3

My colleagues recently bought an antivirus,the QiHoo 360 antivirus, for the chinese plant and implemented it on servers and laptops.

The anti-virus showed some of the developments files we've been deploying to the chinese server, .bat and some Microsoft Access's files with .mdb extension as containing the ARP virus.

I managed to get the files through a secure channel and analyzed them with McAfee AV and the Clam AV.

I've found no virus.

My questions are the following:

  • What are the rates of false positive QiHoo AV generate in comparison to other AV software?
  • Is there a way to fine tune this AV to reduce the number of false positive?

Thanks

Andy K
  • 411
  • 1
  • 3
  • 12
  • 5
    I just wut. So, err how do I put this: don't use qihoo software, ever? From Wikipedia: Their current revenues are generated by leveraging their massive user base through online advertising and services such as online games, remote technical support, and system integration. you're not buying an antivirus software. You're subscribing to something that inserts ads for their freemium users. Such software would be rated malware on any computer I control. – Marcus Müller Mar 15 '17 at 00:12
  • 4
    Also, do your own research: qihoo tried to fake their software certifications. See the criticism sections on https://en.wikipedia.org/wiki/360_Safeguard – Marcus Müller Mar 15 '17 at 00:14
  • 1
    Hi @MarcusMüller, would you mind putting that as an answer, please? – Andy K Mar 15 '17 at 05:59
  • Hi @MarcusMüller, I did my own research and QiHoo's 360 is not a good product. But in the net, you have many feedbacks. I need solid ones, people who can vouch for them ;) – Andy K Mar 15 '17 at 06:43
  • Andy, you're not very familiar with how the internet works? I could vouch for what I say all I want, but I'd still be this guy on the internet that you've never met in person. I have to convince you based on arguments or facts. The opinion of a quasi anonymous person can never be the ground for a security decision. – Marcus Müller Mar 15 '17 at 08:53
  • @MarcusMüller there are not much around internet on QiHoo's product. I wish it was clearer like This product is a real junk but there is nothing as such... – Andy K Mar 15 '17 at 08:55
  • Why do you need that? Anyone, including the competitors can write that. This is not how informed decisions are made! Also, the Wikipedia article pretty much says it is crap. – Marcus Müller Mar 15 '17 at 08:57
  • To answer your first question, you can compare test scores over time using this tool: https://fatsecurity.com/tools/test-results-calculator?purposeId=1&groupId=1&startDate=2014-3-1&endDate=2017-3-1&companyId=19

    In the table next to the graph, you can pick "False Alerts" instead of "Average Score", and you can access each test for a thorough review by clicking the data points.

    @MarcusMüller is correct, they tricked AV testing labs in the past by activating the Bitdefender AV engine in the versions submitted for testing, while it's inactive by default on user versions.

     – FatSecurity Mar 15 '17 at 12:51
  • 1
    Hi @FatSecurity, just plain awesome! Many thanks for your greatwebsite! – Andy K Mar 15 '17 at 13:18
  • 1
    @FatSecurity maybe you can use your comment as an answer... – Andy K Mar 15 '17 at 13:22
  • @AndyK Cool, will do it now. And thanks for the kind words :) – FatSecurity Mar 15 '17 at 13:46

2 Answers2

3

Per your request, I formulated my comment as an answer:

To answer your first question, you can compare test scores over time using this tool: https://fatsecurity.com/tools/test-results-calculator?purposeId=1&groupId=1&startDate=2014-3-1&endDate=2017-3-1&companyId=19

In the table next to the graph, you can pick "False Alerts" instead of "Average Score":

https://i.stack.imgur.com/PTSNQ.jpg

You can access each test for a thorough review by clicking the data points:

https://i.stack.imgur.com/cdF5U.jpg

@MarcusMüller is correct in his comment, Qihoo360 tricked AV testing labs in the past by activating the Bitdefender AV engine in the versions submitted for testing, while it's inactive by default on user versions.

I'm guessing that you could activate the Bitdefender engine in order to reduce the false alerts (although I'm not 100% sure about this), but the better solution would be to simply get Bitdefender or another antivirus which is more reliable than this (or another) Chinese AV.

FatSecurity
  • 527
  • 3
  • 8
1

If you're ever worried about a false positive you should just check the file against virustotal.com

Mac OS has a program called XtraFinder, which adds right click create new file, b4 installing it I scanned it against virustotal.com and saw it passed 57/58 virus scans. QiHoo 360 is the only one that said potential virus. I googled the virus, and found this page, which confirms my suspicion of false positive.

Here's the virus total results if you're curious: https://www.virustotal.com/#/file/22e6178e2878a7f0e0dc9042a90c3106ba0b348acffe96f61d47640c063df9ad/detection

neoakris
  • 111
  • 8