About Qihoo's QVM AI Engine

[AtlBo]

Where did the notion that Qihoo has so many FPs come from? I'm not sure. I can look in my trusted and see this:

1. UNINS000.exe (VoodooShield Uninstaller)-This does business on a low level. I don't think its targeted by name but by behavior. Anyway, it's an uninstaller, not an installer if anyone wants to claim a jealous streak is causing this. 3 separate behaviors of this uninstaller I trusted. I can't use VS, because it repeatedly blocks the scripts I have, even though they are whitelisted.

explorer.exe-12 separate specific behaviors I have trusted.

batch file 1-a batch file that runs on the PC sometimes.
batch file 2-same.
batch file 3-same.
batch file 4-same.
.ini file-referenced by a batch file.

key_sim.exe-I was looking for a key finder program, so I could store all Windows keys in a file. This couldn't be malicious behavior?

superramupdate.exe-testing this, and it ended up being a poorly written program. It was flagged as unknown

xviruspersonal guard.exe-testing, and I believe it was flagged as unknown also

I have installed countless programs over the course of two years and here are the "FP"s. I have not one entry in the permablock List.

Not to be disagreeable, but this doesn't seem to me to be FP prone software. Also, I think some underestimate the activities of 360 who may believe that it prompts based on file names recognition. Yes, it does, but, based on the blocks and types of blocks, I would say it's much more behavior oriented than file recognition oriented.

 

[XIII]

Where did the notion that Qihoo has so many FPs come from? I'm not sure.

Go to any malware analysis site. Open new tab on any piece of "malware" with extremely low detection (1-2 engines). Tell me one of them aren't Qihoo.

 

[Wave]

I don't see anything wrong with that blog-post. You're using the appeal to hypocrisy fallacy. They may not be the bastion of privacy but that doesn't invalidate the content on the blog. Just like Microsoft may not have a good track record but there's nothing wrong with them educating people on social media regarding privacy & encryption and offering them some options on doing it.

The thing is, I never said there was anything wrong with the blog post itself.

 

[AtlBo]

I've seen many examples in Process Explorer of programs/processes that are flagged by a small number of anti-malware companies. Never once was Qihoo one of them that I recall. Not to this point have I seen this at any rate. High FPs hasn't been my experience with the program, either.

 

[Wave]

I've seen many examples in Process Explorer of programs/processes that are flagged by a small number of anti-malware companies. Never once was Qihoo one of them that I recall. Not to this point have I seen this at any rate. High FPs hasn't been my experience with the program, either.

That's cool bro

 

[AtlBo]

Hey @AtlBo , have you ever had with Qihoo and its FPs?.

Not that I would say so. When the program is first installed, in the first few days there might be some blocks for things like Explorer.exe. When I examine the behaviors that were blocked, however, I see nothing but script/behavior blocks. These were scripts I have placed on the PC so I trusted them. I had them running from a shortcut, etc. There are a couple of programs, but they rely on scripts too. An example is Insomnia from Microsoft for keeping the PC awake. OK, this could be considered a FP I guess. This is over a period of 2 years, however. 2 blocks a month or so doesn't seem high FPs to me.

What does strike me about Qihoo is the relatively high percentage of behavior oriented blocks for issues such as changing the name of a system file to .old and this kind of thing. Anti-keylogging has popped up a couple of times. In no instance, have I felt that the activity was too much for me by any means. I think 2 a month would be fairly close to covering the number I have seen. At the most 3 a month. Again, they all have made sense to me, considering that many of these were behavior related.

I will say this. I don't play games to speak of. Maybe Qihoo has high FPs with game type programs and tech like overclocking software. Could that be the reason that some don't like the program? I'm not sure. I will say this, I installed 360 on my mother's PC about 2 years ago, and I don't think it has done anything but update. She didn't mention it to me at least. She uses the PC for mail and Facebook, and the sandbox has been very good for her with Google Chrome.

 

[Terry Ganzi]

From the time QIHOO 360 came out and showed promise it was under a microscope the smallest dot on a lily white sheet was enough to cause gossip. I have seen test perform with it where the person doing the testing clearly does not know about the product,yet proceeded to comment about how it lack something or the other, which leaves me in awe. Observation is what seems to be lacking here for instance on most reviews when people do test and query VirusTotal Eset,AVG,avira,Dr.WEB AND 360 have the most results,have anyone check that. Next if you see certain AV reviews the products that get hold in high esteem fails, you does hear man he should of turn on harden mode or he should of put the firewall on interactive mode, excuses for failure, condemnation for success.

Qihoo has a problem with its (whitelistening component) i have observed this from early, to show how certain i am if 20 people have it on pcs 9 out of 20 (whitelistening component) has failed silently. (FACTS)
Just check Qihoo 360 logs,when that fail is when 360 becomes a nag, but if said persons isn't really interested in the product why check,no need to just say it is a complete failure. (easy)
Once 360 is configured correctly it is solid, tell me how much people you see test 360 does ever press the lightning bolt in the top lefthand corner to put it on security-- 2-20 ruff estimate, they just switch on bitdefender an avira engine from the front which only work for on-demand scanning. This is just an observation take it with a lump of sugar.

 

[AtlBo]

I hope I don't sound like I am saying this is true in the case of 360, but, sometimes I wonder if a developer or development company do such as happens with Microsoft so many times. By this I mean, the log says a failure, when what is intended is no update available. This can happen when updates occur on a schedule. With MS it's the old ".dll is missing" error would have sometimes accurately have stated that "expected information in the .dll is missing." And then sometimes the .dll actually was missing. Yet the same error message.

After many hours of working with Windows, it becomes easier seeing through their errors to more or less what the error is saying.

