360 Internet Security: FREE Triple antivirus engine, BitDefender included

The last time I used Comodo, a custom install allowed the user to select which features they wanted to install. They could choose not to install Comodo DNS.

 

Yes but you are talking about the browser there. I am talking about Comodo Antivirus and firewall.

And how many users do you think would know enough to say no?

 

Then don't blame the product because of user ignorance.

It does make sense when you factor in that most Chinese companies with a multi-national presence are known to maintain 2 sets of accounting ledgers/books. One for domestic consumption/audits, the other for foreign investor consumption/audits. It is also a known fact that the difference between the domestic and international ledgers can be vastly different. Many investors in the West have been burned because of it. So it is not a stretch to think they wouldn't do the same thing with a product. One variant for their domestic market, the other with a much different face, for the international market.

 

Ah so it's ok for a company promising to secure your computer to be malicious if the user doesn't know any better? Yes nice philosophy you have there. Don't blame the bad guy just blame the victim.

 

You can whine about the product taking advantage of your ignorance, or, you could educate yourself about it before using it. That's the user's choice.

 

Ah so all those people who lost money when banks collapsed were at fault for not educating themselves on how the financial systems worked. So I'm guessing now that you're going to tell me that you know how every single piece of software you have installed works? How the internet works? What a syn/ack handshake is? How SSL works? How dns actually works and it's hierarchical structure?

 

I believe a venerable company must not abuse the trust a user have in the company.

 

Good Debate.

Is it the job of the consumer to know the possible dangers of a product, or should we count on other entities to protect us?

I don't know.

But the news about the nature of Qihoo has been around for a long time.

All the way back to 2011, the reputable company Zscaler published a warning.

================

Is 360.CN Evil?

http://2.bp.blogspot.com/-Flayg8CNH8k/Tda6RbvkOMI/AAAAAAAAAnY/8YnWY6svSpU/s320/Screen%2Bshot%2B2011-05-20%2Bat%2B2.59.45%2BPM.png
... a tough and controversial question to answer (I'm sure there will comments on this).

360.cn is a Chinese provider of "free security software", more specifically: "360.cn is a Chinese anti virus program that integrates with IE" (reference) ... huh, "integrates" with my browser how? And "free" usually means there is some other revenue stream than end-user licensing.

360.cn was developed by Qihoo, a Beijing-based community search company. There has been some controversy surrounding Qihoo and its 360 security suite, such as it reporting other anti-virus software and search tools as being malicious (reference) and doing QQ (IM/chat) session hijacking (reference). Within the past year of Qihoo going public, there have been further controversies - including reports of the company spying, hacking, and leaking data (reference). And then there are the rumors that the 360 software includes spyware - and that they may have affiliations with PRC Gov't to track, monitor, and police user's online activity (reference).

Looking at our web logs, I can see a number of requests regularly beaconing out doing HTTP POST requests to sites like:

conf.f.360.cn/getconf.php
qurl.f.360.cn/check_outchain.php

All with the User-Agent string "Post_Multipart"

These POST requests typically average around 1200 bytes in data (excludes HTTP header), and 360.cn responds back with 164 byte status message. Below is the status that I pulled:
http://3.bp.blogspot.com/-BmaKy3H5ERw/Tda-KCd6cFI/AAAAAAAAAno/EA3Ozttu224/s200/Screen%2Bshot%2B2011-05-20%2Bat%2B3.12.11%2BPM.pngTo protect customer privacy and also handle the volume of transactions that we do - content of the transactions are not stored, so it is hard to say what data is leaving the network of these hosts - whether the data is user/host tracking information, keystrokes, or just license information it is hard to tell. But the frequent beaconing seems to be more spyware like in nature than say a daily check-in for latest signatures or something similar. I'll see if I can get some meaningful packet traces out of the software to find out what data is included in the POSTs.

The current McAfee SiteAdvisor report for 360.cn shows it as having a poor reputation (note though, 360.cn is also technically a competitor to McAfee, albeit a small one):
http://2.bp.blogspot.com/-LE5rqdhXoeY/TdambBb1mUI/AAAAAAAAAnQ/xC9uakC3hQw/s320/Screen%2Bshot%2B2011-05-20%2Bat%2B1.32.28%2BPM.png
McAfee marks the site and its affiliates as bad - containing spyware. It also shows an affiliation with a Chinese Gov't site: miibeian.gov.cn (Ministry of Industry and Information Technology Department). One such sample that McAfee flagged in this report was also uploaded to VirusTotal ... 21/40 A/V vendors identified the binary as malicious.

This puts security companies such as ourselves in an interesting predicament - do we flat out block 360.cn? Probably not. Is traffic to the domain, its affiliates and wares suspicious? Certainly. It is then left up to security products to detect the malicious binaries and is up to organizations to make the decisions about these sites. If you don't use 360.CN products in your organization, it probably wouldn't hurt to block traffic to their domains.

