Testing bodies AV‐Comparatives, AV‐TEST and Virus Bulletin comment on allegations of inappropriate

Can you quote where it comes from ?

If the testing labs asked Qihoo to give them a link of it's security product to be downloaded and tested, without specifying that it should be a product that's available to the International users, then it's completely OK for Qihoo to give a download link of a version that is available to it's primary market users (the Chinese market); afterall I think the Chinese users still make up a much higher percentage of all users in absolute number.

The above download link still works and it leads to a version that's available to the Chinese users.

 

I was contacted privately [I won't disclose who], where it was suggested to me that if certain details were to be released regarding Qihoo's recent cheat, that those details would be even more damaging to it's reputation.

I state openly. Release complete information what happened that day, from start to finish. People have the right to know, no matter how bad the news is it.
Simple and technical, because cloak-and-dagger serves no one.

BUT! Reveal the complete truth, because it is my understanding that two rival vendors did have similar flags, which is deviations from original consumer version, and they got the pass.

I am sure most will agree I am being fair, and correct.

Additionally, I have also been informed that I have conducted personal attacks against limited number of people.
If you find yourself a victim from my posting, please be kind to link me to those posts and will be edited ASAP.
Unfortunately for me, I am not yet a robot to be able to first-come-first-serve, so, yeah....
Mods, feel free to contact me if there's something I should be aware of, correct, or remove.

Your frendly neibghoor and wifi thief,
GakunGak

 

They better be damage hard one time, than be damage again later on when it leaks out. I say "when" because the truth always comes out sooner or later....

 

I agree

 

The whole thing smells fishy now. Why single out Qihoo while some other vendors basically did the same thing? Excuses from test agencies are that other vendors did not gain much from the twisting tricks so they can be forgiven. Excuse me, but what the ~ Snipped as per TOS ~ is this? Just because they did not gain much then they are justified to do the same trick and can get away with it?
I don't like Qihoo, but I despise all the testing agencies even more now. Obviously there are money involved in this whole mess. All for all, it's money driven. Testing agencies, please stop pretending to be a fair judge for any AV product. Now I finally understand why Symantec dropped out of all the testing, because I can see the shady practice of these testing agencies.

The so called "non-profit" organization, AV-C, is especially ridiculous. Non-profit ~ Snipped as per TOS ~.

 

Please read what I said again. I didnt say I know they are doing such things, I was saying I don't trust that they are not. Big difference.

Just because a company in an emerging market is growing, doesn't mean they are ethical.

Your defense of this company is borderline pathetic. I don't think there is anything they could do to change your opinion.

Re-routing legit Apple web traffic to fake sites - check
Cheating on tests - check
Flagging competitors software as malicious - check
etc.....

BTW - I see in other threads you have admitted you have a relationship with Qihoo. So you comments and opinions are not really unbiased in that sense.

 

I find that hard to believe. For what it's worth, what you do on this forum for a product you obviously believe in, is in a word admirable. And given the criticism that's been leveled at you by many, me included, I've always found your discourse to be courteous and sprinkled w/humor. You are the best PR Qihoo has on the web that I've seen. Instead of wasting their money on frivolous tests Qihoo should put you on their payroll.

 

This is what Qihoo had to say (http://blog.360totalsecurity.com/en/qihoo-and-testing-labs-multiple-engine-technology-explained/).

 

1+++++

 

1: OK. You have suspicion that they are covertly datamining users and not using program metrics to monitor program usage, statistics, updates etc.
You have to provide some information which made you think this way. I am all open for discussion.
2: Would big shots like Microsoft, HP, Amazon and others trust a non-ethical company and agree on mutual cooperation? I think not.
3: I am not defending the company. What they did here was wrong, and I said that multiple times. I am interested in all this as well as you are. I am taking neutral side.
4:
- Re-routing Apple web traffic happened with Chinese users using chinese browser. It happened there. Not internationally.
- Cheating on tests - happened.
- Flagging competitors software as malicious after their software was marked as malicious by competitors in the first place
- I am standing by on the etc....
5: My relationship with Qihoo is NO MORE than of any other users out there doing the same thing [Wilders, MalwareTips, Google+, Facebook, Twitter]. I am NOTHING special at all. But, if you believe I am unbiased, please do find a post where I disrespected other products when not warranted in comparison with Qihoo regarding mutual attacks. If you do, please link them, and I will offer public appology to all involved. But I believe I have been respectful to ALL, both pros and cons As you can see, I CAN critisize QIHOO if I find something that I don't like. Why? Because freedom of speech, that's why!

I make mistakes. I am sometimes wrong. No one is perfect, and nor am I. And I am open to criticism and improvement of myself. So, those having something to tell me have nothing to be afraid of
I am most grateful for your comments though, it is a compliment I take very, very seriously.
EDIT: I just noticed the bold statement. No I'm not. There are tons of people doing WAY better than I do, worldwide. I am just a very, very tiny fish in the sea of sharks
You better thank @cruelsister and others that brought the name of Qihoo to our attention, and provided vital intelligence on this. I did nothing more than learn how the stuff works, what can it be done with it, played with it and learned to love it. I do not have any special access, knowledge or otherwize, I do this stuff as regular user, in my spare time, when not working, traveling, playing games and watching TV Shows like Star Trek I'm doing now.
Reminder to self: Finish "The Addams Family" already!

