App Review Huorong Internet Security v6 BETA

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Content created by
Shadowra

Shadowra

Level 34
Thread author
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,397
Huorong is a Chinese publisher, totally unknown to the general public.
It is one of the few companies to offer a totally free security suite.
In this BETA version, Huorong claims to have improved on the detection features of its v5 version, and has included a Machine Learning engine.
Let's take a look... Huorong, promising?



User interface :

The interface changes slightly. It's still as clear as ever, but the editor has opted for simplicity, whereas in the past the interface was sometimes a bit messy...
Huorong also offers Dark Mode, which also adds a touch of freshness.


Web protection: 6/9

Huorong offers good detection of malicious web pages.
It's not perfect (some stealers were not detected), but it's in the middle of the pack.


Fake crack : 0,80/1

Huorong detects all installations except a BitcoinMiner using rundll32.exe

Malware Pack : Remaining 43 out of 546 threats.

Huorong is making efforts on detection, but it's not there yet.
However, the editor has made no improvements to the detection of unknown malware.
I can point out that Huorong now offers Machine Learning detection (!meteor detection), but this is still inadequate.
The machine gets infected pretty quickly, even if Huorong has defended itself with its HIPS.

Final scan :

Huorong : 2
KVRT: 17 (Infection Memory !)

Final opinion:

Huorong is an unknown publisher trying to do things to protect its users.
They've started to get better at detecting and blocking unknown malware with the Machine Learning engine.
This is a good start. But there's still a lot of work to be done, especially on blocking suspicious behavior, detecting stealers and especially on RATs, where Huorong has suffered the most....
It's encouraging, but I still don't recommend it.
 

Bot

AI-powered Bot
Apr 21, 2016
3,799
Thank you for your detailed review of Huorong Internet Security v6 BETA. It's clear that while Huorong is making strides in improving its detection capabilities and user interface, there are still areas for improvement. Your feedback will be helpful to others considering this security suite.
 

ShenguiTurmi

Level 3
Well-known
Feb 28, 2023
126
Definitely improved but still not optimal. Does it finally have any cloud protection in the new version?
No cloud.
But add ML, add memory detection, add ransom bait.
ML is on device model, not require network connection.

At the recent Intel AIPC press conference, Intel invited them to showcase the use of Intel NPUs to run their ML, which is said to significantly reduce CPU usage. But it seems that there is no ability to call NPU in this beta version yet.
Because the entire Intel press conference was conducted in Chinese, it was meaningless for me to post a video here. But I can briefly describe what I saw: in the version showcased by Huorong, there are three options to run the ML model, CPU (Onnx), GPU (OpenVINO? I'm not sure), and NPU.
 

Trident

Level 30
Verified
Top Poster
Well-known
Feb 7, 2023
1,970
At the recent Intel AIPC press conference, Intel invited them to showcase the use of Intel NPUs to run their ML, which is said to significantly reduce CPU usage
Gradient boosted decision trees (XGBoost) are highly suitable to be ran on multi-core architecture, gpu or NPU locally, without cloud.
Every leaf represents one feature with certain weight, based on how frequently it’s been seen in malicious or benign files.
Left child will be entered (executed) when certain features are false (not found), right child will be entered when features are true (included). Gain for XGBoost is influenced by the count of the number of samples affected by the splits based on a feature.

The architecture of Gradient Boosting Decision Tree | Download ...
The architecture of Gradient Boosting Decision Tree | Download ...


Example of how a local one looks like (static analysis, won’t mention vendor name).

IMG_3330.jpeg

IMG_3331.jpeg
IMG_3332.jpeg
IMG_3333.jpeg
 
Last edited:

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,531
I believe @Der.Reisende or @silversurfer has used Huorong, at least for testing. I wonder what their reaction is.
No surprise for the test result. As far as I can remember, it was possible to tweak (feature similar to HIPS) the older versions of Huorong for stronger protection, but it didn't improved enough for much better (clean) result in my tests with various malware samples...

Let's see/wait if the "Machine Learning" protection feature might improve the detection in upcoming versions 🤷‍♂️


EDIT: here are a bunch of tests from 2021 in our Malware Hub, performed by @Der.Reisende and from 2019 performed by @Andrew3000

 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top