 

If we are discussing something here, keep it a valid discussion.
Dont compare different things to prove something as one approach doesn't applies to all.

A security software is different, a bank is different, a hair shampoo is different & a girl is different.

Some are comparing with this, some are comparing with that, etc...
Now some one will come & compare with his girlfriend, his ex ...

Keep it a valid discussion so we get to know, learn something & make our own decision.

 

hahaha, rofl...all the hate against Chinese stuff but you all miss a simply fact even funnier: you are typing from a Chinese made keyboard, connected to Chinese made hardware (mobo, etc...), and that hardware (your PC) is connected to a Chinese made modem, browsing the 'interwebz' hosted on Chinese made servers. lol.

In a more serious note: I can't understand what's with all the hate against a piece of software. I understand your rant against Qihoo (the corporation), but all billionaire corporations are like that, greedy and money hunger, there's nothing new under the sun. Until you people find true evidence against 360 Security Software, you can't accuse them of something.

When DrWeb released their English version everyone talked about how an ex Russian KGB founded DrWeb, and even Webroot was accused when launched their Antivirus (if I remember well) to be created by a former hacker. Without accusing anyone, everything looks to me like nothing but cheap propaganda, created from time time, but especially when the competition launches a new, cheaper, and better product.

And you all forget the SONY rootkit, Adobe's CS3 spying scandal, Samsung laptop keyloggers, Samsung TVs, and more recently the NSA: none of them are Chinese companies/organizations. So who is spying who?

 

+1 Everything I see on this is at least a couple of years old. Until I see some current news that confirms all this I am sticking with TSE. Runs light and works for me. With millions of users it would seem something would break out if Qihoo was stealing data or logging keystrokes. Anyway, according to AV-compartives all AV software is phoning home. Latest rumor on Kaspersky is it is working with Russian Intelligence. So does that mean people should quit using Kaspersky.

If all the rumors are true about Qihoo, why in the world would Microsoft be partnering with them.

 

I had the same expression & couple more reading some of your posts.

 

It was less that a year ago that Qihoo was purposely redirecting Apples users to a fake sight.

 

I don't disagree with that. And it's all the more reason to do your due diligence before putting anybody's software on your system.

 

Yep.


A few more highlights of dirty Qihoo:

2012

Marbridge Consulting notes that four major Chinese securities firms have told employees to uninstall Qihoo 360’s software due to privacy and security concerns.
​

2010 - 2014

Qihoo 360 Loses In Court Again
Yesterday, China’s Qihoo 360 took another blow from the country’s legal system: the Supreme People’s Court
has rejected Qihoo’s appeal of the initial verdict of a Tencent lawsuit against Qihoo for unfair competition, and has ordered Qihoo to pay Tencent a sum of RMB 5 million (about $800,000).

It’s easy to get confused about this case because Qihoo is involved in so many other lawsuits, and because the initial dispute at the heart of this Tencent-Qihoo suit dates back years...

At this point, one has to imagine that Qihoo has gotten used to it. For a confrontational and litigious company, its record in Chinese courts is pretty abysmal. In addition to a bunch of losses to Tencent (yesterday’s ruling was the final in a series of unsuccessful appeals), the company has also lost a major suit against search rival Baidu. Qihoo is also in the process of suing a major national newspaper and Sogou.​

2013

The government is not the first to raise issues over Qihoo's anti-competitive moves. Another Chinese Internet company Tencent (OTCPK:TCEHY), also sued Qihoo for unfair competition in the September last year, claiming that 360's release of Qihoo's "KouKou Bodyguard" security software in 2010 targeted and made modifications to its QQ instant-messaging software, causing the company to lose income from its value-added services and advertisements. Qihoo was also accused of deliberately overstating the volume of traffic to its website in order to attract more advertisers. Even Apple (NASDAQ:AAPL) decided to remove Qihoo's apps from the iTunes store for violating its terms of service.​

2013

The 1 Company You Need to Avoid in 2013
By Kevin Chen | More Articles
January 8, 2013
Climbing almost 100%, Qihoo 360 (NYSE: QIHU ) was one of China's hottest tech stocks in 2012. But due to a history of user disrespect, Qihoo may not continue its rapid growth. Even if it can, Qihoo shows a growing weakness in one area that it supposedly dominates. All in all, the company's dirty marketing tactics can't gloss over mediocre products. To save your investment, here's more on why you should stay away from this supposed tech giant.
One huge copycat, Once antivirus-software maker Qihoo began to make its move into the web and mobile products, Qihoo seemed to believe that copying was the only way it could beat China's tech giants.
Qihoo committed its dirtiest crime in the browser wars. Though it started 2008 with zero market share, the company quickly catapulted itself to the No. 2 spot by January 2011, second only to Microsoft's Internet Explorer (NASDAQ: MSFT ) . However, unlike competitor Sohu.com's browser (NASDAQ: SOHU ) or Google's Chrome (NASDAQ:GOOGL ), Qihoo didn't seem to believe its product could compete.
Instead, Qihoo decided that it would win with marketing. So CEO Zhou Hongyi snatched the Internet Explorer logo, and gave it a touch of green..​

