App Review Qihoo Total Security- An initial test

[_CyberGhosT_]

I am still reluctant in using Chinese security apps, their ethics have been in question more than once in the past.
What is your view on this CS?

/W

Right, reguardless of their score you could not pay me to use this software
Those in the know concerning this company's history steer very clear of them and are smart to do so.
If I wanted BD or Avira accuracy I would install BD or Avira, and eliminate the middle man. (jmho)
Cool Vid CruelSis, Thank You.

 

[Deleted member 2913]

Indeed. I think CS even recommends using Q360 with Comodo firewall for some users. That is a rock solid setup that I've used myself and with Comodo HIPS you're onto a winner.

Users who can use Comodo FW dont need any 3rd party AVs IMHO.

 

[_CyberGhosT_]

126

Can't believe I didn't include Yahoo in the above Rant. It is criminal that the the lovely and extraordinarily well dressed Ms Mayer (her haircut is REALLY CUTE!!!) sat on the yahoo email breach for 2 YEARS in order to cover this up as Yahoo was being shopped around and she and the Board wanted to pocket more cash. And Yahoo is from California.

I know right. crazy ##### going on there, but honestly, not surprising.

 

[ZeroDay]

Users who can use Comodo FW dont need any 3rd party AVs IMHO.

They don't need it but some prefer to have a seperate AV and use Comodo firewall. I can use Comodo very well and I use a separate AV too. I know I'm fully protected with how Comodo is set up I guess I'm just a creature of habit.

 

[Evjl's Rain]

Users who can use Comodo FW dont need any 3rd party AVs IMHO.

it's partly true
But I don't feel safe without an AV
comodo is a buggy product which won't be fixed in a short period of time. If there is a bug in the product and something happens, malwares can infect the system without any other prevention. I think we need a STABLE AV which can protect against basic malwares and comodo will cover the rest

 

[cruelsister]

Rain- Comodo Firewall really isn't buggy at all as long as you take a minimalist approach to it. So many feel that just because there are boxes to tick off that these should be utilized, and that's where a majority of issues occur. Trust me when I say that CF works best for those that modify it least.

 

[Av Gurus]

Have you experienced a similar situation as some users that Comodo not remember settings?

 

[Der.Reisende]

Have you experienced a similar situation as some users that Comodo not remember settings?

Would be interested in, too
What settings do you suggest @cruelsister? As a user of Qihoo 360 TS from today on, again?

 

[cruelsister]

No, I really have not had such an issue For any that are new to Comodo Firewall and will use it with Qihoo I would suggest the following:

1). Firewall- this would be the only big setting choice:

a. For those that want to be alerted when ANY application tries to connect out for the first time (and thus approved on a case by case basis)- set the Firewall to Custom Mode
b. For those that want to be alerted only to unknown applications connecting out, leave it in Safe Mode.

If you use Safe Mode, go into Firewall settings and check the "Do NOT show popup alerts" and change it to Block Requests. Do NOT do this if you use Custom Mode as you will already be deciding on Network access on a program by program basis.

2). Shut off HIPS (Qihoo is less noisy).

3). For those totally new to CF leave the Sandbox on Partially Limited. For those experienced, change sandbox setting to Untrusted (the current build 8.4.0.5165 now works with Win10).

That's it.

As anyone now reading this message is a security Geek (you can admit it- it's OK) It is going to be REALLY hard for you not to play with the other settings and do stuff like sandbox browsers (Geeks have NEVER seen a optional setting that they (we) don't want to check; but don't do it!!! It only will lead to frustration, and you have better things to obsess about (like what size emerald to get me for Christmas).

ps- There will be another Qihoo video released on Wednesday that will concentrate on Qihoo's mechanistic blocking routine.

 

[SHvFl]

@cruelsister I know you don't test Emsisoft but if you ever tested it outside of videos do you think it has the best hips of the antivirus genre? If not which hips is the best in your opinion on detecting malware actions(not any action btw just malware actions).

 

[Av Gurus]

No, I really have not had such an issue For any that are new to Comodo Firewall and will use it with Qihoo I would suggest the following:

1). Firewall- this would be the only big setting choice:

a. For those that want to be alerted when ANY application tries to connect out for the first time (and thus approved on a case by case basis)- set the Firewall to Custom Mode
b. For those that want to be alerted only to unknown applications connecting out, leave it in Safe Mode.

In both of the above cases, go into Firewall settings and check the "Do NOT show popup alerts" and change it to Block Requests.

I think that this RED settings is not good for a.) settings
Because all program will be block from going to internet.



...or maybe you mean "Un-check"?

 

[cruelsister]

AVGuru- You are my Hero. Yes, this should only be checked when using the Firewall Safe Mode (to block things in the sandbox from being able to connect to the Internet); employing do not show popup alerts when in Custom mode will, as you nicely pointed out, will stop anything from getting out (Double Plus Ungood). I've edited the former post, and Thank You again!

