I collect and analyze test results from a half-dozen antivirus test labs all over the world. Most of them run a regular cycle, releasing new results monthly, quarterly, or at other intervals. Security vendors can also commission one-off tests, which seem to invariably show them in a good light. That’s only logical; if the test reveals problems they use it to improve the product, not for publicity. Chinese security vendor Qihoo 360 totally aced a recently-commissioned test by AV-Test that specifically evaluated protection against Windows XP exploits.
On May’s Patch Tuesday, Microsoft released a collection of patches for vulnerabilities in various Windows versions. For the first time, and from now on, XP got bupkis. You can bet the bad guys are combing through the announced patches for other Windows versions to see which ones they can use for attacking XP. Since XP is now totally vulnerable, Qihoo 360 specifically requested a test on XP.
The testers used the Metasploit penetration testing tool to generate 54 exploits using different methods to attack seven known vulnerabilities. They specifically used exploits based on vulnerabilities in XP itself, since third-party tools are still getting updates. Some used obfuscation and evasion techniques that might help them slip past security protection. A product had to both detect the attack and prevent execution of the payload in order to earn credit for protecting against the exploit.
Look at the Other Products
Whenever I evaluate a commissioned antivirus report, I pay less attention to the company that commissioned it than to the others. It only makes sense; no company wants to release a report that makes them look bad. It’s good that the free 360 Internet Security 2013 detected 100 percent of the exploits, but it may be more telling that Norton Internet Security (2014) did so too, and that Kaspersky Internet Security (2014) came in at 94 percent.
Among the other tested products were two others with Chinese origin, Tencent and Kingsoft. Tencent came in dead last, detecting less than 20 percent of the exploits. Kingsoft was next in line behind Kaspersky, with 89 percent detection.
About 40 percent of the exploits used some kind of evasion or obfuscation technique to avoid detection. This clearly had no effect on the products that managed 100 percent detection, but it dragged down the overall score for others. avast! Internet Security 2014, for example, detected 82 percent of the non-obfuscated exploits but just 29 percent of those attempting evasion.
Look at the Other Tests
Sometimes a vendor resorts to a commissioned test because their product can’t seem to score high on the regularly scheduled tests. That’s not the case with Qihoo 360. This product earned the top rating in a dynamic protection test from AV-Comparatives, and in AV-Test’s latest evaluation it earned 17.5 of 18 possible points.
I don’t review every security product that comes out of China. Tencent and Kingsoft aren’t on my radar, for example. But Qihoo’s English-language release last year shows a strong interest in grabbing some Western hemisphere market share. XP users, you really, really need to install something that will protect your system against exploits, whether it’s the free Qihoo 360 or another product.