Huorong Internet Security - something new on market

Discussion in 'other anti-virus software' started by ichito, Apr 24, 2019.

  1. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,819
    Location:
    Poland - Cracow
    I found Huorong IS on MT but much better would be to know it reading this article "24 h with Huorong, a week with Comodo 12, a year with Bitdefender 2019 (or not)". Some words to make you interested :)

    "And the Chinese guy who presented it managed to persuade me that it’s worth trying it:
    • Chinese and English (despite the website lacking an English version).
    • “Best HIPS in the world.” Supports custom rules.
    • Unlike Qihoo 360, this product catches Chinese adware and doesn’t whitelist them. (Crucial!)
    • You can configure it to prompt you when a threat is found, rather than auto quarantining.
    • Regular or High-speed (higher system load) scan mode.
    • Own AV engine called Cobra (but Google translates it as Velvet). HVM (Huorong Virtual Machine): high capability of unpacking and detecting known threats/variants. Tiny virus database (below 5 MB) but covering most malware (one signature can match thousands of variants).
    • Cons: Weak to new threats (no cloud engine yet); in some situations, performance is not so good.

    I would add (on the positive side):

    • Only 34 MB space once installed.
    • Recognized by Microsoft as an antivirus software provider for Windows.
    • Under “grayware” it can distinguish between adware, PUP/PUA, and “Kaspersky’s detected virus names starting with not-a-virus:” (which are not malware).
    On the negative side, from my experience:

    • Signature updates can be more than 24 hours old.
    • Sometimes the update fails; try again and the update will most likely succeed.
    • There is no way to temporarily disable the AV. Or even to disable it altogether! (That’s quite a deal-breaker.)
    • On-demand folder scan is very slow (I didn’t check whether subsequent scans of the same files are faster)."
    It's worth to read full article...link below
    http://ludditus.com/2019/04/08/huorong/
     
  2. entropism

    entropism Registered Member

    Joined:
    Dec 9, 2004
    Posts:
    459
    An unknown antivirus from a country I wouldn't touch with a 10 foot IT pole? What could go wrong?
     
  3. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    11,523
    Location:
    The Netherlands
    I know what you mean, but from a technical point of view it does seem interesting. A HIPS combined with AV and firewall is pretty cool, the GUI looks clean and simple. SpyShelter could learn a thing or two from these guys.
     
  4. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    6,613
    Location:
    Among the gum trees
    Norton blocks that site as containing malware - hxxps://safeweb.norton.com/report/show?url=ludditus.com

    It may be a false positive but I'm not going there.
     
    Last edited: Apr 26, 2019
  5. Marcelo

    Marcelo Registered Member

    Joined:
    Oct 11, 2005
    Posts:
    178
    Location:
    Rio de Janeiro, Brazil.
  6. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    31,348
    Location:
    U.S.A.
  7. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,435
    Location:
    U.S.A.
    The problem with urlvoid.com results is they are often "stale" findings by many of the scanners listed; many times reflecting scans performed some time ago.

    I just rescanned ludditus.com using Quttera, my favorite, and here is what it found:

    Quttera.png
     
  8. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    31,348
    Location:
    U.S.A.
    Today's scan only shows 1 file:

    2019-04-26_080115.png

    And that file is a page dated April 3rd, 2017, not the page linked in the OP post.

    2019-04-26_080040.png
     
  9. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,435
    Location:
    U.S.A.
    If you refer to my screen shot, the scan I submitted was done the morning.
    I have no idea what you are talking about. The URL I submitted to Qutterra this morning was ludditus.com. Whatever is shown in my screen shot was populated after the scan
    completed.

    I just ran another scan and the results are same as yours. Note that the two malicious URLs in my morning scan are no longer shown. Appears the outfit hastily removed them.

    My opinion is stay away from the web site and the AV software.
     
    Last edited: Apr 26, 2019
  10. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    31,348
    Location:
    U.S.A.
    Correct that you submitted the domain's URL, however, after the scan completes, the Scanned Files Analysis Tab provides more info regarding the malware file, thus my second screenshot, which is an URL of an April 3rd, 2017 page.

    Regarding the OP Web site link, Wilders has not found any malware in that page, and will remain a live link for now. About the software, Caveat Emptor.
     
  11. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,435
    Location:
    U.S.A.
    Yes, I know that. And again, my initial scan showed two malicious flagged URLs.
     
  12. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    31,348
    Location:
    U.S.A.
    Then, you agree that the malicious file URL is of an April 3rd, 2017 page, yes?
     
