Criticism of Qihoo 360
Qihoo 360 controversy
The controversy surrounding Qihoo 360 refers to various disputed and anecdotal incidents involving Qihoo 360 controversy.
Caught in a Backdoor Scandal
On February 2, 2010, Rising Software published an article titled "Rising Exposes the Scandal: Qihoo 360 Installs Backdoor on Users' Computers." The article revealed that 360 products secretly opened a "backdoor" when installed on users' computers, leading to potential data leaks. Qihoo 360 responded by claiming that the vulnerability had been fixed. However, Rising updated its official page, stating that according to their security experts, the "backdoor" still existed in subsequent versions of 360 (6.1.5.1009).
The lawsuit related to this controversy concluded in November 2011, with Qihoo 360 winning the case.[1][2]
Fake Patch Incident
On August 1, 2012, some users reported that the "Vulnerability Repair" feature in 360 Safeguard included a "high-risk vulnerability patch" labeled KB360018, which was not issued by Microsoft. This patch would forcibly install the 360 Secure Browser on users' computers. [3]360 officially responded, acknowledging that KB360018 was indeed not an official Microsoft patch but rather a "fake patch" released by 360. The intention behind this was to provide an upgrade solution for the IE6 engine.[4]
Dispute with "National Business Daily
On February 26, 2013, "National Business Daily" (NBD) published articles titled "The Mystery of the 360 Black Box: Qihoo 360's 'Cancerous' Genes Exposed" and "360's Winning Secret: The Mysterious V3 Upgrade Mechanism." These articles claimed that when Qihoo 360 wanted to wage war against its competitors, it activated the "V3 mechanism," which involved using "360 Safeguard" and "360 Secure Browser" to secretly uninstall competitors' products from users' computers and install its own products, thereby capturing the market most conveniently. NBD also covered this in a special report on their website.[5] The next day, 360 responded by stating they might sue NBD.
On July 4, 2013, National Business Daily published another article claiming that 360 was uploading large amounts of sensitive user information, such as financial usernames and passwords, without the users' knowledge. The article also stated that this issue had caught the attention of a securities company, referred to as Company A.
On December 30, 2013, 360 sued NBD for alleged false reporting and damage to its reputation, and the case was heard in the People's Court of Xuhui District, Shanghai. 360 claimed that NBD had published anonymous, defamatory, and false reports that severely misrepresented facts, citing various rumors fabricated by 360's competitors, which misled and frightened readers. As a result, NBD's false news significantly harmed the reputation of 360 and its products. 360 requested the court to rule that NBD had severely infringed on their corporate reputation and sought 50 million yuan in damages.[6] During subsequent hearings, the Xuhui District People's Court ordered the two defendants (Chengdu National Business Daily Newspaper Co., Ltd. and Shanghai Jingwen Cultural Communication Co., Ltd.) to stop publishing any reports or comments related to 360's corporate or product image during the litigation period.
On September 19, 2014, NBD published articles such as "The Mystery of the 360 Black Box: Qihoo 360's 'Cancerous' Genes Exposed," which were found to be false and defamatory, misleading and frightening readers, and significantly damaging 360's reputation. The court ultimately ruled that NBD must compensate 360 for economic losses of 1.5 million yuan and publicly apologize to 360 for ten consecutive days.[7]
AV-Comparatives (AV-C) revoked testing awards
On April 30, 2015, the international antivirus software testing organization AV-Comparatives (AV-C) raised concerns about Chinese antivirus software manufacturers. Tencent and Baidu were accused of submitting versions with special markings for evaluation, while 360, which performed the best, had its 2015 awards revoked. AV-Comparatives, AV-TEST, and Virus Bulletin collectively revoked all certifications and ratings awarded to 360 products since 2015. In their joint announcement, they alleged that Qihoo 360 used the Bitdefender engine (BD engine) during testing, while their proprietary QVM engine had never been activated. However, in the market versions of Qihoo 360, the BD engine was disabled, using only the QVM engine, which compromised security levels. This led to allegations that Qihoo 360 falsified results for competitive purposes.[8][9]
Qihoo 360 Vice President Qu Xiaodong stated that the core issue in this incident is the debate between traditional antivirus and cloud security evaluation standards. He emphasized that the version of 360 submitted for evaluation did not involve any cheating or falsification. Due to the outdated nature of these evaluation standards, 360 decided to withdraw from AV-C testing.[10]
Malicious Promotion
360 Security Guard completes malicious installation on Android phones and then prompts users. 360 uses software such as Security Guard, 360 Antivirus, and 360 Secure Browser to induce or forcibly promote the installation of the Qihoo 360 software suite ("360 Toolbox") through optimization, cleaning, repairing, and other pop-ups or buttons without clearly notifying or obtaining user consent, and modifies default software such as browsers to 360 series software.[11]
Android phone users have found that when USB debugging is enabled, simply connecting their phone to a computer with 360 Security Guard installed automatically installs "360 Mobile Security Suite" (typically 360 Mobile Guard, 360 Mobile Assistant, 360 Mobile Browser) for the user's phone. The entire installation process proceeds without any prompts or user permission confirmation, and users are only informed via pop-up notifications after all software is installed. Many phone users have also encountered issues where installing 360 Mobile Assistant forcibly bundles other malicious software, making it impossible to uninstall or use other similar software. The Beijing Administration for Industry and Commerce has previously issued administrative warnings against 360 Security Guard software for engaging in unfair competition practices by inducing users to use 360 browsers and preventing the installation and use of other security software through incompatibility and difficult uninstallation methods.
