360 Internet Security: FREE Triple antivirus engine, BitDefender included

Discussion in 'other anti-virus software' started by PaulBB, Jun 11, 2013.

  1. Mops21

    Mops21 Registered Member

    Joined:
    Oct 5, 2010
    Posts:
    2,467
    Location:
    Germany
    Hi

    Any Infos where i can find the Quarataene Folder on my System
     
  2. rhuds13

    rhuds13 Registered Member

    Joined:
    Jul 11, 2007
    Posts:
    101
    Today a scan showed that this OpenGL file ig4icd32.dll is a trogen. Anyone else having this show up?
     
  3. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,974
    Location:
    Boston, MA
    If you have the sandbox enabled, it will run anything suspicious in the sandbox if the system is offline. The HIPS/Proactive obviously must run through the cloud to make a detection. Is it the best thing to do? Probably not. Don't forget that you still have your BD sigs. These for the most part should keep you safe.
    I'm not saying that it's bullet proof or that its a good design but merely that your not totally swing in the breeze while offline.
    As Cruelsister said using a layered approach by using Comodo, OA, or even some AE, will minimize most of that design flaw.
     
  4. avman1995

    avman1995 Registered Member

    Joined:
    Sep 24, 2012
    Posts:
    944
    Location:
    india
    The only problem is file protection starts late irrespective of internet on or off,then what is the use of BD engine :rolleyes:

    btw,will sandbox virtualize files that are found as suspicious even if it is from the PC and not the USB?

    I think this needs to be fixed or atleast they have to fix that late start of file guard.

    Does the sandbox work when file guard is on 1-2 minutes late to kick in?? No one has tested that...who know's even if that is flawed :rolleyes:

    I havent got any reply to my sandbox UI and these flaws from support yet?!
     
  5. Jaspion

    Jaspion Registered Member

    Joined:
    Nov 23, 2012
    Posts:
    195
    Location:
    Brazil
    Geez, I know. I'm not so worried about us, meaning people here at Wilders and other such places, I'm worried about the more common user.

    This is simply an opinion on this design. I think it's preposterous. The rest of the AV is still as good as it was, but this is bad. I'm against placing the bulk of detection on the cloud, for example. I think everything that gets detected by a cloud system should immediately be put into the signatures after being double-checked. This will mean that you'll have better detection, but we know that NO AV engine can detect everything, so this is an important layer, but definitely not the final one. Then the final defense is the HIPS/proactive defense. Placing that on the cloud is beyond belief for me. The thing is about direction, about guidelines, you see? I don't recommend Panda Cloud AV, why? because offline it has terrible detection. To me that's a security risk I'm not willing to take. Same here, a design flaw that prevents this product from being solid, in my opinion.

    If other people agree with Qihu that this is ok, then go on. But if you ask for my recommendation, then I'd say something else.
     
  6. Jaspion

    Jaspion Registered Member

    Joined:
    Nov 23, 2012
    Posts:
    195
    Location:
    Brazil
    What if it starts the real-time scan late by design too?

    Anyway, if the auto-sandbox is on whenever you're offline, then we have a different story. So far I only saw the option to protect USB. Can someone please verify?
     
  7. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,974
    Location:
    Boston, MA
    I believe it only protects the USB unless you have a certain program to start automatically in the sandbox. So if you were to place explorer in the sandbox or open a certain file in the sandbox before execution.
     
  8. guest

    guest Guest

    Late start is a exactly problem. (for Real-time scanner) There is no realistic reason for that and it is security problem. Has anyone ever see antivirus which is start to protect 2 minutes after windows log-on?
    Actually AV product try to start ASAP when user logon
     
  9. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,192
    Not always. Some antivirus software delays the start of realtime protection to reduce the impact on boot time, so that the antivirus won't cause any significant increase in boot times.

    Boot times are not an issue for me as the only time I ever reboot is if Windows starts not working properly after having been running for many days, or I encounter a BSOD. I don't even reboot to install Windows updates, or for security software to update itself.

    Edit: I can't remember the source, but not long ago I read an article mentioning some AV software having delayed startup.
     
  10. guest

    guest Guest

    360IS realtime scanner doesnt start 1-2 minutes after boot procedure finished. 360IS start, it update itself, just Real time protection doesnt work.
    You are talking different things. Your case and this case is different. This situation is problem and they will fix it. You will see ;)

    And if they say about HIPS situation; this is a design. I can say this is very illogical design.
    I can understand if they disable HIPS when internet connected, but No internet connection= No HIPS, what a idea!

    And another crash when scanning malware folders...
    Yesterday, i scan malware samples,when it is removing malware, it crashed.
    Today, i scan another malware samples, it crashed again.
     

    Attached Files:

    Last edited by a moderator: Aug 30, 2013
  11. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,192
    I fail to see the difference. Are you saying that for 360 it is just a bug which will be fixed rather being designed that way?
     
  12. tokthoo2002

    tokthoo2002 Registered Member

    Joined:
    Jun 16, 2013
    Posts:
    13
    Location:
    asia
    This question had been discuss in China's AV forum for few years, and qihoo knew what you mention up there very clear.

    In my opinion, Qihoo is a AV that use by either beginner or expert user (450 million user). HIPS is meaningless if the user cant make a right option.
    and i believe that most of the user dont know what to do when they face a HIPS Pop up. if the HIPS still working in offline mode, there will be quite a number of pop up, just like a traditional HIPS (and as i said, this is useless, but only annoying). and i guess this is the reason why qihoo disable the HIPS while the pc is disconnect from internet.

