Huge Flaw (Qihoo 360 )

[FreddyFreeloader]

But yet so many people love 360. Lol

The Q360 team found many flaws in IE/Windows in June that Microsoft didn't know about or were unable to fix. If they are that switched on, you know they could fix this if they wanted to. All that's needed is to allow Q360 to download/run in a standard account file.
Baidu appears to have the same fault.

 

[kiric96]

So what about people with 360 and multiple user accounts? I have never ever seen an antivirus do this in 20+ years. It is a major problem. Right clicking and run as Admin will not work if you are a standard user.

emm at least for me it works

 

[Atlas147]

I can agree that qihoo has a lot of flaws compared to something like avast, I've used both on my system before and found that avast is significantly better at response times to threats whereas qihoo is sluggish when it comes to detecting threats that I have unzipped on the system. However I think both products are good in a way, avast has been doing quite well in their detections recently and qihoo has always been doing very well in detections be it the results of AV comparatives or the stand alone tests that have been done by our members over at virus exchange. From the tests I have done there I can conclude that most of the detections are done by their QVM II engine which is also their heuristics, and the good thing is that it doesn't require a internet connection however it is significantly used more than the virus definitions when there is an internet connection?

Here is a test I have done, below you can see 2 screenshots attached, one of them is the offline scan I did and the other is an online scan I did, both with the same samples. As you can see the offline scan used all the virus definitions whereas the online scan used all the heuristics, which leads me to believe that the internet connection will affect the heuristics? But this doesn't make sense because why would TS need internet connections to run heuristics?

https://www.dropbox.com/sh/766oqt63jh1adv8/AABtRkYvQ63h96hgs-UlEW5ia

 

[kiric96]

I can agree that qihoo has a lot of flaws compared to something like avast, I've used both on my system before and found that avast is significantly better at response times to threats whereas qihoo is sluggish when it comes to detecting threats that I have unzipped on the system. However I think both products are good in a way, avast has been doing quite well in their detections recently and qihoo has always been doing very well in detections be it the results of AV comparatives or the stand alone tests that have been done by our members over at virus exchange. From the tests I have done there I can conclude that most of the detections are done by their QVM II engine which is also their heuristics, and the good thing is that it doesn't require a internet connection however it is significantly used more than the virus definitions when there is an internet connection?

Here is a test I have done, below you can see 2 screenshots attached, one of them is the offline scan I did and the other is an online scan I did, both with the same samples. As you can see the offline scan used all the virus definitions whereas the online scan used all the heuristics, which leads me to believe that the internet connection will affect the heuristics? But this doesn't make sense because why would TS need internet connections to run heuristics?

https://www.dropbox.com/sh/766oqt63jh1adv8/AABtRkYvQ63h96hgs-UlEW5ia

once qihoo told us in a forum that QVM engine, relies into the cloud, and that has a lot of sense, this product offers qihoo engine not bitdefender. most of the times offline detection rates are too low than the awesome online results. And not really, qvm engines works as this simple, it inspect a file if it is unknown or probably malicious, the file is loaded to the cloud, and then in 1-3 minutes you could have the detection for it. 360 cloud engine (the viruses that are already classified as malware). And yes you are right but i prefer qihoo than avast... "is sluggish" yes eset is the fastest into catch a malware, but as long the file is not executed your pc is ok. (is not a good idea, but is ok for me) of course if you interact with the malware qihoo will react

 

[Atlas147]

once qihoo told us in a forum that QVM engine, relies into the cloud, and that has a lot of sense, this product offers qihoo engine not bitdefender. most of the times offline detection rates are too low than the awesome online results. And not really, qvm engines works as this simple, it inspect a file if it is unknown or probably malicious, the file is loaded to the cloud, and then in 1-3 minutes you could have the detection for it. 360 cloud engine (the viruses that are already are classified as malware). And yes you are right but i prefer qihoo than avast... "is sluggish" yes eset is the fastest into catch a malware, but as long the file is not executed your pc is ok. (is not a good idea, but is ok for me) of course if you interact with the malware qihoo will react

Yeah I think that it's sensible for them to rely on the cloud because if you download a file from the internet you would have internet to check the file with the cloud servers right? So in theory there won't be many people running unknown files without the internet. I think the best protection is still playing it safe, if you are interacting with an unknown file you should wait till you have an internet connection before running it.

