360 Internet Security: FREE Triple antivirus engine, BitDefender included

I trust BD Free. I'd also like to trust 360 from reading the raves about the triple engine.

 

More detail on the 4.3.0 update can be found here.

 

BD Engine still on 28.8.2013 here,anyone else?

 

Yes.

The program started updating when I booted my PC today and was stuck on "Querying..." for 1 hour.

Manually updated and it didn't update anything. Not even BD.



EDIT: a moment later I manually updated again and it downloaded update for BD. 29.8 now.

 

Gotcha! Mine just updated automatically

 

Hi

How can i submit Files to the Lab for checking or analyzing

Any uploud or submit Formular

Any E-Mail Adress for it

 

You can use their website submission: http://sampleup.sd.360.cn/index.php

Or send them an email @ kefu@360.cn – remember to include the sample in a password-protected file (encrypting also file names, some email servers won't let you send an archive if they see an executable inside. A good program to use is 7-Zip.)

Also, for any other vendors, check Chiron's list.

 

It is starting to occur to me that Qihoo has changed something in a major way. The detection rate of actual malware has improved dramatically, and almost annoyingly so.

I've been collecting new samples from here and there looking for something to test the quality of the Sandbox. With each new dataset the samples are initially given an on demand scan. Of those left I verify if the sample is actually malicious or not; this usually takes about an hour or so to verify all. For the last 3 datasets by the time I've been ready to actually run the samples Qihoo has had a cloud def already in place to squash the file, leaving me with nothing left but junk (although I've been getting false positive detections from the usual 2nd opinion scanners).

I almost feel like sending an email to Qihoo requesting that they back off.

 

I think proactive defense doesnt work on win8x64, can anyone verify that?

I tried with real malware on vm, i didnt get single proactive defense alert from 360IS. It didnt catch any startup/driver loading/network activity.
I retest with 360IS+Agnitum FW, Outpost catch many malware behavior like autostart.

(i disconnect internet when making test. Realtime protection was active. )

 

Someone mentioned that maybe their HIPS was cloud-based or something, which is ridiculous. Could that be it?

cruelsis, you wanted a good product, you got it, now quit complaining!

 

And I don't like yellow either!

 

Hi

Thank you very much for your information

 

Totally off the AV topic but some info for any investors out there- It's been rumored since July that Qihoo was looking to buy the Search Biz from a company named Sohu. Probably to this end Qihoo just floated a 600 million USD bond; this along with cash on hand should fund the acquisition and put Q's piece of the Search space around 25-30%.

http://www.financeasia.com/News/355045,qihoo-launches-convertible-bond-to-raise-600-million.aspx

My opinion is that the deal will get done next week and any spare change should be sent SOHU's way.

 

I make some test on vm for "proactive defense" it is really unreliable.


situation 1:
win8x64, no active internet connection;

360Is start ASAP after windows logon, but files monitor doesnt start for a long time.
It show monitored files "0".

when i start tests(spyshelter/Comodo leak tests) after logon, 360IS doesnt alert for them.


When it show monitored files more than "0" (when real-time protection is active) i retest SS/CLT tests. Result is same, it doesnt alert for them.



when i reactive internet connection on wm, and when run SS test, SS test crashed.
after 1-2 minutes later, i tried to run again SS test, And SS test run/360IS can block registry test. Also it can block something when running CLT test.


situation 2:
win8x64, internet connection active;

Like no internet connection situation, file monitor doesnt start asap. 360IS update BD engine, i try SS/CLT test when "files monitored=0" 360IS catch anything.
I dont talk seconds, It doesnt start about 1-2 minutes, after 1-2 minutes real-ime protection start and it ask for tests.


so i can say;
1-real-time monitor is start to protect very late
2-if system start without internet connection and still no connection, proactive defense will not work. when i reconnect internet, it will protect you 1-2 minutes later
3-if system start with net connection and still connected, proactive defense will work.

360 Proactive defense looks like classical HIPS, it has some sonar. problem is appear when internet connection break but i think it is related with real-time shield, internet connection must not be problem for the HIPS.

 

It's true!

I may be jumping the gun here, but a quick CTL test with Qihu + CIS FW (AV off, HIPS off, AutoSandbox off) showed me this (on a 64-bit Win7):

With the internet on, Qihu 360IS was vulnerable to:
Injection: ChangeDrvPath
Injection: RawDisk
Injection: FileDrop
Injection: SetWinEventHook
Injection: SetWindowsHookEx
Injection: KnownDlls
Impersonation: DDE
Hijacking: Userinit

With the internet off, Qihu 360IS was vulnerable to:
Injection: ChangeDrvPath
Injection: RawDisk
Injection: FileDrop
Injection: SetWinEventHook
Injection: SetWindowsHookEx
Injection: Services
Injection: KnownDlls
Impersonation: DDE
Impersonation: Coat
Hijacking: Userinit
Hijacking: SupersedeServiceDll
Hijacking: StartupPrograms
Hijacking: AppinitDlls

 

Hi

What can I do

 

You can probably just disregard it. If you want to, open the file with Notepad and show us the contents.

 

Hi

What did you mean with disregard it

When i double click on the File become i this Message access Denied what can i do

 

If the file is being actively blocked by 360, you'll need to stop it first. To see the contents of the file, open Notepad, then open the file with it.

PS: disregard means ignore.

 

Hi

I have check the File into the Safe Mode to open and i become the Same Message

I will check it at the Next Day

You mean stop 360 right or what can i do

 

Now, another problem. It crashed when removing malware. Malware file is not active, just on-demand scan.

 

I just went through about 350 samples without any issue.

 

You responded to that quickly.

What about my test results? Have you performed a similar test? If this is more than a freak accident, then my opinion of Qihu has just gone down. The same test with Baidu, for example, showed no difference between being on or offline.

 

that is normal, probably it cannot delete/clean one malware sample and your set doesnt include this sample.
Also i used 726 malware.

 

Mine is still 28.8