360 Internet Security 2013 review

With an uncluttered user interface decorated in cheery pastels, 360 Internet Security 2013 is one of the better-looking free antivirus products. It performs its essential antivirus functions well, but an over-enthusiastic behavior-based detection system flags good and bad programs alike.
Photo of 360 Internet Security 2013

Qihoo 360 Software is big in China, with nearly a half-billion users, but it’s not nearly as well-known in the U.S. That’s a bit of a shame, because the company’s 360 Internet Security 2013 is an attractive, easy-to-use, free antivirus. Yes, despite the suite-sounding name, it’s a standalone antivirus product.

The installer cuts out unnecessary clicks and screens. A single click accepts the license agreement and starts the product installing. It’s a quick process. However, the necessary initial antivirus signature update can take quite a while—over 15 minutes on some of my test systems.

360 Internet Security’s main window has a modern, flat look and uses cheery pastel colors. The main focus is on three buttons that perform a quick, full, or custom scan. Although the interface is spacious and uncluttered, it actually conveys a lot of information. Small banners in one corner offer statistics on performance and quarantined files. Three icons animate to let you know when each of the three antivirus engines is updating. And you can pull down a high-level set of controls that turn security components on and off.

Minor Installation Bumps
On eight of my twelve malware-infested virtual machines, the antivirus installed with no more than a minor hitch. However, malware on three of the test systems actively terminated the installer every time I tried to launch it. I successfully installed the product in Safe Mode (kudos to Qihoo for allowing Safe Mode installation!). The installation succeeded, but in each case it would not fully update. The final solution involved running a full scan, performing a full uninstall/reinstall, updating malware definitions, and running another full scan.

The remaining system causes problems for every antivirus I test, because ransomware totally covers up the desktop, even in Safe Mode. Qihoo has a bootable rescue CD, but it’s strictly Chinese. Given that this rescue CD could have solved the problem, I helped out a bit, working around the ransomware to get the product installed.

A product that breezes through the install process with next to no problems earns five stars for ease of installation. 360 Internet Security did pretty well, enough to earn four stars.

Quite Good Cleanup
This antivirus divides a full scan into five stages: correcting system security settings, checking applications for malware, looking for active threats in memory, evaluating files that launch at startup, and finally scanning all files for malware. It clearly displays which steps have finished, and offers a choice between highest speed and least impact on performance.

On completing a scan it displays a simple list of all malware traces. It doesn’t rank them by threat level the way Ad-Aware Free Antivirus+ 10.5and avast! Free Antivirus 8 do, nor does it aggregate the traces belonging to the same malware the way Comodo Cleaning Essentials 6 and Spybot – Search & Destroy 2.0 do. However, you can get a view of related traces by sorting on the malware type column.

The scanner components in AVG Anti-Virus FREE 2013 and Bitdefender Antivirus Free Edition (2014)  remove malware traces upon finding them, as much as possible. 360 Internet Security waits for your permission to clean up the found traces. On almost all of the test systems, the antivirus requested a quick scan after cleanup finished, to catch any “hidden dangers,” and then requested a reboot to remove a “stubborn virus.”

360 Internet Security detected 75 percent of the malware samples, the same as avast!, Norman Malware Cleaner 2.08, and several others. Its 5.8 point score also matched avast!’s. Bitdefender Free detected 81 percent and scored 6.2 points. The top score among products tested using my current malware collection, 6.6 points, went to Bitdefender Antivirus Plus (2014).

Tested using my previous malware collection, Malwarebytes Anti-Malware 1.70 earned 7.1 points, the top score among all current products. For details about how I run the malware removal test, please see How We Test Malware Removal.

360 Internet Security 2013 malware removal chart

Proactive Defense
In order to create a malware-detection signature, researchers need to analyze a sample, verify the signature, and push it out to thousands or millions of users. There’s a gap between introduction of a brand-new malicious program and release of its detection signature. Many antivirus products use some kind of behavior-based analysis in an attempt to detect these zero-day threats; 360 Internet Security is no exception.

The best behavior-based detection systems aggregate all kinds of information about a program and identify potential malware based on a pattern of behavior, not on a single action. Norton AntiVirus (2013) analyzes statistics like file age and prevalence, reputation data for the file’s source, and information gathered using its real-time monitor, for example.

The proactive defense in 360 Internet Security covers a lot of ground, that’s for sure. I saw over six dozen popups with almost thirty different warning texts in the course of my testing. Among the warnings: A program is modifying a shortcut; Detected an attempt to bypass security software; Loading a suspicious driver; Adding suspicious task. You’ve got 30 seconds to decide what to do, after which the action is blocked automatically.

The problem is, these warnings popped up for valid programs just as much as for malicious ones. They do come in two colors, orange and red, with the red ones being more serious. I tested the system by trying to install 20 PCMag utilities. The first time around, I clicked Block for all warnings. Doing so aborted the install for a quarter of the utilities. Another quarter installed but wouldn’t run, and a couple others installed with some features missing.