Still I think TS behaves like an anti malware companion because it doesn't immediately react to the malware on the system, unlike avast. But still I stick with my choice from changing from Avast to 360TS anyday, really like their user interface.

 

[kiric96]

Yeah I think that it's sensible for them to rely on the cloud because if you download a file from the internet you would have internet to check the file with the cloud servers right? So in theory there won't be many people running unknown files without the internet. I think the best protection is still playing it safe, if you are interacting with an unknown file you should wait till you have an internet connection before running it.

Still I think TS behaves like an anti malware companion because it doesn't immediately react to the malware on the system, unlike avast. But still I stick with my choice from changing from Avast to 360TS anyday, really like their user interface.

with interact i tried to mean that for example in your case (you are completely right) you unzip a malware that is already detected by the engine (360/qvm/bit) as you mentioned, qihoo will not react instantly. there must be a real interaction with the file to be detected eg: right click, move to another folder etc. however your point is also right

 

[vindiesel]

Hi all, I had BitDefender installed and wanted to try 360 full and had winoptimizer 11 which cleans Register here and I was saying that I could not remove 360safe.exe that according to many pages is a virus, I do not know if it's positive or false, but my pc started to fail and Bitdefender cleaned everything perfect, when installing 360 Total started to fail Windows Explorer should restart and the Pc began slow, this is my experience with this antivirus, I do not recommend it.

Everyone who think what you want is what I experiment with all 360.

 

[kiric96]

Hi all, I had BitDefender installed and wanted to try 360 full and had winoptimizer 11 which cleans Register here and I was saying that I could not remove 360safe.exe that according to many pages is a virus, I do not know if it's positive or false, but my pc started to fail and Bitdefender cleaned everything perfect, when installing 360 Total started to fail Windows Explorer should restart and the Pc began slow, this is my experience with this antivirus, I do not recommend it.

Everyone who think what you want is what I experiment with all 360.

yes, 360safe.exe is a malware, but remember that some inactive malware are smart enough to wait until the proper moment to make presence with it payload, and some times malware can leave some traces that makes the system a unstable. Been honest your case is one from thousands ´cuz until, now i hear that 360 can cause such problems.... may be you have a patched explorer, if the explorer suddenly restart it means that somenthing in the registery is not working well. And qihoo at least IS version will NEVER slow down your pc, even in an olddd pc.... i am talking from my experience and testing

 

[vindiesel]

yes, 360safe.exe is a malware, but remember that some inactive malware are smart enough to wait until the proper moment to make presence with it payload, and some times malware can leave some traces that makes the system a unstable. Been honest your case is one from thousands ´cuz until, now i hear that 360 can cause such problems.... may be you have a patched explorer, if the explorer suddenly restart it means that somenthing in the registery is not working well. And qihoo at least IS version will NEVER slow down your pc, even in an olddd pc.... i am talking from my experience and testing

Hello friend but trouble is that I say, began when installing 360 total so I say.

 

[kiric96]

Hello friend but trouble is that I say, began when installing 360 total so I say.

ok with that i can accurately tell you that something in your pc is not going well.

 

[ForgottenSeer 19494]

i am aware of this issue already, i already talked about this in this forum, but i didnt have the time to create a topic for it. You are completely right that doesnt mean it is a bad product, however this failure is not the only one, there are many ones (for example about the bitdenfender updates and other ones). i already contact them via facebook but they didnt answer, well at least for me, is not a problem cuz i am the only one who uses the pc.

This is not a hidden flaw, cuz on start you may see a pop up prompting a message telling you that an AC user account is rquired, the only thing is you have to do is run the program with admin privileges and thats all, (all least for me works).


