Huge Flaw (Qihoo 360 )

[Rolo]

You need to state how you have 360 configured. Try custom, everything enabled, especially "File System Protection" (should be ON by default) and "Scan File When Opened" (ON in "Security" configuration).

"Downloaded File Scan" is also on by default; if it is still on, odd that it didn't detect it then.

Why aren't you running 360 v7?

 

[kiric96]

"Heur QVM"

i may say that 95% of qihoo´s overall detection are named under "heur qvm" or whatever generic signature they use, it is a rare case if you find malware named correctly

You need to state how you have 360 configured

no matter what your settings are, in some point or another you may face this issue

 

[Rolo]

no matter what your settings are, in some point or another you may face this issue

I don't know what the issue is since I don't know the configuration.

 

[kiric96]

I don't know what the issue is since I don't know the configuration.

we are talking about the fact that qihoo doesnt block malware in "realtime" no matter what actions you do... right? so, for this case as i said before you may face this issue sooner or later

 

[Rolo]

we are talking about the fact that qihoo doesnt block malware in "realtime" no matter what actions you do... right?

Wrong. That fact hasn't been established yet since we don't know how it is configured. It may be working perfectly in the "disabled" setting.
I can see an issue with it not detecting it on download, though, but that setting needs to be verified.

If something didn't produce the expected outcome, either the expectations are wrong or the output is wrong. To determine which, it must be investigated. Inattention to settings is how many a blunder was made and that is more likely than a software bug or a hardware failure.

...unless you're running Comodo

(kidding!)

Either way, were one to submit a bug report, these questions have to be answered.
...Sometimes with proper formatting!

 

[kiric96]

we don't know how it is configured

personally and being honest, when i used qihoo some time ago, i faced these problem (and many others) when qihoo was not able to detect or neutralize a malware (that i know it was detected in first place) no matter which settings you use... as i said before "sooner or later" you will face that, i could agree that may be a miss configuration but in general and judging qihoo am sure that issue is related to something but not a setting problem.

as for reporting bugs, qihoo is not a winner when it comes to technical matters... (my own experience)

 

[Nikos751]

If we analyze the detection name entitled "Heur QVM" which means that the heuristics came to prevent (but perhaps in scan only for some case) and none of other components (via signature) were recognized immediately therefore the reaction process is slow. The protection capabilities are rely on official detection names that applies at any File system action. (such as copy, paste, rename)

This came to my mind too, but I dont think other major players do it this way.
Also, the same happened with a directly flagged file as adware (not heuristics) so it may be the case @gricardo21 talked about.

 

[Nikos751]

personally and being honest, when i used qihoo some time ago, i faced these problem (and many others) when qihoo was not able to detect or neutralize a malware (that i know it was detected in first place) no matter which settings you use... as i said before "sooner or later" you will face that, i could agree that may be a miss configuration but in general and judging qihoo am sure that issue is related to something but not a setting problem.

as for reporting bugs, qihoo is not a winner when it comes to technical matters... (my own experience)

I also changed settings and there was no change too.

 

[Nikos751]

You need to state how you have 360 configured. Try custom, everything enabled, especially "File System Protection" (should be ON by default) and "Scan File When Opened" (ON in "Security" configuration).

"Downloaded File Scan" is also on by default; if it is still on, odd that it didn't detect it then.

Why aren't you running 360 v7?

I personally did these. Nothing changed. And also, my computer was a fresh windows installation without a single av being present before.
I didnt tried v7 though.

 

[Rolo]

I dont think other major players do it this way

They do. Heuristics is the "name" when it doesn't match a specific signature but the contents resembles malicious logic. Basically, it's not calling it a duck but it is pointing out the appearance of a duck.

You'd want to try the latest version since they may have fixed the bug you are experiencing. Speaking as a former developer, it is really really really annoying to get a bug report for something I already fixed and released an update for.

Can you provide a link to what you donwloaded? I'd like to test this also.

 

[Nikos751]

They do. Heuristics is the "name" when it doesn't match a specific signature but the contents resembles malicious logic. Basically, it's not calling it a duck but it is pointing out the appearance of a duck.

You'd want to try the latest version since they may have fixed the bug you are experiencing. Speaking as a former developer, it is really really really annoying to get a bug report for something I already fixed and released an update for.

Can you provide a link to what you donwloaded? I'd like to test this also.

here you are hxxp://www.videoplayerhd.com (for non knowledgable people here in MT: do not enter this page if you don't know what you are doing)
You 're right, it would be good to test TS v7, but the fact is that TSE is not yet updated, supposing there is a fix for that.

 

[Rolo]

Mine caught it just fine (heh...SmartScreen said the file was fine!)

1. With IE, no adblockers, "recommended settings", I went to your URL (why are you going there anyway?) and clicked on the fake notification button to install the "AutoUpdater".
2. I clicked "Save As" and it downloaded to my Downloads folder where SmartScreen scanned it.
3. After SmartScreen gave it the green light, Qihoo displayed the dialog pictured below (I didn't even try to execute it).
4. The file was removed after I clicked OK.

The popup on the lower right is GlassWire.

TSE doesn't have v7 yet. I'm running TS 6.8 (Win10 version).

 

[jamescv7]

This came to my mind too, but I dont think other major players do it this way.
Also, the same happened with a directly flagged file as adware (not heuristics) so it may be the case @gricardo21 talked about.

Oh well then its a problem already for Qihoo about processing issue, cause detecting threats via generic signatures/unique or heuristics should cause a pop up interaction where other product didn't suffer for lapses.

One thing can be is the cloud that sometimes it just use for reference where the file is detected malicious but no user interaction. Hence same concept from ESET Live Grid.

 

[Nikos751]

Mine caught it just fine (heh...SmartScreen said the file was fine!)

1. With IE, no adblockers, "recommended settings", I went to your URL (why are you going there anyway?) and clicked on the fake notification button to install the "AutoUpdater".
2. I clicked "Save As" and it downloaded to my Downloads folder where SmartScreen scanned it.
3. After SmartScreen gave it the green light, Qihoo displayed the dialog pictured below (I didn't even try to execute it).
4. The file was removed after I clicked OK.

The popup on the lower right is GlassWire.

TSE doesn't have v7 yet. I'm running TS 6.8 (Win10 version).

This website was from malwarehub, and I wanted to do a quick test of Qihoo.
I cannot imagine why the result is different except from the different browser you used and Win 10 instead of Win7.
thanks for the screenshot anyway

 

[Rolo]

I know why.

I did the same thing with Edge only this time it downloaded a zip containing a zip containing the executable. Qihoo didn't catch it even when I ran the executable and the malware started installing and talking on the network.

That is a little disappointing.

Edit: Another explanation could be that it isn't serving the same file every time someone clicks on the fake banner...like how the Borg rotate shield frequencies!