Clearly blocking all reported actions indiscriminately is not smart, so I tried again, this time blocking only the red-bannered warnings. One of the utilities still failed to run. More alarming, 360 Internet Security identified two of the PCMag utilities as dangerous Trojans. That’s really not a good thing.

Good Blocking Too
Most antivirus products scan all files for malware on access, and for most of them the minimal access that occurs when Windows Explorer displays the file is enough to trigger a scan. When I opened a folder containing my malware samples, I thought at first that 360 Internet Security didn’t work that way, but in fact it was just slow to get started.

I used the arrow keys to move through the list of files, hoping to stimulate a reaction from the antivirus. After a while, it did start noticing and eliminating the malware samples. It took quite a bit longer than average, but after about 20 minutes it had wiped out over 83 percent of the samples.

Of course had I actually tried to launch any of those samples, that act would have triggered a more intense level of scrutiny. When I did launch the samples that survived the slow-but-steady culling process, the real-time protection component detected almost all of them. However, every single one of those managed to complete enough of its installation to place at least one executable file on the test system.

Naturally I got some Proactive Defense warnings during this phase of testing. Based on my examination of this component’s behavior with valid programs, I clicked Allow for orange-level warnings and Block for red-level warnings.

360 Internet Security detected 94 percent of the samples, the same as Ad-Aware. However, Ad-Aware completely blocked every single threat it detected, earning 9.4 points. Those executable traces dragged down 360 Internet Security’s score to 8.9 points, which still isn’t bad. Tested with the same samples, avast! earned 8.5 points and ZoneAlarm Free Antivirus + Firewall 2013 just 7.6 points.

Next I attempted to download that same collection of malware samples again. Of course quite a few of the URLs are no longer valid, but the product’s URL-level protection blocked a few. A number of others got wiped out by the on-download scanner. In all, 360 Internet Security blocked 71 percent of the malware downloads. Bitdefender managed 91 percent, tops among free products.

For a full explanation of how I carry out my malware blocking tests, see How We Test Malware Blocking.

360 Internet Security 2013 malware blocking chart

Good Lab Results
Many vendors of free antivirus don’t submit their products to the independent labs for testing. Not Qihoo; all of the antivirus labs that I routinely follow include Qihoo’s technology in their testing. ICSA Labs and West Coast Labs both certify Qihoo for virus detection, and it has achieved VB100 certification in eight of the last ten tests by Virus Bulletin.

Based in Magdeburg, Germany, AV-Test regularly evaluates a cross-section of antivirus products under different operating systems. Each product can earn six points each for protection against malware attack, low impact on performance, and usability (meaning few false positives). Qihoo earned 15 of 18 possible points in the latest test under Windows 8 and 14.5 under Windows XP. The average is a bit under 14 points, so Qihoo’s scores are good.

Researchers at Austrian lab AV-Comparatives continuously challenge antivirus products to resist real-world malware attacks, aggregating their results into a report every few months. Products earn a rating based on both on successful defense against these real-world attacks, but can lose points if they generate too many false positives. In the most recent report, Qihoo rated ADVANCED+, the highest rating.

AV-Comparatives also runs two types of file-based detection tests. One is a straightforward test that checks the product’s detection rate when scanning a large collection of malware. The other attempts to evaluate the product’s ability to block zero-day threats by forcing it to use outdated malware signatures. Qihoo earned a STANDARD rating in the zero-day test; it wasn’t included in the latest regular file-detection test.

To learn more about the independent labs and their tests, please read How We Interpret Antivirus Lab Tests.

360 Internet Security 2013 lab tests chart

A Good-Looking Choice
Qihoo’s 360 Internet Security 2013 has an unusually good-looking user interface, and its traditional antivirus component does the job without getting in your face. The Proactive Defense feature could be smarter, though. It warns about individual actions by both good and bad programs, forcing users to make decisions about matters they may not understand. I prefer behavior-based detection systems that aggregate and analyze multiple traits and behaviors.

AVG Anti-Virus FREE 2013 and Ad-Aware Free Antivirus+ 10.5 remain our Editors’ Choice products for free antivirus, but feel free to give 360 Internet Security 2013 a try if you like its looks.

Specifications
Tech Support Email, Facebook/Twitter, built-in feedback tool.
OS Compatibility Windows Vista, Windows XP, Windows 7, Windows 8
Type Business, Personal, Professional
Free Yes

Verdict
With an uncluttered user interface decorated in cheery pastels, 360 Internet Security 2013 is one of the better-looking free antivirus products. It performs its essential antivirus functions well, but an over-enthusiastic behavior-based detection system flags good and bad programs alike.
Published under license from Ziff Davis, Inc., New York, All rights reserved.
Copyright © 2012 Ziff Davis, Inc