- Aug 30, 2012
- 6,598
- Content source
- https://www.facebook.com/avtestorg/posts/952718894780899
Today, three of the world’s most renowned and trusted security testing bodies, AV‐Comparatives, AV‐ TEST and Virus Bulletin, stand united to censure security vendor Qihoo 360 after finding the firm submitted products for comparative and certification testing which behaved significantly differently from those made available to its users and customers. The three testing bodies will revoke all certifications and rankings awarded to the company’s products so far this year, and going forward will insist on more open and fair dealings to ensure users are provided with the most accurate information possible. Investigations by the three labs found that all products submitted for testing by Qihoo had one of the product’s four available engines, provided by Bitdefender, enabled by default, while a second, Qihoo’s own QVM engine, was never enabled. This included versions posted to ostensibly public sections of the company’s websites. By contrast, as far as can be determined, all versions made generally available to users in Qihoo’s main market regions had the Bitdefender engine disabled and the QVM engine active. According to all test data this would provide a considerably lower level of protection and a higher likelihood of false positives. Options are provided in the product to adjust these settings, but as the majority of users leave settings unchanged, most tests insist on using the default product settings to best represent real‐world usage. As part of the investigation into Qihoo 360, counter‐accusations were levelled by the company against two fellow Chinese security firms, Baidu and Tencent. Analysis of products submitted for testing by these companies turned up some unexpected flags within their products, marked with the names of several test labs and implying some difference in product behavior depending on the environment they were run in – similar flags were also found in Qihoo products. However, no evidence could be found that this gave any significant advantage to either product, and in some cases it even seemed to put them at a disadvantage. Both firms were able to provide good reasons for including these flags in their products. On requesting an explanation from Qihoo 360 for their actions, the firm confirmed that some settings had been adjusted for testing, including enabling detection of types of files such as keygens and cracked software, and directing cloud lookups to servers located closer to the test labs. After several requests for specific information on the use of third‐party engines, it was eventually confirmed that the engine configuration submitted for testing differed from that available by default to users.
Read more here
http://www.av-test.org/fileadmin/pdf/VB-AVC-AVT-press-release.pdf