The "3Q War"
Qihoo 360, Kingsoft, and Maxthon Corporation have conflicting issues, with their most well-known and scrutinized dispute being with Tencent. The conflict between the two companies in early November 2010 even led to a severe commercial competition incident.
Or the Great Firewall
On July 2, 2012, according to Qianlong Network, Qihoo 360 joined China's GFW (Great Firewall) project in 2005. Qihoo 360's two executives, Qi Xiangdong and Shi Xiaohong, participated in the development of a secure management system for search engines. [12]Online records also show technological achievements involving Fang Binxing, Qi Xiangdong, and Shi Xiaohong.[13]
However, Qihoo 360's chairman, Zhou Hongyi, denied these claims, attributing them to malicious slander by competitors.[14] Qihoo's Chief Security Officer, Tan Xiaosheng, also stated in Mozilla's security mailing list that the project was established for Yahoo and was completed before Qihoo 360 was founded.[15]
The 3B Incident
In August 2012, Qihoo 360 and Baidu clashed over the introduction of Qihoo 360's comprehensive search engine. This led to a severe commercial competition incident. Qihoo 360 set its own comprehensive search engine as the default on its homepage, 360 Navigation. Essentially, this comprehensive search engine was developed by Qihoo 360 itself. Subsequently, Baidu announced legal action against Qihoo 360, which resulted in Baidu's success in the lawsuit.
Misreporting Issues
- In 2008, Rising claimed that 360 antivirus software intercepted and deleted Rising Personal Firewall.
- In 2008, 360 antivirus mistakenly flagged issues with QQ Game Center.
Browser Tool Disputes
Vulnerability Dispute
On August 1, 2012, users reported that the "Vulnerability Fix" feature in 360 Security Guard, labeled as KB360018, was not actually issued by Microsoft as claimed. This patch purportedly upgraded Internet Explorer 6 browsers to Internet Explorer 8 and optionally installed 360 Secure Browser. 360 officials responded formally, acknowledging that KB360018 was indeed not an official Microsoft patch but a self-issued "pseudo-patch" intended to provide an upgrade solution for the IE6 engine.[4]
Security Dispute
On October 20, 2014, according to a report by GreatFire.org, the Great Firewall of China (GFW) was conducting a man-in-the-middle attack against Apple's iCloud using a fake security certificate. Users Man-in-the-middle attack or Mozilla Firefox were warned about the certificate's security, but 360 Browser did not provide such protection.[16]
360's official response disputed this report, stating that 360 Browser can identify fake certificates and display warning messages in the address bar and information bar. However, it was pointed out that despite displaying warnings, 360 Browser still allowed the page to load, potentially leading to cookie leakage.
Privacy and Cybersecurity Concerns
As early as 2010, 360's browser products were exposed for allegedly collecting sensitive user information without user consent, including usernames and passwords for websites.[17] Subsequently, 360's desktop browser products were again found by Baidu employees to be secretly gathering user data without user knowledge. In the third quarter of 2017, 360's mobile browser product, Action Browser, was specifically criticized by the Ministry of Industry and Information Technology of the People's Republic of China for infringing on personal privacy, stating that it collected personal information without user permission. This led to its inclusion in the ministry's app blacklist for that year.[18]However, concurrently, 360 Browser is also listed as a data source for the "Malicious Website Blacklist" maintained by the China Internet Emergency Response Center (CNCERT).[19]
Application down event
Apple App Store
First App Store Removal
On the afternoon of February 6, 2012, all iOS applications from Qihoo 360 were removed from the App Store by Apple, without disclosing the reason for the removal.
