Cheating Incident Jolts Faith in Chinese Cyber Security Firm

News that Qihoo 360 cheated on product evaluations conducted by testing labs is the latest blow to the credibility of major Chinese digital security products, The Hill reports.

Three of the world’s most prominent testing labs — Virus Bulletin, AV-Comparatives, and AV-Test Institute — revoked all rankings and certifications awarded to Qihoo’s products this year after finding that China’s largest cyber security firm cheated on antivirus evaluation tests by submitting one version of its products for testing, while supplying another version to customers.

The labs said in a joint report that the version shipped to consumers “would provide a considerably lower level of protection and a higher likelihood of false positives.”

“Misuse of [product] tests for marketing purposes will, in the long run, result in more successful malware attacks, making Internet users less secure,” Andreas Clementi, CEO of AV-Comparatives, said in a statement.

According to Qihoo’s earnings reports, over 500 million people use its internet security software, about a sixth of the world’s 3 billion Internet users. The cheating incident, The Hill said, is “the latest in a string of incidents that have shaken confidence in Chinese security offerings.”

Last month, Mozilla and Google stopped accepting digital security certificates issued by the Chinese government. Users of Firefox and Chrome browsers are now warned they are potentially exposed to hackers when visiting websites with a “.cn” country code.

While the discovery of Qihoo’s cheating “relates to a private firm, not the Chinese government, both events highlight tensions between China’s tech sector and much of the rest of the world,” The Hill said.

Qihoo told ComputerWorld that the testing labs’ accusations were without merit. “As a result of our efforts, China has become the safest Internet environment in terms of the malware infection ratio, according to a Microsoft study,” it said.

During the evaluation process, the labs found that all the products Qihoo submitted for testing relied on an anti-malware engine from Bitdefender. But Bitdefender was disabled in the company’s products sold in all of its key markets, including China.