ABOUT BITDEFENDER FLAW

by some reason the bitdefender database used in qihoo is not the same as seen on emsisoft or even the same bitdefender IS as well, why? simple, there are many samples that are not detected by bitdefender engine (qihoo) but they are already covered by bitdefender paid version, even old samples (from several days old). my theory is that, due to the fact bitdefender uses to update hourly the databases and qihoo updates two times per day, some signatures are lost in the way.

EXPERIMENT: take an old malware pack from here (a week old etc) scan with qihoo in offline mode, then do the same with bitdefender IS; TS, AV you would see a big diffrence in detection rate (and supposedly the detection rate must be the same).

Conectivity issue

as all we know qihoo with out internet is a ***, but i think it makes a good job from preventing infection, in the rare case you get infected you can easily connect to a network and wait for qihoo to remove the hazard, if not we have second opinion scanners. I believe that all users here are smart enough to get infected in a normal basis.

Finally if you mix software eg: qihoo+private firewall+traffic light etc. that would be enough. BUT I WILL STAY WITH QIHOO anyway.


PST: sorry for my poor english, it is not my main language, if you have any problems trying to get my point send me a PM and i wiil explain you

I don't think it has something to do with the hourly and daily definitions, they just don't have all Bitdefender and Avira signatures. Here's the proof: http://malwaretips.com/threads/qiho...-protection-capacity.28530/page-7#post-220892
A week or so after i submitted the sample they added their own signature but this is a proof that they don't have all definitions. Bitdefender for sure has the Win32.Worm.Downadup.Gen definition since a year or two at least. The same with Avira's TR/ATRAPS.Gen2. Just don't tell me that they need years to add all Bitdefender and Avira definitions.

 

[vindiesel]

yes, 360safe.exe is a malware, but remember that some inactive malware are smart enough to wait until the proper moment to make presence with it payload, and some times malware can leave some traces that makes the system a unstable. Been honest your case is one from thousands ´cuz until, now i hear that 360 can cause such problems.... may be you have a patched explorer, if the explorer suddenly restart it means that somenthing in the registery is not working well. And qihoo at least IS version will NEVER slow down your pc, even in an olddd pc.... i am talking from my experience and testing

Bitdefender is that everything worked fine, never appeared windows explorer stopped working and eliminated all WinOptimizer 11 360 complete until you install it all started to go bad, I hope my experience understands .thanks friend for your reply.

 

[kiric96]

I don't think it has something to do with the hourly and daily definitions, they just don't have all Bitdefender and Avira signatures. Here's the proof: http://malwaretips.com/threads/qiho...-protection-capacity.28530/page-7#post-220892
A week or so after i submitted the sample they added their own signature but this is a proof that they don't have all definitions. Bitdefender for sure has the Win32.Worm.Downadup.Gen definition since a year or two at least. The same with Avira's TR/ATRAPS.Gen2. Just don't tell me that they need years to add all Bitdefender and Avira definitions.

it was a theory XD but the point is that one. my point is based on the fact that qihoo only updates bitdefender engines 2 times per day, and as all we know bitdefender does hourly.... somewhere in the way the signatures are lost, may be the dont pack all signatures that bitdefender publish. if some one knows the real reason please try to explain to us.

Bitdefender is that everything worked fine, never appeared windows explorer stopped working and eliminated all WinOptimizer 11 360 complete until you install it all started to go wrong, it is my experience that understands amigo.gracias hope for your reply.

como te decia mi estimado algunos malwares esperan el momento oportuno para atacar y con solo que desintales el antivirus es razon suficiente para que la fiesta empiece, acordate si, que bitdefender en cuestion de modulos es un monstruo comparado con qihoo, es decir puede detener mas eficientemente una infeccion que el pobre qihoo. As i told you my friend some malware waits for the proper time to execute it payload, if you uninstall the AV is more than enough to active a hidden malware. but remember that bitdefender has that bitdefender has a better capability to prevent an infection than the poor qihoo

 