  13. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,435
    Location:
    U.S.A.
    No. Simply because the two malicious URLs detected in my initial scan no longer appear in the recent scan. You're referring to the current single malicious scan detection.

    So presently, the site is "clean." No guaranty that it will be so any time later.
     
  14. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    31,348
    Location:
    U.S.A.
    Whatever was detected before is immaterial, and I don't want to go around in circles over a past situation, so I'll drop it.

    Just ran another scan; the same and only file URL (April 3rd, 2017 page) is still being detected as malicious. Wilders can not label the site clean, because it contains one possible malicious page, however, the OP linked page is clean, thus allowed. Over and Out.
     
  15. JohnBurns

    JohnBurns Registered Member

    Joined:
    Jul 4, 2004
    Posts:
    708
    Location:
    Oklahoma City
    Agree completely! Feel the same about Russia!
     
  16. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,819
    Location:
    Poland - Cracow
    It's hard to belive...noone except @Rasheed187 mentioned about application...its features, option, etc....it's nonsense for me. Everyone was focused on review adress and how it can be "deadly dangerous". Do you remember how many apps here started careere being sometime completey unknown...anonymous...from nowhere? It's sad to see here people looking like picky elders :thumbd:
    And what about China?...nothing...who can count chineese applications that was mentioned and discussed here?...10?...20? Hey people...where is your interest...passion...willingness to discover and know something new? :)
     
  17. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,961
    @ ichito et al

    Yes, lots of Very good Anti software were all new, at one time. I & lots of others tested & then used many of them. Sure we need to take precautions & do as much due diiligence etc as possible, but without people to test etc, none of those anti's etc would have lasted a day !

    And, why do people keep banging on about Russia ? It's some other countries, including close to home, people should be more wary about. Jeez !
     
  18. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    5,580
    Location:
    Europe then Asia
    because people are just blind sheeps..."China Evil boooo ! me no like !!! booo China !!!" at the same time all the clothes, electronic devices, toys for their kids, etc... All have been produced since decades in China... :rolleyes:

    "in the kingdom of the blinds, the one-eyed man is King"
     
  19. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,386
    Location:
    Hawaii
    Well said, ichito.
    Good schtick!!! :p:argh::D:thumb:
     
  20. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    5,580
    Location:
    Europe then Asia
    There is some security softs developed by Chinese or Russian individuals that are more solid, effective and respect privacy better than all those so called "respectful" western equivalent.

    Abd after all, by using MS products, King of telemetry, what people are complaining about... They are funny.

    It is like refusing to eat genetically modified food while sitting in the middle of a radioactive area... :rolleyes:
     
  21. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    6,613
    Location:
    Among the gum trees
    I never said there was anything wrong with Chinese products or this AV. I only pointed out that Norton blocked the review site.

    I'm done here.
     
  22. plat1098

    plat1098 Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    86
    Location:
    Brooklyn, NY
    This is true but hard to establish when the software is brand-new and unknown to the public, combined with the underlying paranoia fanned by the media nowadays. Benefit of the doubt is getting rarer by the day. China has over a billion in its population. Even if the antivirus stayed within China, it would potentially have a huge user base.
     
  23. lofac

    lofac Registered Member

    Joined:
    Jan 18, 2018
    Posts:
    124
    Location:
    .
    Not in a defense of this product in particular, but it is a normal thing on such forums to bash literally every new name that comes on the security field, more so if it's an Antivirus product.
     
  24. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    5,580
    Location:
    Europe then Asia
    Totally agree.
    I have a better method, I bash those already renowned :argh:
     
  25. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,435
    Location:
    U.S.A.
    I did a bit of web research on Huorong yesterday and what I found was a bit disconcerting to say the least.

    Among things discovered were at least three malware instances related to Huorong Internet Security. I quit searching after this. One sample was related to a product updater, the other some desktop component it uses, and its configuration manager. This indicates to me either internal or supply chain security issues with Huorong. It is also indicative of overall security concerns with Chinese software products.

    Ref.: https://www.hybrid-analysis.com/sam...eeabd0f1da2d79d66c1d77ae532?environmentId=100
    https://www.reverse.it/sample/bfa69...6dc723a416908050921e9bc65b1?environmentId=100
    https://www.hybrid-analysis.com/sam...96b9517ac9a316613e23a9b37b4?environmentId=100
     
    Last edited: Apr 28, 2019
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.