    360IS had do extra work for pen-drive, if the PC is in offline mode. it will not allowed any unknown PE execute automatically from pen-drive.
    360???????20130831082232.jpg

    360???????20130831081620.jpg

    anyway, if the user really wanna run a exe while offline, there is still hv a BD and a QVM.
     
    Last edited: Aug 30, 2013
  13. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,192
    I agree, and this is why I disable HIPS when I install 360 on other people's computers.

    But if HIPS was working when it is offline, wouldn't the prompts be there as when there is an active internet connection?

    The lack of HIPS when offline is a non issue for me, but I can see why others are concerned by it.
     
  14. tokthoo2002

    tokthoo2002 Registered Member

    Joined:
    Jun 16, 2013
    Posts:
    13
    Location:
    asia
    bcoz it is "cloud proactive defence" for 360IS. lol
     
  15. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,102
    Location:
    on my zx10-r
    problem i have with disabling hips on others computers is 360 then reports as being not protected until you turn them back on. a few people who i had trying it specifically called me to tell me they were worried because it said that. they should make it more like a module or have a custom install where it can just not be installed. otherwise i now no longer feel i can use this for people who are not computer people. it asks FAR FAR to many questions about what to run and not run. and then even at times when i specifically say to allow or run something it will run it then during the next scan it will find it and remove it anyway even though i told it to allow it and either create a rule or always allow. its just polished enough imo. its a GREAT start to what could be soon one of the best out there but for now imo only peopel who know what they are doing should be using it.
     
  16. tokthoo2002

    tokthoo2002 Registered Member

    Joined:
    Jun 16, 2013
    Posts:
    13
    Location:
    asia
    just turn it on, unlike tradition hips, 360 cloud proactive defence will only prompts if the action cannot reconize by the cloud, or the prompts will given the most suitable suggestion to user for selection. At most of the time, it will just silent bcoz thost regular software were recognized.
     
  17. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,542
    Location:
    Paris
    Earlier this morning I came across a malware sample that did an interesting thing- it called up and ran shutdown.exe while simultaneously running a script that changed User and Admin Windows logon passwords. This sample so far is not detected by any AV.

    Although I'm sure that for most here determining the changed password is a trivial matter, one can see that for most it would necessitate a trip to the computer repair shop or a call to a Geek acquaintance. And as this file is extremely small it can be incorporated into loads of things and cause havoc.

    That being said, I ran it against Q360 and of course it failed. I also ran it against my previous best combo (Q+ CF with sandbox at Full V). Turns out that Comodo sandbox at either Full V or Partially Limited also fails. Limited, Restricted and Untrusted passed.

    As a sidenote, I wasn't very surprised that Avast IS failed, but was surprised that KIS2014 went down also. Sandboxie and the excellent Defensewall both were unaffected.
     
  18. guest

    guest Guest

    Suprize for Comodo fanboys :)

    Did you try malware/KIS on 64bit windows? KIS has many limitations on this systems.
    https://www.wilderssecurity.com/showpost.php?p=2273345&postcount=141
     
  19. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,542
    Location:
    Paris
    No 64bit in my testing, reason being as you suggested- many AM apps act a bit gloopy on 64 bit (and some don't work at all).

    Also should have mentioned that running the sample in the Qihoo sandbox contained it; but as it is not an auto-inclusion process who really cares?
     
  20. guest

    guest Guest

    Btw;
    I tested sample with;
    Outpost FW; Failed
    Spyshelter FW; Failed

    I think it is not serious case but It looks HIPS doesnt protect against this attack.
     
  21. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,542
    Location:
    Paris
    Actually pretty elegant- Calls up Net.exe and net1.exe to do its work prior to running shutdown.exe. Once it works if you don't know what is going on the computer is locked until the cavalry comes.

    (also- just curious, but was your password changed to memo or is it varying?)
     
    Last edited: Sep 1, 2013
  22. taleblou

    taleblou Registered Member

    Joined:
    Jan 9, 2010
    Posts:
    1,349
    SO 360IS sandbox failed?? Did the malware infect the system after erboot as sandbox would be emplties automaticaly?

    Also did you try it against online armor free? If you do please let me know. In the past I tested many malwarees that almost all IS failed by sofar online armor was rock solid in detecting and stopping everything I throw at it.
     
  23. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,542
    Location:
    Paris
    Sorry for not being clear- Qihoo's sandbox protected against any changes. My complaint is that you would have had to physically put it in the box to be protected.

    I'll try OA when I get a chance, but it is really late now. At least I don't have to worry about any AV detection as I've morphed it so it should stay fresh.
     
  24. taleblou

    taleblou Registered Member

    Joined:
    Jan 9, 2010
    Posts:
    1,349
    Thanks and looking forward to online armor result.

    So can anyone say if the 360is sandbox is as good as sandboxie in protection? Also does sandboxing the browser offer this solid protection likie sandboxie? Thanks for the answer.
     
  25. taleblou

    taleblou Registered Member

    Joined:
    Jan 9, 2010
    Posts:
    1,349
    A reason I am asking is that I want to install windows 7 on a pc of mine and with it I want to have a good sandbox for the browser and between comodo sandbox, 360is sandbox and sandboxie choice was thinking using 360is since its light and multi engine.

    SO if 360is sandbox is solid or as good as sandboxie and also does emptying the 360sandbox also cleans all browser junks and cookies too like sandboxie does? If so then I will install 360IS with online armor.

    Thanks for your replies.

    PS: can anyone here suggest which version (32bit or 64bit) windows 7 is suited for a dual core pc with 3GB of rams?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.