On February 7, 2012, Qihoo 360 issued a statement on Sina Weibo:
"We have received a reply from Apple: 360 products do not need to make any modifications and will be reinstated on the Apple App Store within the next 48 to 72 hours. The reason for this removal is that Apple found some products had manipulated reviews, resulting in abnormal user ratings and reviews. Apple conducted an investigation as usual. Due to all wireless products from 360 being under the same Apple account, this led to the removal of all products."[20][21]
On the morning of February 8, 2012, all Qihoo 360 products were reinstated on the App Store.
Second App Store Removal
On the evening of January 25, 2013, most applications from Qihoo 360 on the Apple App Store were once again removed, leaving only 360 Cloud Drive available for download.
By March 5, 2014, Qihoo 360's products were reinstated on the App Store.
Xiaomi App Store
- On April 28, 2013, Xiaomi removed 360 Mobile Security from the MIUI App Store because the app, without Xiaomi's knowledge, displayed phrases like "MIUI Warm Prompt" when prompting users to modify permissions, potentially causing user confusion.[22]
- On September 27, 2013, Xiaomi delisted all 360 products from its app store. The reason cited was that 360 Mobile Assistant recommended users uninstall apps from other companies, including Xiaomi App Store and Baidu Maps, without providing any justification.[23]
- On January 8, 2016, Xiaomi again removed all 360 products from its app store. This action was due to reports that some Xiaomi users were deceived by 360 Security Guard PC Edition through pop-ups and similar tactics into installing a software called "Thunder OS." This software altered MIUI system signatures without user consent, preventing Xiaomi phones from undergoing normal system upgrades. It also tampered with phone recovery, hindering users from uninstalling it, and causing system crashes that prevented startup.
Other App Stores
- In September 2013, besides Xiaomi, 360 Mobile Assistant also prompted users to uninstall built-in applications like official stores from Huawei, Samsung, BBK (Step High), Lenovo, and other mobile companies.[24] Subsequently, Huawei, Lenovo, Coolpad, OPPO, and several other companies confirmed that they would completely delist all 360 products from their respective app stores.
Waterdrop Live suspected privacy infringement
In April 2017, Waterdrop Live, under its platform, broadcasted real-time classroom scenes from numerous schools across China, ranging from kindergarten to high school. Parents' reactions varied: some believed the platform "witnessed every moment of their children," while others expressed concerns over security risks. Students strongly opposed it, feeling their privacy was violated. Some schools found the public broadcast inappropriate and shut down the live streams. Waterdrop Live responded by stating that camera "Waterdrop Live" functions were default off, and activation was entirely up to users. [25]However, further reports by Southern Metropolis Daily revealed that Waterdrop Live not only targeted schools but also streamed from swimming pools, blind massage parlors, hotel lobbies, lingerie shops, and private spaces like short-term rental apartments. Later that year on December 13, post-90s female blogger Chen Feifei published an article titled "A Post-90s Girl's Message to Zhou Hongyi: Stop Staring at Us," alleging further privacy infringements by Waterdrop Live in various locations such as vegetarian restaurants, diners, snack shops, cybercafes, and other establishments equipped with "Little Waterdrop" cameras. In response via his personal WeChat account, chairman Zhou Hongyi accused Chen Feifei's article of misleading readers and engaging in black PR tactics, claiming it disrupted others' livelihoods.[26] Chen Feifei clarified she was not involved in black PR, received no money, and spent none on promotion, asserting her intention to take legal action. On December 20, 2017, 360 announced the permanent closure of Waterdrop Live.
Video application suspected of widespread video theft
In the early morning of February 20, 2018, a Bilibili content creator discovered that the video app "Kuaishou" had extensively stolen Bilibili videos without permission, including the creators' IDs and comments directly copied without alteration. Bilibili accounts linked with phone numbers and passwords were able to log in directly to Kuaishou.[27] On the same day, Bilibili issued a public announcement through their certified account "Chief Steward of Up Main" calling for rights protection.[28]
At 12:55, Kuaishou responded, denying any behavior of database breaches or accessing users' personal privacy. They accused some bloggers of spreading malicious defamation and damaging Kuaishou's reputation, stating they had reported these allegations to the police and would pursue legal actions accordingly.[29]
By 14:17, Kuaishou acknowledged that some Kuaishou accounts had indeed reused content without authorization from original creators, including impersonating their avatars and IDs. [30]However, they denied allegations of stealing user account passwords or accessing a large amount of user information from Sina Weibo and Meipai.
