Chinese Security Vendor Qihoo 360 Caught Cheating In Anti-virus Tests

Bismillah writes: China's allegedly largest security vendor Qihoo 360 has fessed up to supplying custom versions of its AV for testing according to an investigation by Virus Bulletin, AV-Comparatives and AV-Test. "On requesting an explanation from Qihoo 360 for their actions (PDF), the firm confirmed that some settings had been adjusted for testing, including enabling detection of types of files such as keygens and cracked software, and directing cloud lookups to servers located closer to the test labs. After several requests for specific information on the use of thirdparty engines, it was eventually confirmed that the engine configuration submitted for testing differed from that available by default to users."

Finally

Qihoo has been a joke in China for a long time. They finally made their way to the international platform. Good.

A Chinese.

Re:Finally

Chinese here too.

360 is no "joke" in all seriousness. They are bullies, really badass bullies.

They "kidnapped" hundreds of thousands of terminals (PC/Phone/browser) by disguising themselves as a "security guard", telling users what is bad and what is good, and then blackmail developers and websites to bribe them to get into their "good" list.

My company has a website that only shows text and picture news and contact info and stuff. One day 360 decided to reported our website as "security threat" and show warning on ALL 360 browsers (which is A LOT).

We contacted them, they told us to put "a security script" into our server. Once they confirmed the script is in place, they re-score our website to 100-OK, without asking us to modify/patch anything.

What that script does (thankfully it's PHP so it's naturally "open source") is scanning our whole www directory, upload whatever info they want, and even modify our code whenever they like.

Oh, and they also labeled my company's phone number as scam in their "smartphone guard", even though we've been using it for years.