 

So, AV test labs acgnowledged [spelling?!] the changes.
So, they were aware of it. But, why still supply DIFFERENT version than the public, regardless of computing power?
If the default is the one being tested, then default config should have been used.
This was not mentioned in the joint statement report.

 

Agreed. Although I disagreed with him, he still replied politely and in a sense of humor. This GakunGak guy should definitely be put on Qihoo's payroll. Although I still don't use Qihoo now, but the whole "testing-agencies-reveal-big-news" thing turns out to be a lot deeper than it appeared at the beginning. Although Qihoo should have not done that, I don't think the end user should concern too much, as many still find Qihoo to be effective against malware, no matter what. It had shady past, but nowadays they appear to be very popular in China and world.

 

~ Removed Off Topic Remarks ~

Anyway, Qihoo was the first AV vendor in China that released a truly free AV for the general public to use. Qihoo gained popularity because their product is not only free but also better than their paid competitors. As a result, Qihoo dominates in Chinese AV market now. There has been some rumors against Qihoo, mostly from their competitors. However I have to give credit to Qihoo for their effort providing a truly free and strong product against malware.

 

My advice is: if you like the product you are using, keep using it. It's only when a product starts failing tests that one should be worried. And always configure it for maximum protection. I have used AVG, a consistently mediocre product (as per tests), for about ten years now, and I have been satisfied with the protection level I got from it.

All 3 vendors will be closely scrutinized from this point on, so the discussion about any preferential treatment is ultimately meaningless.

 

Sorry should have stated that it`s from the March File Detection test pdf from AV- Comparitves.

And now iv`e also seen this posted on the Qihoo page.

"The allegation highlights that the default configuration of the product available for the public, differs from the configuration used by the labs for testing. This configuration was explicitly declared upon submission of the tests, and was thereafter confirmed by the test labs."

The trouble is these companies pay quite big sums of money to the testing organizations for what basically amounts to a "seal of approval", the waters get muddier when a company has multiple products. Personally i would like to see an approach that basically states "some time in February/March (or whenever) we will download you`re best available English AV software package and use that in our forthcoming tests. Not here`s $x to test product y!

 

From this blog posting:

In the public version, 3rd party engine is off by default, in the consideration that the majority of our users, are running on lower computing power. To satisfy lab conditions, the consideration of power constraint was therefore discarded. In any case, no alleged comment indicates that the level of protection from the product, is lower than the records achieved during the testing sessions.

What Qihoo didn't state is they submitted this version to the three AV labs and did not state to the AV labs that the submitted version was not the public version. Clearly a violation of the submission policies of all three labs I believe.

On the other hand, all three labs in question are guilty of sloppy quality control in that not one of them examined in detail the software prior to performing their tests. As such, this leads to all aspects of their test procedures being suspect.

 

This issue would never have made it to press had Qihoo not decided to give differently configured versions to different labs. The essence here is not that they are giving out a specially configured version - the problem is that they are selectively altering the configuration to suit the test. If they had given the same product to all 3 labs (irrespective of whether it is the default configuration or not), this would not have happened.

 

At the very least.

 

They compete with each other, so it's not a surprise that they didn't cross-check these things.

 

But we`re being told by the testing labs (at least AV-C state this) that they download the software from the vendors website just like any other ordinary Joe or Jane might!
I`m not defending Qihoo here, personally i think this shouldn`t be able to happen...

 

They didn't seem to say anything about their in-house engine being so bad that they turned it off in the version used for testing. LOL

 

"Qihoo participated with their 360 Antivirus (English) (http://sd.360.cn/download_center.html) which uses the Bitdefender engine but no QVM engine."
"Therefore, the results of this test apply only to the tested products and not to any other products on any official website of these vendors."

This to me means they've participated with "one" of their "publicly available" versions, although a Chinese version. I admit it's not quite the same, but it's like saying the test results were done for a pro version of a product and hence not applicable to other versions from the vendor.

"This configuration was explicitly declared upon submission of the tests, and was thereafter confirmed by the test labs."

This is good enough for me, move on people.......

 

I have been privatelly advised to stand by until other test orgs publish their report. I respectfully agree on that and will do so.

Let's see what comes out of all this unfortunate incident....

 

This is a Facebook post Qihoo posted about the incident which I found at Malwaretips

 

Timely statement from Qihoo !

"Qihoo 360 has been working diligently to provide effective protection for Chinese users in a very unique environment for the past 9 years. As a result of our efforts, China has become the safest Internet environment in terms of the malware infection ratio, according to a Microsoft study." ___ I know Chinese computing environment was like the Wild West back then and Qihoo made very unique contribution to straighten things up.

Thanks for posting, roger_m.