Investigation in Progress by AV Comparatives

If Qihoo turns out to be the one and confirmed by AV-C, will you still support it?

But I'll bet on another one, and I believe that the one "specifically engineered for the major testing labs" refer to another major free AV in China..

Disclaimer: I'm a hater of all the top 3 vendors in China.

 

Something feels funny here - too much money, too many angles.

 

I don't get it, how can a product be "engineered" for these tests only?

 

e.g. by hardcoding IP ranges (in the product or better in the cloud) corresponding to the testing organisations networks and act differently if these are detected?

 

Or disabling certain engines that can cause false positives.

 

Which I'm sure was the reason for all this. A certain Chinese vendor disabled its in-house engine and enabled a 3rd party one (turned off by default) specifically to achieve a lower FP result..
But we'll know for sure soon enough.

 

Could you link to that article on Neowin? Google refuse to help me with it, no article link about Qihoo show up in the results for me.

 

Looks like some genius just destroyed his/her company's integrity and reputation. Gawd! What a dumb move. Must have been a former Lenovo marketing wiz.

At least we know that Norton Security is in the clear

There is no way for the guilty Company to explain away a fraud on the public.

Just my initial reaction.

The extent that the rigged version was publicly available is not clear. In it's original statement AV-C says it was available to the public to a limited degree, but on the Facebook page it just says that the version was publicly available.

 

Charyb. Can you provide a URL for the Facebook page that comes from. I have been looking at all AV Comparatives Facebook pages and I do not see the AV-C reply that it was a free program. I see the question the comment answers, but do not see the AC-C reply that it was a free product. Can AV-C delete a post it has already made on Facebook?

These are the URLs I have been looking at. One is a redirect from the AV-C homepage.

https://www.facebook.com/AVComparatives?_rdr

https://www.facebook.com/AVComparatives

The page appears to be current with the last post I see made 55 Minutes ago.

 

http://www.neowin.net/news/360-total-security-6601022#comments

 

The above mentioned post is gone (since yesterday).

 

Since they own the page, they can delete their posts/comments as well as those by others.

One thing I'm struggling to understand is their initial post states:

but a later comment in reply to a user says:

So which is it? Product submitted or easily accessible?

 

The March 2015 File Detection Test states: "Qihoo participated with their 360 AV (Engish) which uses the Bitdefender engine but no QVM engine."

http://www.av-comparatives.org/wp-content/uploads/2015/04/avc_fdt_201503_en.pdf

I have been told that you cannot disable or remove the QVM engine in the product that is available to the public. I have never checked it out myself.

 

What I understand is that modified version was publicly available for a short time, who knows.

 

The AV-C announcement stated: "It has been found that a product submitted for testing by the vendor had been specifically engineered for the major testing labs, including AV-C; public availability of this version was limited."

In a later post AC-C Stated that "the version was publicly available."

These are not inconsistent statements.

Respecting the "free" version statement, the original post that it was a free product may have been correct but upon reflection AV-C decided that would be a give-away hint and this is a very serious legal matter with potentially substantial financial implications and AV-C decided to delete it so as not to even give a hint as to the product prior to a full investigation with the company(s) given a full opportunity to respond.

 

so are you saying the vendor/vendors are manipulating their products over a certain time period that corresponds to when your tests are conducted and other times the products behave differently?how do they do this are their databases more complete ,their cloud more aggressive?if the product isn't submitted by the vendor to yourselves then the product itself will be same as joe bloggs would purchase without added enhancements.
Why have you not come out a directly named the company?if you know what you're saying is true then there is no need to fear any court action over naming and shaming this vendor,if you only suspect things aren't bona fide then you should have confronted them instead of dropping hints about who it may be and posted the results of their reply to such confrontation

 

It appears from a re-read of the AV-C announcement that it has identified one vendor who "cheated," and the possibility of a second vendor doing the same.

I know it's a sensitive matter but to a degree it seems to me to be irresponsible for AV-C to not name the offending vendor who it knows cheated. People are spending real money or relying on this product every day. It seems that AV-C has an obligation to name the offending vendor. It is AV-C who did and published the test that peeps relied on.

"AV-C has uncovered an infringement of the testing agreement by one of the vendors participating in its tests. It has been found that a product submitted for testing by the vendor had been specifically engineered for the major testing labs, including AV-C; public availability of this version was limited."

Even though the cheat may not have been effective in boosting the product's results-I think most peeps would rather not use a product sold or made available by a company that cheats.

 

It is easy, these are our clues

- it is a FREE anti-virus

- it is a special crafted version to score high on tests

Just look at the reports, filter out the free ones and look which FREE AV has improved dramatically since last quarter 2014.

 

Why o why are these "testing organizations" allowing vendors to submit there own versions of the software in the first place? Surely the remit should be the test will be carried out some time in month X, whatever software is available for download from your servers on that date is the version that will be tested.
Looking through the report if it was to achive a lower false positive result then it certainly isn`t clear who the party may be, i just find it incredulous that the whole process is open to abuse!
Looking forward to full explanations and conclusions from all parties concerned...

 

We do not actually know that it's a free product. A statement by an AV-C employee with access to the official posting logo of AV-C that was subsequently deleted said it was free. That statement was removed for any of several possible reasons.

 

Irony will be if the offending company did lousy on the test

 

They used to do lousy on false positives, that is the last clue I am giving

 

Particularly, if what IBK said is true, that specifics of the allegation(s) were/are already in the news, albeit, in some other region of the globe.

 

I do not pretend to be any sort of a techie who knows a lot. Is there something about the AV-C testing methods that would allow a company to lower it's false positives in the tests that would not also lower it's false positive in its "non-cheat" public version?

 

According to the AV-comparatives blog the test that was compromised was the "File Detection Test _ march 2015". No mention was made of the "Real World Protection Test". I went back to 2012 on the File Detection Test and all the free AV's had basically the same detection rate. None of the free AV's got less than 98% since 2012.