like password manager, backup product, and also a very innovative tool called Verification Engine. This solves the problem of not knowing whether graphics on a site, like a credit card logo, are authentic. We have the only technology in the world to verify the web content with VerificationEngine. So, with these technologies, we are going to create a trusted Internet for everyone.
CH: Anything you want to mention in our last few moments?
MA: All we want to gain is our users’ trust. As users trust Comodo, they will trust websites protected by Comodo and more business will trust our solutions. That is how we want to Create Trust Online.
CH: So everybody who sees or hears this show, get a free copy of the firewall. If you install it, give us your feedback. Thank you.
With over 1,000,000 customers worldwide, Comodo, through its family of companies, is a leading Certification Authority and global provider of Identity and Trust Assurance services on the Internet. Comodo offers businesses and consumers the intelligent security, authentication and assurance services necessary to ensure trust in online transactions.
With global offices in the US, UK, Ukraine and India, Comodo helps enterprises address digital ecommerce and infrastructure needs with reliable, third generation solutions that improve customer relationships, enhance customer trust and create efficiencies across digital ecommerce operations. Comodo’s solutions include SSL Certificate, Enterprise Security solutions, PCI compliancy services, Web Content authentication, Secure Email Certificate, integrated Web hosting management solutions, infrastructure services, Desktop Security Solutions, Code Signing Certificate, digital e-commerce white list technologies, Two Factor identity assurance and Vulnerability Management Solutions.
For more information, reporters and analysts may contact:
Office: +1 (888) 266-6361