2014

Qihoo acting as an arm of the Chinese government in mass censorship
Chinese Websites Deleted One Billion Posts in 2014
The final statistics from a 2014 Chinese Internet crackdown are in, and they are staggering. On Jan. 17, Xinhua, China’s state-run news agency, announced that Chinese websites had deleted one billion posts in 2014 as part of a government-led operation to jing wang, meaning to “cleanse the web.” About 130 million were deleted by China-based search giants Baidu and Qihoo, the article said.​

December 2014

Researchers at Palo Alto Networks have released a new report which says that many of the phones manufactured by Chinese handset maker Coolpad are being shipped with a serious security flaw. According to the report, most of the Coolpad phones researchers tested contained a backdoor (they call it “CoolReaper”) that allowed the phone’s software to autonomously do things like:​

• • Download and install/uninstall apps
  • Delete user data
  • Send, receive, or spoof phone calls and text messages
  • Upload user data to Coolpad servers

We expect device manufacturers to install software on top of Android that provides additional functionality and customization, but CoolReaper does not fall into that category. Some mobile carriers install applications that gather usage statistics and other data on how their devices are performing. CoolReaper goes well beyond this type of data collection and acts as a true backdoor into Coolpad devices.
Coolpad customers in China have reported installation of unwanted applications and push-notification advertisements coming from the backdoor. Complaints about this behavior have been ignored by Coolpad or deleted.
The news comes at an interesting time, having been released on the same day that Chinese security firm Qihoo 360’s US$400 million investment in a joint venture with Coolpad was confirmed. Qihoo has previously been accused of misleading users in its own ways, and to some this news may suggest that the new Qihoo-Coolpad joint venture is not to be trusted.
More importantly, though, Qihoo is a web security company: its mobile and PC-based security suites are the centerpiece of its product line. One has to assume that as part of the due diligence for the Coolpad investment, Qihoo’s security experts took a look at Coolpad’s products, so what happened? Did they simply miss this apparently-gaping backdoor? That would be pretty embarrassing for a security company. Did they find it and decide to go through with the deal anyway? That doesn’t look good either.​

Qihoo is a dirty, unscrupulous, deceptive company. Quit making excuses. If you want to use the product, use it. For your own sake, just have a little self-honesty and accept reality and quit the stupid denial and excuses.


Your Welcome.


Your Buddy & Pal,

-Frank

 

McAfee.....a company that try so very hard to add their crap to ppl's computers? at least i haven't seen anything undesirable after installing 360 ts and browser.

if you do believe qihoo is trying to become world no 1, then you should know doing all those things others claimed they still do just won't help them achieve that, won't it?

but then those are just my opinion, until someone come out with a solid proof.

 

I'm Chinese, and I know lots of things Qihoo has done here. It is dirty, HERE, and the fact has been proved with solid proof.

But I'm not sure about the international version. Qihoo, as well as other big players in the security market in China, seems to have different strategies inside and outside the country.

 

I understand what you are saying, but the fact is a company is either reputable, or it isn't. If they do shady things in China, I don't feel confident they will have my best interests in mind here in the USA either. I feel they will get away with whatever they can, so for me personally I'd rather use a different program.

 

All these certains and doubts aren't good at all...

I stopped using it few days ago, and will see what will happen in the future...

 

Conclusion: if a FREE antivirus is great and better than lot of others is highly suspicious and NOT good.

No joke at all, advice to Qihoo: Some people doesn't deserve free stuff. Just make all the 360 software shareware, and 10 days trial not 30 as usual, and everyone will be happy. Qihoo will make a lot of money and the anti-Qihoo propaganda will be over.

 

It's your conclusion!!!

 

Those who try to prove 360 to be rogue have their reasons. With what I see in the country, many reasons are valid.

Things Qihoo 360 has done in China: frightening users with scaring warnings saying their computer is in danger if you don't install A, B and C, or fooling users with confusing tips and checkboxes to make them click the "install" button, or reporting and removing competitor's install package as malware. Also, helping the great firewall to block vpns.

That's the way to survive in the domestic market. But fortunately, those things may never happen to you guys.

 

It's not free. The information they collect about you is worth more than what they could earn with licenses.

Yes, that poor selfless company. If only ASK, Vosteran, Conduit and the likes had been so smart to give away their own antivirus instead of this shady toolbar / browser hijack business. Their reputation would be much better now.

 

What information, and how are they making money from it?

I'm just curious as you are making serious allegations, so I would presume you would have actual evidence to back up your claims.