Slashdot Mirror

← Back to Stories (view on slashdot.org)

Chinese Security Vendor Qihoo 360 Caught Cheating In Anti-virus Tests

Posted by Soulskill on from the hand-in-the-virus-jar dept.

Bismillah writes: China's allegedly largest security vendor Qihoo 360 has fessed up to supplying custom versions of its AV for testing according to an investigation by Virus Bulletin, AV-Comparatives and AV-Test. "On requesting an explanation from Qihoo 360 for their actions (PDF), the firm confirmed that some settings had been adjusted for testing, including enabling detection of types of files such as keygens and cracked software, and directing cloud lookups to servers located closer to the test labs. After several requests for specific information on the use of thirdparty engines, it was eventually confirmed that the engine configuration submitted for testing differed from that available by default to users."

10 of 63 comments (clear)

  1. Finally by Anonymous Coward · · Score: 2, Interesting

    Qihoo has been a joke in China for a long time. They finally made their way to the international platform. Good.

    A Chinese.

    1. Re:Finally by Anonymous Coward · · Score: 5, Interesting

      Chinese here too.

      360 is no "joke" in all seriousness. They are bullies, really badass bullies.

      They "kidnapped" hundreds of thousands of terminals (PC/Phone/browser) by disguising themselves as a "security guard", telling users what is bad and what is good, and then blackmail developers and websites to bribe them to get into their "good" list.

      My company has a website that only shows text and picture news and contact info and stuff. One day 360 decided to reported our website as "security threat" and show warning on ALL 360 browsers (which is A LOT).

      We contacted them, they told us to put "a security script" into our server. Once they confirmed the script is in place, they re-score our website to 100-OK, without asking us to modify/patch anything.

      What that script does (thankfully it's PHP so it's naturally "open source") is scanning our whole www directory, upload whatever info they want, and even modify our code whenever they like.

      Oh, and they also labeled my company's phone number as scam in their "smartphone guard", even though we've been using it for years.

    2. Re:Finally by The+MAZZTer · · Score: 2

      You should put the PHP script on a copy of your website that you only serve to 360. It would seem to be a tactic they approve of.

    3. Re:Finally by LordLimecat · · Score: 2

      How about the fact that if you think the NSA does some crazy malware stuff with Flame and Stuxnet, at least they tend to confine it to foreign political targets. China has probably the largest censorship and MITM infrastructure in the world, and actively uses it to pull average citizens into a government run botnet to DDOS western sites.

      Not to mention that any sufficiently large business needs to have the explicit blessing of the powers that be in China.

      All of that combined means you would have to be crazy to trust Qihoo; the FSB-affiliated Kaspersky is more trustworthy. Installing Qihoo gives one of the most technically competent, politically repressive organizations in the world root access to your computer. That more than anything is sufficient reason to not use them.

      Call me when Symantec has close ties to a government that denies the Tianenmen Square massacre and actively represses search results on it.

  2. Isn't "Chinese Security Vendor" an oxymoron? by swb · · Score: 2

    Any sufficiently sophisticated Chinese security security product to be of any use will either be compromised by the Chinese government "in the interest of domestic social harmony" or for national security/military/espionage.

  3. Broken test? by AmiMoJo · · Score: 3, Insightful

    If the test is checking for non-virus files like keygens it sounds like the test is broken. AV software should detect things that are harmful to your computer, not things that software vendors don't like but are otherwise harmless.

    I'm not surprised they ship with keygen detection off in China.

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    1. Re:Broken test? by AmiMoJo · · Score: 2

      Sure, sometimes keygens are trojans as well, but those are covered under the heading "virus". Most anti-virus software also detects perfectly harmless keygens these days, supposedly to "protect" the user from "accidentally" generating a key and pirating software.

      I use some keygens for old software that can't be bought any more. It would be lost to the world without those keygens. I even had keys for some of it, e.g. a Windows 98 serial that was stuck (with a non-removable sticker) to the side of an ancient PC case long ago sent to the dump, and which I now want to install in a VM to play some old games that don't work on Windows 7.

      I don't want my AV software deleting those perfectly safe files, thanks. I'm already paranoid enough to run them in a disposable VM anyway.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  4. Not really an issue by ITRambo · · Score: 3, Informative

    The company submitted 360 Total Security with Bitdefender enabled to the antivirus test firms. It was very highly rated. The 360 TS and TSE base products let you enable Bitdefender and Avira engines, but does not come with them pre-enabled. They also have a version that comes with Bitdefender enabled called 360 TSE Enhanced. This is what was submitted, as I understand this issue. I'm not convinced that there was any "trickery". It more than likely was poor communication between the firms.

    1. Re:Not really an issue by tnk1 · · Score: 2

      Right. There's no issue with them putting their best foot forward if this is something you can get with the basic product.

      However, if you have to enable these features AND you have to pay for them, that's a different product. The danger is that the reviewers rate their "basic" product as a top-rated AV product. Then people flock to get this basic product over the basic offerings of other AV companies who did not rate as well, but might well have a better "basic" product.

      It's basically bait and switch, and probably fraudulent. It seems like every crime in China can get you executed or sent to a camp, so the fact that so many Chinese companies work this way makes me think that China itself has a very different view of what makes up a fraudulent practice.

  5. Re:Is this shocking? by tippen · · Score: 3, Informative

    I am not shocked, but I am confused. Why would they give bad software to their customers, but give good software to the testers? The marginal cost of software is zero. So, if they have good software, why don't they give it to their customers? Can someone please explain how any of this makes sense?

    It's really easy to "detect" everything so you get a high detection rate. It's really hard to do so without a ton of false positives.

    Very few of the tests out there check for false positives, so it is easy to game the results. You could never ship the product to customers that way because you'd drown in support calls from customers complaining about programs not work, broken websites, etc.