Huorong Internet Security - something new on market

I found Huorong IS on MT but much better would be to know it reading this article "24 h with Huorong, a week with Comodo 12, a year with Bitdefender 2019 (or not)". Some words to make you interested

"And the Chinese guy who presented it managed to persuade me that it’s worth trying it:

• Chinese and English (despite the website lacking an English version).
• “Best HIPS in the world.” Supports custom rules.
• Unlike Qihoo 360, this product catches Chinese adware and doesn’t whitelist them. (Crucial!)
• You can configure it to prompt you when a threat is found, rather than auto quarantining.
• Regular or High-speed (higher system load) scan mode.
• Own AV engine called Cobra (but Google translates it as Velvet). HVM (Huorong Virtual Machine): high capability of unpacking and detecting known threats/variants. Tiny virus database (below 5 MB) but covering most malware (one signature can match thousands of variants).
• Cons: Weak to new threats (no cloud engine yet); in some situations, performance is not so good.

I would add (on the positive side):

• Only 34 MB space once installed.
• Recognized by Microsoft as an antivirus software provider for Windows.
• Under “grayware” it can distinguish between adware, PUP/PUA, and “Kaspersky’s detected virus names starting with not-a-virus:” (which are not malware).

On the negative side, from my experience:

• Signature updates can be more than 24 hours old.
• Sometimes the update fails; try again and the update will most likely succeed.
• There is no way to temporarily disable the AV. Or even to disable it altogether! (That’s quite a deal-breaker.)
• On-demand folder scan is very slow (I didn’t check whether subsequent scans of the same files are faster)."

It's worth to read full article...link below
http://ludditus.com/2019/04/08/huorong/

 

An unknown antivirus from a country I wouldn't touch with a 10 foot IT pole? What could go wrong?

 

I know what you mean, but from a technical point of view it does seem interesting. A HIPS combined with AV and firewall is pretty cool, the GUI looks clean and simple. SpyShelter could learn a thing or two from these guys.

 

Norton blocks that site as containing malware - hxxps://safeweb.norton.com/report/show?url=ludditus.com

It may be a false positive but I'm not going there.

 

False positive Virustotal had 0 hits on the URL.

 

The problem with urlvoid.com results is they are often "stale" findings by many of the scanners listed; many times reflecting scans performed some time ago.

I just rescanned ludditus.com using Quttera, my favorite, and here is what it found:

 

If you refer to my screen shot, the scan I submitted was done the morning.

I have no idea what you are talking about. The URL I submitted to Qutterra this morning was ludditus.com. Whatever is shown in my screen shot was populated after the scan
completed.

I just ran another scan and the results are same as yours. Note that the two malicious URLs in my morning scan are no longer shown. Appears the outfit hastily removed them.

My opinion is stay away from the web site and the AV software.

 

Yes, I know that. And again, my initial scan showed two malicious flagged URLs.

 

No. Simply because the two malicious URLs detected in my initial scan no longer appear in the recent scan. You're referring to the current single malicious scan detection.

So presently, the site is "clean." No guaranty that it will be so any time later.

 

Agree completely! Feel the same about Russia!

 

It's hard to belive...noone except @Rasheed187 mentioned about application...its features, option, etc....it's nonsense for me. Everyone was focused on review adress and how it can be "deadly dangerous". Do you remember how many apps here started careere being sometime completey unknown...anonymous...from nowhere? It's sad to see here people looking like picky elders
And what about China?...nothing...who can count chineese applications that was mentioned and discussed here?...10?...20? Hey people...where is your interest...passion...willingness to discover and know something new?

 

@ ichito et al

Yes, lots of Very good Anti software were all new, at one time. I & lots of others tested & then used many of them. Sure we need to take precautions & do as much due diiligence etc as possible, but without people to test etc, none of those anti's etc would have lasted a day !

And, why do people keep banging on about Russia ? It's some other countries, including close to home, people should be more wary about. Jeez !

 

because people are just blind sheeps..."China Evil boooo ! me no like !!! booo China !!!" at the same time all the clothes, electronic devices, toys for their kids, etc... All have been produced since decades in China...

"in the kingdom of the blinds, the one-eyed man is King"

 

Well said, ichito.

Good schtick!!!

 

There is some security softs developed by Chinese or Russian individuals that are more solid, effective and respect privacy better than all those so called "respectful" western equivalent.

Abd after all, by using MS products, King of telemetry, what people are complaining about... They are funny.

It is like refusing to eat genetically modified food while sitting in the middle of a radioactive area...

 

I never said there was anything wrong with Chinese products or this AV. I only pointed out that Norton blocked the review site.

I'm done here.

 

This is true but hard to establish when the software is brand-new and unknown to the public, combined with the underlying paranoia fanned by the media nowadays. Benefit of the doubt is getting rarer by the day. China has over a billion in its population. Even if the antivirus stayed within China, it would potentially have a huge user base.

 

Not in a defense of this product in particular, but it is a normal thing on such forums to bash literally every new name that comes on the security field, more so if it's an Antivirus product.

 

Totally agree.
I have a better method, I bash those already renowned

 

I did a bit of web research on Huorong yesterday and what I found was a bit disconcerting to say the least.

Among things discovered were at least three malware instances related to Huorong Internet Security. I quit searching after this. One sample was related to a product updater, the other some desktop component it uses, and its configuration manager. This indicates to me either internal or supply chain security issues with Huorong. It is also indicative of overall security concerns with Chinese software products.

Ref.: https://www.hybrid-analysis.com/sam...eeabd0f1da2d79d66c1d77ae532?environmentId=100
https://www.reverse.it/sample/bfa69...6dc723a416908050921e9bc65b1?environmentId=100
https://www.hybrid-analysis.com/sam...96b9517ac9a316613e23a9b37b4?environmentId=100