At 0:17 on February 20, Bilibili released their investigation results regarding rumors that Bilibili accounts could log in directly to 360 Kuaishou with their passwords, refuting these claims.[31] They stated on Zhihu, "So far, we have found no evidence of Bilibili user account information being leaked. Account security is our utmost priority, and we continue to investigate all possibilities."[32]
On February 21, Bilibili formally sent a legal letter to Kuaishou demanding that they cease infringement and publicly apologize to all Bilibili content creators and users.[33]
Sanctioned by the U.S. Department of Commerce
In May 2020, the U.S. Department of Commerce announced the inclusion of 33 companies and organizations, including 360, headquartered in China and the Cayman Islands, on the Entity List. The company's leadership responded by firmly opposing what they described as irresponsible accusations and criticized the Department of Commerce for politicizing commercial activities and technological research and development. They stated that while being listed on the Entity List would pose certain challenges to 360's operations, it would not significantly impact their daily business or interrupt their ability to continue providing security services to customers.[34]
References
- ^ "瑞星揭露黑幕:奇虎360给用户装"后门"" [en:Rising Exposes the Scandal: Qihoo 360 Installs a "Backdoor" for Users]. Swiss Star Network (disambiguation). 2010-02-05. Retrieved 2024-06-16.
- ^ "360公开致谢NT Internals 已第一时间抢修漏洞" [en:360 Publicly Thanks NT Internals for Promptly Fixing the Vulnerability]. web.archive.org. 2013-01-31. Retrieved 2024-06-16.
- ^ "360假冒发布系统补丁 微软官方或将介入调查" [en:360 allegedly falsely issued system patches; Microsoft may intervene in investigation]. Fast technology. Retrieved 2024-06-16.
- ^ a b "Under pressure from Microsoft? 360 urgently removes counterfeit patches". Fast technology. Retrieved 2024-06-16.
- ^ "360黑匣子之谜——奇虎360"癌"性基因大揭秘" [en:The mystery of 360's Black Box - Qihoo 360's "cancerous" genetic revelation]. finance.sina.com.cn. Retrieved 2024-06-16.
- ^ Xiaoning, Ren (2014-01-07). "360诉《每日经济新闻》名誉侵权案开庭" [en:360's defamation lawsuit against "National Business Daily" goes to trial.]. china press and publication newspaper.
- ^ AIZHU, XIE (2014-09-19). "奇虎360勝訴 《每日經濟新聞》重罰150萬人民幣" [en:Qihoo 360 wins lawsuit, "Daily Economic News" fined 1.5 million RMB].
- ^ "Chinese security vendor caught cheating in AV test". iTnews. Retrieved 2024-06-16.
- ^ Ilascu, Ionut (2015-05-06). "Security Vendor Tencent Optimizes Antivirus for Better Independent Test Results". softpedia. Retrieved 2024-06-16.
- ^ "被评测机构AV-C取消奖项后,360退出不玩了,称标准落后" [en:After AV-C revoked its awards, 360 withdrew, citing outdated standards.]. NEWS CENTER. 2019-05-20. Retrieved 2024-06-16.
- ^ "360欺骗用户捆绑安装引众怒" [en:360's deception of users with bundled installations sparks public outrage.]. web.archive.org. 2020-08-08. Retrieved 2024-06-16.
- ^ "360成功加入GFW防火长城" [en:360 successfully joins the Great Firewall (GFW) of China.]. web.archive.org. 2012-07-05. Retrieved 2024-06-16.
- ^ "奇虎360成功加入GFW防火长城 为国家安全保驾护航" [en:Qihoo 360 successfully joins the Great Firewall (GFW) to safeguard national security.]. web.archive.org. 2014-04-19. Retrieved 2024-06-16.
- ^ "周鸿祎:360从未参与GFW项目 系假新闻抹黑" [en:Zhou Hongyi: 360 has never been involved in the GFW project; reports claiming otherwise are false and defamatory.]. Netease Finance. 2012-07-06. Retrieved 2024-06-16.
- ^ "StartCom & Qihoo Incidents". groups.google.com. Retrieved 2024-06-16.
- ^ "苹果iCloud在中国遭中间人攻击" [Apple's iCloud faces man-in-the-middle attacks in China.]. zh.greatfire.org. Retrieved 2024-06-16.
