360 Total Security - English

When will 360 add IPS and IDS protection to the total security and total security essentials? Will there be any?

 

Please describe exactly what you will like to see implemented in the program?

 

You know intrusion prevention (IPS) and intrusion detection (IDS) systems for 360TS to offer protection against those malwares and PUPs that 360 fails to detect from running.

Avs. like comodo and few others have IPS and IDS incorporated in them.

I tested 360TS in VM and it failed many badwares (mostly PUPs/adwares) and they ran and installed fine. After checking 360TS online in Wikipedia antivirus list and its protection list, it shows that 360TS does not have several module and including no IPS and IDS protection.

here is the list: https://en.wikipedia.org/wiki/Comparison_of_antivirus_software.

according to the list 360TS lacks a solid firewall, IPS, IDS, Email security, Antispam.

So if qihoo can incorporate intrusion detection modules into the 360TS to offer another line of protection in a multi layer protection would be awesome.

So for now I go with comodo IS or AVG IS since they both offer IPS and IDS protections. Also AVAST with its harden point (IPS / IDS) is excellent too.

 

OK I will forward your request. My projection is, after and if the positive decision is reached, this thing will see the light of day after 2 or more release versions.
If these stuff can work without complicating usage for ordinary users, then we will see it in Qihoo

 

hopefully qihoo will add this, because thats the weak-point of 360ts. If IPS/IDS is incorporated or something like the avast harden point (IDS), then 360TS would be a killer av and perhaps one of the if not the most powerful av there in term of infection protection. Something they can perhaps compete with comodo's HIPS.

Also qihoo can add a witelisting agent similar to what voodoshield or secureaplus does of IDS/IPS did not work. Adding something that will block or give 100% infection prevention would be great.

 

It would be great for offline protection though, to kick in when there's connection with Q server lost....
Having it on all the time..... IT MIGHT cause inconvenience to certain users in special conditions.......
We'll see

I will check out voodoo shield and secureplus how they work, to see what can be done...

 

well avast is moving in the right direction as qihoo should too. The latest update of avast now includes a behavior and HIPS module, which is great. Only if qihoo would do the same.

 

360 does have some IPS/IDS; that wiki chart is pretty simplified as it's binary.

 

Not or a very very weak one. I say this because I tested it and a good IPS/IDS like HIPS and behavior blocker should popup on unknown or untrusted, etc.. 360 stood quiet when a bunch of PUPs with bundlewares ran and installed.. Comodo and AVAST in my test went crazy over these and warned all of them.

 

I can't say PUPs are a good way to test HIPS since not all vendors treat PUPs the same way (personally, I think they should all be classified as malware and I'm more concerned about PUPs than malware).
Avast is one of the better anti-PUP products.
Comodo goes crazy over just about anything (incl. non-PUP/non-malware).

I've had 360 alert or prompt me regarding sensitive registry/startup modifications from unsigned/unknown sources.

 

PUPs in general are not considered high risk threat. But you raise a very important issue and I believe something can be done with it.
Let's see what the engineers come up with in the near future [don't expect this overnight]

 

An update about the outdated Avira signatures.
I tried to download the full avira database from 360 website to see which version of avira signatures it contains.
This database is named "360TS_VDB_Avira_20150714.exe".
So judging by the name, one could think that it contains signatures of today 07/14/2015.
Well, guess what... when you install it, actually the signatures are dated 06/04/2015!
They just change daily the name of the file, but the signatures inside are always the same. This is also proved by the size of the file which doesn't change.
This confirms my concern: it's not an update issue with some machines, it's simply Qihoo that offers a very very outdated version of Avira. Now, it's true that 360 TS offers great protection anyway with its own engines, but I find this behaviour misleading towards the customers. If you say: Avira is up to date, it must be up to date, not almost two month old!

 

I will forward your findings to the management.

 

Guess who's back?

Spoiler

Dear Dragan,

Thank you for your support to 360 Total Security.

Please introduce the users to download the latest version of 360 Total Security, here is the download link:

http://int.down.360safe.com/totalsecurity/360TS_Setup_7.0.0.1051.exe

The latest version has already supported for Firewall, please have a try.

As for the rest features you mentioned, we will take your suggestions into consideration.

So again, thank you and please feel free to contact us anytime you have any question or suggestion about our product.


Kind regards,

Emily

Qihoo 360 Support Team

Email: support@360safe.com

FAQ: http://www.360totalsecurity.com/help/

• Welcome to visit our website:

PC: http://www.360totalsecurity.com/

Mobile Product: http://www.360safe.com/

• Like us on Facebook:

• http://www.facebook.com/360safe

• Google+: https://plus.google.com/u/0/communities/109743774012923710723

• Follow us on Twitter: https://twitter.com/360TotalSec

• Leave your comment for us on CNET to encourage us to keep improving.

http://download.cnet.com/360-Total-Security/3000-2239_4-76145154.html

 

I have a question/issue:
I have 360TS 6.8 (Win10) installed with everything enabled (all layers, scan all files). I unzip a malware pack and it detects 100 samples real-time. I right-click the unzipped folder and scan it and it detects 70 more. Why doesn't it detect all 170 in real-time?

 

Performance optimization.
Certain exe's have packers and extracting components, which might take cpu/disk i/o impact if going in deep. That's why some lighter stuff will be detected realtime, others on execution or malware scan.
Do note that certain stuff will be detected only when executed and loading, either intercepted by HIPS or cloud analysis.

 

Thank you

 

You're most welcome

 

I noticed alot of PUPS and packed PUPs are chines or oriental based one, that are not detected by not only 360 but other chinese avs with the exception of Rising. Its weired that Rising AV per virustotal shows it detects almost all those chinese PUPs and packs while others like tencent, 360, baidu miss them and show as SAFE.

So based on my tests and reviews, I came to the conclusion that Rising AVs is much better then other chinese based AVs, but unfortunately rising nolonger has an english version. Over all I have moved to AVAST for now for its killer multi-layer protection. As an exmaple among the malwares where some chinese language PUPS that shows with QQ and baidu and kingsoft in their code and these were shown safe by all chinese AVS except Rising.

 

You may want to test your AVs with an eclectic sample of malware. Every time I do, 360 has a far higher detection rate (including my testing Avast! a few hours ago, which I like, but missing 63 samples Qihoo caught makes it difficult to switch).

Additionally, in a real-time scan during unzipping, Avast made the unzip and itself non-responsive indefinitely; Qihoo was smooth per the "performance optimization" mentioned above. @GakunGak was correct in that Qihoo did catch the remaining samples later when I tried to zip them (not execute them).

 

@taleblou Rising never stopped publishing an English language version of their antivirus, they just did away with thier English website.

 

If someone would be so kind to make me a detailed description of PUP's missed by Qihoo, so I can see the pattern and let Qihoo know so they can look into it, it would be most appreciated, thanks. Also additional ideas as to what would make protection better would be a good thing, too!

 

It doesn't detect OpenCandy (at least it didn't during installation of FreeFileSync and CD Burner xp). Most AVs don't flag OpenCandy.

 

do you have the latest english version for me to download and check?

 

I use malc0de.com/database for my tests. I test 10 different malware IPs from malcode with the avs. Pay attention to those urls that are PUPs.