[vindiesel]

it was a theory XD but the point is that one. my point is based on the fact that qihoo only updates bitdefender engines 2 times per day, and as all we know bitdefender does hourly.... somewhere in the way the signatures are lost, may be the dont pack all signatures that bitdefender publish. if some one knows the real reason please try to explain to us.



como te decia mi estimado algunos malwares esperan el momento oportuno para atacar y con solo que desintales el antivirus es razon suficiente para que la fiesta empiece, acordate si, que bitdefender en cuestion de modulos es un monstruo comparado con qihoo, es decir puede detener mas eficientemente una infeccion que el pobre qihoo. As i told you my friend some malware waits for the proper time to execute it payload, if you uninstall the AV is more than enough to active a hidden malware. but remember that bitdefender has that bitdefender has a better capability to prevent an infection than the poor qihoo

Ok thanks for the info friend.

 

[JAMESWT]

6 months?
I can't believe that 6 months (and a lot of emails etc) not enough for them to solve this issue.
I will never recommend this software to anyone regardless they solve this or not. They released a software for protecting the users and... A simple tool which checks every newly created file (downloaded from internet for example) with VT or any online scanner is better than this. (No, not really, but...)

They had solve this problem before they released the first version and not 6 months later (oops, the flaw is still exist)...How they was able to create a protection engine if they can't solve a problem like this in 6 months?

Another beer
and think about Qihoo 360 had over 475 million monthly active Internet users, and over 467 million monthly active mobile users, based on the data from iResearch.

Unbelieved how many user and how much time with bug open and not fix

 

[hopefully_secure]

I haven't checked myself but this may have been fixed in the latest version.

What's new in the latest version? Version 5.0.0.2000 August 29, 2014
1.Bug Fixes:
1.1 Program crashes on scanning specific files.
1.2 Scan may stop at initialization when performing virus scan on non-administrator account.

 

[Amiga500]

It seems nothing has been fixed.470 million users approximately is not a convincing number considering china has a population in billions..i have not used this software and i dont intend to because of the chinese origin but it seems effective.

 

[Nikos751]

I just downloaded the iLivid adware/bad program to my PC using 360 TSE 6.6, Windows 7 & Chrome, both 64bit.
1)File was downloaded. No reaction.
2)Right click & scan. Detected as HEUR QVM etc. Deleted.
3)File was downloaded again. No reaction.
4)Right click on file, viewing properties. No reaction.
5)moving and copying the file to another location (Downloads to Desktop). No reaction.
6)Packing the file into a rar archive. No reaction.
7)Run the file sandboxed in Sandboxie. No reaction.

Did these steps 4 times in an hour. What's going on? Dissapointment.

Update, later on, I did the same steps and 360 detected the file when downloaded. Maybe it's really a matter of cloud proccessing and it needs an hour or more? I don't know.

 

[kiric96]

I just downloaded the iLivid adware/bad program to my PC using 360 TSE 6.6, Windows 7 & Chrome, both 64bit.
1)File was downloaded. No reaction.
2)Right click & scan. Detected as HEUR QVM etc. Deleted.
3)File was downloaded again. No reaction.
4)Right click on file, viewing properties. No reaction.
5)moving and copying the file to another location (Downloads to Desktop). No reaction.
6)Packing the file into a rar archive. No reaction.
7)Run the file sandboxed in Sandboxie. No reaction.

Did these steps 4 times in an hour. What's going on? Dissapointment.

Update, later on, I did the same steps and 360 detected the file when downloaded. Maybe it's really a matter of cloud proccessing and it needs an hour or more? I don't know.

in terms of security this could be a problem, no matter if it is a cloud processing problem, however i have seen that qihoo reacts slower when it comes to adware, but for real malware the situation is different

 

[jamescv7]

If we analyze the detection name entitled "Heur QVM" which means that the heuristics came to prevent (but perhaps in scan only for some case) and none of other components (via signature) were recognized immediately therefore the reaction process is slow. The protection capabilities are rely on official detection names that applies at any File system action. (such as copy, paste, rename)