Thanks for the analysis Terry Ganzi. That helps. I do still wonder if the 11 failures of 20 could have reflected systems that had sooner already downloaded the latest white list. Not at all that I believe it is the case.

 

[bayasdev]

My experience with 360TS was excellent but it detected my Visual Basic 2015 projects as Trojans I need to change to another antivirus.

 

[Wave]

My experience with 360TS was excellent but it detected my Visual Basic 2015 projects as Trojans I need to change to another antivirus.

This right here is a perfect example regarding FP detection's. Hmm, yes because your projects surely contain malicious sequence of bytes, right?...

 

[sunrise]

Just restore from quarantine/put it under trusted. Problem solved. So what's the big problem?

 

[mamamia]

360 PREMIUM MEMBERSHIP:
360 Premium Membership | 360 Total Security
_____
Be Free. From Threats and Ads=
Our protection is free forever. As Ads is one of sources of revenue for us to come up with a better product and more services. Join 360 Premium Membership to stay protected without Ads.

Security in Style=
Security could be more fun and stylish. Lively Themes brings you new and spectacular experience. Dress it up and make 360 Total Security as unique as you.

Special offers. Members only=
360 Premium members will get special offers for our partnered apps and games. There will be more exclusive offers coming and counting.

Best security at an affordable price=
Only €9.99 per year with 30-day money back guarantee.

 

[ZeroDay]

Just restore from quarantine/put it under trusted. Problem solved. So what's the big problem?

The problem is it shouldn't happen with extremely well known and trusted software. It detected some Malwarebytes files on my system. Any idiot can make an AV that detects good and bad software alike. Detecting well known software as malware is a FP of the highest order. The problem is that Q360 has so many false positives no one wants to have to keep going into the settings and restoring well known and trusted software because it was detected as FP, it's not on. I rate Q360 to a certain extent but there are much better alternatives for free. If Q360 ever made there software a paid product there would be an uproar regarding the FP's.

 

[Wave]

Just restore from quarantine/put it under trusted. Problem solved. So what's the big problem?

The problem is that if a vendor has high FP detection's then you'll notice it'll detect more malware, and then the fanboys will come out from under their rocks and praise it for having the "best" malware detection out of every security product on the market (or at least imply this without directly making an invalid statement like this), when in actual fact it's due to the FP detection's which are getting them to their position in terms of detection.

Also agreed with @ZeroDay, it's totally ridiculous. But before I anger some specific individuals, I'd like to say that I fully respect the Qihoo team and definitely think it is absolutely the best vendor on the market!

Qihoo IS is on my system right now, I would be infected without it. 100% detection, amazing HIPS and don't forget about that super-powered QVM AI Engine, it is a true masterpiece.

Thanks for reading, and go buy Qihoo ASAP!

 

[minegroasprilla]

So, use KIS and problem solved....... Life is not a tragedy.

 

[ZeroDay]

So, use KIS and problem solved....... Life is not a tragedy.

So if we don't want to use Q360 we should use KIS? Ok, got ya.

 

[AtlBo]

My experience with 360TS was excellent but it detected my Visual Basic 2015 projects as Trojans I need to change to another antivirus.

This does seem to me like a good place to hide malware, honestly. Each project contains executables, and it seems like an easy place to drop something. By default it all goes in the user Documents folder, and a phoney project could easily be dropped there without proper monitoring. I think the best posture on this software is the same posture applied to every other security software. Find what works for you. That's my angle on the whole thing.

Unless someone wants to come out and say that they have a problem other than FPs with Qihoo 360TS, I feel the above is the best approach to this issue. If it is something else, well, that would change the debate a great deal.

 

[Sia-Dst]

I don't know how qihoo make money & so I can't trust them.

 

[Wave]

This does seem to me like a good place to hide malware, honestly. Each project contains executables, and it seems like an easy place to drop something. By default it all goes in the user Documents folder, and a phoney project could easily be dropped there without proper monitoring. I think the best posture on this software is the same posture applied to every other security software. Find what works for you. That's my angle on the whole thing.

Unless someone wants to come out and say that they have a problem other than FPs with Qihoo 360TS, I feel the above is the best approach to this issue. If it is something else, well, that would change the debate a great deal.

No, sorry not trying to be rude but I don't think you understood his post properly - and you can't just flag programs dropped into the Documents folder, that is ridiculously stupid. Also, Qihoo can easily check which process dropped the executable, and they can see it was by a genuine Visual Studio process (for example); it's a FP detection which is clearly all done intentionally.

Of course a phony project could be dropped in the Documents folder, but that doesn't mean all of them are. It's not very difficult to get a detection out of Qihoo, they are prone to FP detection's and you know it. But if you want to keep defending them then go for it. I am not saying no other vendor has FP detection's, of course they do... Bitdefender used to be well-known for it too (and still is), but this discussion is on Qihoo, so I am not just pointing the finger.

I don't know how qihoo make money & so I can't trust them.

Chances are they sell your data and honestly I wouldn't put it past them nor would I be surprised; that being said they do a lot of beneficial things to earn themselves money. The Qihoo team are known for exploiting software and through their work on vulnerability finding and exploitation, they make a ton of money (they can make a few exploits and go off with half a million dollars from one convention).

Try checking the Privacy Policy and chances are you'll find something interesting towards the middle or the bottom.

Check this on there blog, it isn't just marketing/social engineering, it's true: Qihoo 360 Team hacked Google Pixel in 60 seconds at PwnFest

 

[Sia-Dst]

According to Wikipedia they made 1.39 billion USD in Revenue ( 2014 ). You think they made all of this from vulnerability finding???