The news is disconcerting, the Chinese security firm Qihoo (CHEE-hoo) 360, is providing to its hundreds of millions of users a product that differs from the one the it has submitted to the major testing labs, and of course with worst performance. Qihoo, in fact, had in 2014 nearly 496 million Internet Security users, and 641 million mobile AV users.
Qihoo has provided its AV solutions to certifications programs operated by AV-Comparatives, AV-Test, and Virus Bulletin, but these organisms once discovered that the solutions the received for the tests are significantly different from the products available to end-users decided to revoke their certifications for the Chinese company.
Researchers at AV-Comparatives, AV-Test, and Virus Bulletin confirmed that Qihoo had enabled a scanning engine provided by Bitdefender by default, but disabled the QVM engine they provide.
“Independent tests serve both users and developers, showing which products are performing best and highlighting areas where developers need to work harder. If the products being tested aren’t those being used in the real world, nobody’s getting any useful information.” said John Hawes, Chief of Operations at Virus Bulletin.
Customers who purchased Qihoo AV received a solution that doesn’t rely on the Bitdefender engine, instead it uses QVM engine acting as the primary resource which expert consider a lower quality product.
“According to all test data this would provide a considerably lower level of protection and a higher likelihood of false positives. Options are provided in the product to adjust these settings, but as the majority of users leave settings unchanged, most tests insist on using the default product settings to best represent real-world usage,” reads a joint statement from the three organizations.
The investigation is having serious repercussion on the AV market, Qihoo in fact admitting the practice confirmed that also other two Chinese companies, Baidu and Tencent, cheated the lab tests. Actually the organization in charge of the tests in the AV are investigating also on these other two firms.
Qihoo confirmed that some settings were adjusted for testing, the modifications were related to detection capabilities (i.e. Detections for keygens and cracked software) and performance. It seems that Qihoo, in order to make it products faster, directing the request of its AV to cloud-based look-ups to servers located closer to the labs where the test were performed.
“Users rely on independent results to make an educated decision regarding their protection software. If vendors start to manipulate the testing process, they are hurting everyone involved,” added Maik Morgenstern, CEO of AV-Test.
The real victims of the actions taken by some antivirus firms are the end-users that could be more exposed to cyber threats due to the adoption of less efficient solutions.
“Misuse of such tests for marketing purposes will, in the long run, result in more successful malware attacks, making Internet users less secure,” added Andreas Clementi, CEO of AV-Comparatives.
Marketing is the principal enemy of cyber security 😉
(Security Affairs – Qihoo, Antivirus)