- ^ "2010 年 360 盗取用户密码事件始末" [en:360 Theft of User Passwords in 2010]. juejin.cn. Retrieved 2024-06-16.
- ^ "工信部曝光APP黑名单:"偷钱""盗取信息"" [en:Ministry of Industry and Information Technology exposes blacklist of apps: "Stealing money" and "Information theft".]. 人民网. Retrieved 2024-06-16.
- ^ "互联网网安威胁治理行动效果显著 处置网络安全事件逾万起" [Internet security threat governance action significantly handled more than 10,000 cyber security incidents]. People's Postal Telegraph. Retrieved 2024-06-16.
- ^ "360称遭苹果下架因部分产品被刷票" [en:360 said that Apple was removed from the shelves due to some products were swiped tickets]. Sina Technology's Weibo. Retrieved 2024-06-16.
- ^ "我们已获得苹果回复:360产品无需做任何修... 来自360安全卫士" [en;We have received a reply from Apple that 360 products do not need to be repaired... 360 security guards.]. Weibo. 2020-08-07. Retrieved 2024-06-16.
- ^ "小米MIUI应用商店下架360安全卫士" [en:Xiaomi's MIUI app store delists 360 Security Guard.]. tech.sina.com.cn. Retrieved 2024-06-16.
- ^ "小米应用商店全线下架360产品" [en:Xiaomi's app store removes all 360 products from its shelves.]. tech.sina.com.cn. Retrieved 2024-06-16.
- ^ "联想乐商店确认下架360产品:因大量用户投诉" [en:Lenovo Le Store Confirms Removal of 360 Products: Due to a Large Number of User Complaints]. tech.sina.com.cn. Retrieved 2024-06-16.
- ^ "水滴直播平台直播课堂宿舍 专家:直播不宜社会公开" [en:Waterdrop's livestreaming platform broadcasts dormitory classrooms; Expert: Livestreams should not be publicly accessible.]. finance.sina.cn. 2017-04-26. Retrieved 2024-06-16.
- ^ "监控视频大家看 "被直播"凭什么" [en:Why are surveillance videos being livestreamed for everyone to see?]. BBC News (in Simplified Chinese). Retrieved 2024-06-16.
- ^ "360 快视频深陷盗用视频疑云, B 站绑定的手机号码和密码疑似能直接登录" [en:360 Quick Video is deeply embroiled in suspicions of using stolen videos. There are concerns that Bilibili accounts linked to phone numbers and passwords may be used for direct logins]. web.archive.org. 2018-02-21. Retrieved 2024-06-16.
- ^ Bili Bili UP Main Service Center. "关于某视频App盗传稿件事件的公告" [en:Announcement Regarding the Incident of Content Theft on a Certain Video App]. www.bilibili.com. Retrieved 2024-06-16.
- ^ "将B站脱库?快视频回应:严重造谣已报警" [en:Attempting to Hack Bilibili's Database? Quick Video Responds: False Accusations, Police Report Filed]. tech.ifeng.com. Retrieved 2024-06-16.
- ^ "360 快视频深陷盗用视频疑云, B 站绑定的手机号码和密码疑似能直接登录" [en:360 Quick Video is deeply embroiled in suspicions of video plagiarism; Bilibili accounts linked to phone numbers and passwords appear to be able to log in directly]. web.archive.org. 2018-02-21. Retrieved 2024-06-16.
- ^ "关于用户反馈B站账号可以直接登录360快视频的调查结果" [en:Investigation results regarding user feedback that Bilibili accounts can directly log into 360 Quick Video]. Bilibili Danmaku. Retrieved 2024-06-16.
- ^ "网传B站账号密码可直接登录360快视频 B站回应" [en:Bilibili Responds to Rumors of Bilibili Account Passwords Being Able to Directly Log into 360 Quick Video]. finance.ifeng.com. Retrieved 2024-06-16.
- ^ "B站正式向360快视频发送律师函 要求停止侵权" [en:Bilibili officially sends a lawyer's letter to 360 Quick Video, demanding cessation of infringement.]. news.zol.com.cn. 2018-02-21. Retrieved 2024-06-16.
- ^ "美制裁33間中國機構公司 指侵疆人權損美國安利益" [en:The US sanctions 33 Chinese institutions and companies, accusing them of violating human rights in Xinjiang, harming American interests]. daily news. Retrieved 2024-06-16.