(lesson for today- No forum posting while on a Conference call)

 

[Der.Reisende]

No, I really have not had such an issue For any that are new to Comodo Firewall and will use it with Qihoo I would suggest the following:

1). Firewall- this would be the only big setting choice:

a. For those that want to be alerted when ANY application tries to connect out for the first time (and thus approved on a case by case basis)- set the Firewall to Custom Mode
b. For those that want to be alerted only to unknown applications connecting out, leave it in Safe Mode.

If you use Safe Mode, go into Firewall settings and check the "Do NOT show popup alerts" and change it to Block Requests. Do NOT do this if you use Custom Mode as you will already be deciding on Network access on a program by program basis.

2). Shut off HIPS (Qihoo is less noisy).

3). For those totally new to CF leave the Sandbox on Partially Limited. For those experienced, change sandbox setting to Untrusted (the current build 8.4.0.5165 now works with Windows 10).

That's it.

As anyone now reading this message is a security Geek (you can admit it- it's OK) It is going to be REALLY hard for you not to play with the other settings and do stuff like sandbox browsers (Geeks have NEVER seen a optional setting that they (we) don't want to check; but don't do it!!! It only will lead to frustration, and you have better things to obsess about (like what size emerald to get me for Christmas).

ps- There will be another Qihoo video released on Wednesday that will concentrate on Qihoo's mechanistic blocking routine.

Thank you for the detailed introduction
I might try out Custom mode as it best fits my needs, showing malware trying to call out.
Good to have a warning 'bout not to test out the many options
Also really looking forward to the tomorrow release of your video.
As for the emerald, hope Santa will read it

 

[shmu26]

2). Shut off HIPS (Qihoo is less noisy).

As anyone now reading this message is a security Geek (you can admit it- it's OK) It is going to be REALLY hard for you not to play with the other settings and do stuff like sandbox browsers

shut off HIPS + don't sandbox browsers = no exploit protection

 

[Duotone]

@cruelsister great video... then again I just skipped the video and just listened to the music!

 

[shmu26]

No, I really have not had such an issue For any that are new to Comodo Firewall and will use it with Qihoo I would suggest the following:

For those experienced, change sandbox setting to Untrusted (the current build 8.4.0.5165 now works with Windows 10).

putting unknown files on automatic "block" can cause system files to be blocked without warning. My intel integrated graphics was blocked without warning, and it took me a while to figure out why I couldn't view images right.

 

[cruelsister]

shmu- Great Comment- this occurred to me that those new to Comodo should start with things tending more to the default until familiar with the program. I'm going to try to make some time over the next few days to do a basic Qihoo + Comodo installation video with selected example of how things work (like how to get a valid app out of the sandbox, etc).

Also about browser sandboxing and exploits- although there isn't anything work at all in doing this, remember that a web exploit, in order to infect your system, still has to run locally on your computer. Another example would be a malicious Word Document that uses macros- once the document is open and the macros kick in, the resulting malicious processes would be detected separately for Word.exe itself and would be isolated even though Word itself is not sandboxed.

 

[shmu26]

Also about browser sandboxing and exploits- although there isn't anything work at all in doing this, remember that a web exploit, in order to infect your system, still has to run locally on your computer.

An unlucky user could still get hit by a fileless browser exploit, but admittedly, the chances are pretty low.

 

[cruelsister]

Actually the chances are not that low, but nonetheless don't matter. I'm really starting to dislike the term "fileless" since one can easily infer that nothing has to be executed in order to infect a system, when this is absolutely not the case!

For example, let's consider a user who has not updated their Adobe Flash and/or java for a while- So the user browses to some webpage which (normally through mal-advertising) is infected. This infected page will host an exploit kit that will take advantage of a vulnerability that the BlackHats have found- but this an only this can be termed "fileless". What happens now is anything but fileless as the exploit kit will contact Command to download the payload- and this payload will have to be run locally (on your system) to infect, and this is anything but fileless! Point being that when the payload is downloaded and run it will also be detected and sandboxed no matter if the browser is isolated or not.

 

[shmu26]

Actually the chances are not that low, but nonetheless don't matter. I'm really starting to dislike the term "fileless" since one can easily infer that nothing has to be executed in order to infect a system, when this is absolutely not the case!

For example, let's consider a user who has not updated their Adobe Flash and/or java for a while- So the user browses to some webpage which (normally through mal-advertising) is infected. This infected page will host an exploit kit that will take advantage of a vulnerability that the BlackHats have found- but this an only this can be termed "fileless". What happens now is anything but fileless as the exploit kit will contact Command to download the payload- and this payload will have to be run locally (on your system) to infect, and this is anything but fileless! Point being that when the payload is downloaded and run it will also be detected and sandboxed no matter if the browser is isolated or not.

thanks for the great explanations.
Now I must admit that I am confused. Why are people so big on sandboxing/isolating/limiting their browsers and PDF apps (think of ReHIPS for instance), if the anti-exe will anyways stop the payload from running?