In the United States, people often say “Just Google it!” when they mean you should look something up on the Web. I assume the equivalent in China is “Just Baidu it!” since Baidu is the biggest search provider in China. The company also offers a free antivirus that’s available worldwide, not just in China. But based on my experience, you’d be better off with almost any other free antivirus.
This was especially disappointing given how great the product looks at first glance. Three big button on the main window let you launch a quick, full, or custom scan. Slide the window right for simple settings related to protecting your computer, your Internet activity, and your privacy. Sliding left lets you lock your homepage against malicious changes and submit a file to the “cloud file scanner.” If Baidu isn’t available in your language, there’s a page to fill in translations of all its messages and submit them for inclusion.
Sparse Lab Results
West Coast Labs certifies Baidu for malware detection and removal, but ICSA Labs doesn’t include Baidu in testing. In the last 12 tests by Virus Bulletin, Baidu participated exactly once. It did receive VB100 certification that one time, but that’s hardly an impressive sample. Bitdefender Antivirus Plus (2014), among others, received VB100 in all 12 of the last 12 tests by Virus Bulletin.
Baidu doesn’t participate in testing by AV-Comparatives or Dennis Technology Labs, which is a shame, because these two perform some really excellent real-world testing. With six points possible in each category, AV-Test gave Baidu 3.5 points for protection, 3.0 for performance, and 6.0 for usability. This last score means they encountered few or no false positives in testing.
As you can see in the chart below, the lab tests show Baidu to be significantly better at detecting malware than at handling what it detected. My own test results agree. Its two-star rating for lab tests comes from my own algorithm for aggregating all the scores. To learn exactly how I reached that figure, please read How We Interpret Antivirus Lab Tests.
Baidu Antivirus lab tests chart
Mediocre Malicious Download Blocking
Baidu’s Internet protection settings include toggles for phishing protection and download protection, but not for blocking malware-hosting URLs. In fact, it appears that the product doesn’t try to block malware at the URL level at all. I tested it by attempting to download from over 100 very recent malicious links supplied by MRG-Effitas. It didn’t block access to any of the URLs.
Baidu’s download protection did kick in for every downloaded file. First, it popped up a notification to indicate download protection was checking the file. In 35 percent of the cases, it flagged specific malware, quarantined the file, and asked for permission to remove it. I’ve tested ten products using this technique, and 35 percent is precisely the average detection rate.
The problem is, it didn’t simply ignore the other 65 percent. Rather, it trumpeted “The file is safe!” I’d like to see that message reserved for known good files, not for files that merely haven’t (yet) been identified as bad.
When I actively ran a scan on the folder containing the downloaded files, Baidu wiped out six more. This might be due to the fact that by default the Avira engine, licensed by Baidu, supplements on-demand scans but not real-time protection by default. Out of curiosity, I waited a whole weekend, checked for antivirus updates, and scanned again, but it didn’t detect any more of the samples.
Scores on this test vary widely. At the top, avast! Free Antivirus 2014 blocked 79 percent of malicious downloads, in most cases by preventing the browser from even visiting the malicious URL. At the bottom, Outpost Antivirus Pro 9.0 didn’t block any URLs and only detected 8 percent of the samples during the download process.
In addition to identifying known malware, Baidu attempts to detect malware based on malicious behaviors. It’s not like Webroot SecureAnywhere Antivirus (2014), which aggregates many different behaviors and makes its own decision as to whether a program is malicious. Rather, Baidu alerts on any little action and leaves you, the user, to decide what should be done.
I test this kind of component by installing 20 ancient PCMag utilities that are likely to get incorrectly flagged as suspicious. They hook into Windows in various ways, and they’re not digitally signed. Outpost threw a fit about these; for 18 of the 20 it popped up an average of four warnings. Baidu’s reaction was a bit more sedate.
Baidu let most of the utilities install without incident. It popped up a red warning about three of them (this is not color-coding; all of Baidu’s warnings are red). One warning said to disallow the action “if it is not an authorized operation.” But how would the user know? Another said, “Only installation of security software or hardware should perform this operation,” which suggests strongly that the user should choose to Reject the action. In all three cases, choosing Reject prevented correct installation and operation.
Worse, Baidu actively identified one PCMag utility and one third-party diagnostic tool as malware. That kind of false positive just shouldn’t happen.
Poor Local Malware Blocking
I like the malicious URL blocking test because it’s always fresh—each product goes up against 100 or more samples that are usually just hours old. Yes, they’re not always the same samples, but they’re always very new. My local malware blocking test, on the other hand, uses the same samples for many months, to provide a direct comparison.
It’s definitely possible that products tested later in the “lifetime” of a particular sample set could gain an edge simply because the samples have been around longer. That certainly wasn’t the case with Baidu.
In most antivirus products, real-time protection scans files on even the most minimal access. For some, just opening a folder containing malware is enough to get the process going. For others, detection takes place when you click the file. Baidu doesn’t check until the file actually launches.
In fact, it looks to me like Baidu allows the file to launch and then tries to kill it afterward if it detects malware. In particular, one ransomware sample managed to take over the desktop completely before Baidu could quarantine it. I did find that upon rebooting the ransomware was gone, but, sheesh!
Given that the behavior-blocking component flags good files too, I didn’t give Baidu credit for malware detection if the only warning came from that component. I did, however, choose Reject when such messages appeared. Even though these samples are far from new, Baidu detected only 69 percent of them. The only product with a lower detection rate against this set of samples was IObit Malware Fighter 2, with 17 percent.
Even when it did detect attempted malware installation, Baidu wasn’t terribly successful at preventing it. Out of the samples that it detected, fully one third managed to place one or more executable files on the test system. Worse, more than half of those actually launched despite Baidu’s attempts to block them. Baidu’s overall score of 5.4 is the next-lowest of products tested with this particular collection of samples. For a full run-down on how I derive these scores, see How We Test Malware Blocking.
Baidu Antivirus malware blocking chart
You can see from the chart that other free products have done quite well in this test. AVG AntiVirus FREE 2014 and Avira Free AntiVirus (2014) managed 97 percent detection, the second-highest score. Second-place overall score of 9.4 points is shared by a number of products, among them AVG, Avira, and FortiClient 5.0, all free.
Handling Persistent Malware
Baidu was plenty quick to scan my standard clean test system. The current average is 28 minutes; Baidu did the job in 20. A repeat scan took about seven minutes, indicating that Baidu optimized the process somehow.
Of course, that’s a clean system. If the malware is already in place and you’re installing antivirus to clean up a problem, you may run into trouble. Some malware actively resists installation of antivirus software. Ransomware can make your desktop unavailable. Baidu can install and scan in Safe Mode, which may help with some persistent malware threats. A downloadable diagnostic tool can supply necessary information if you need help from tech support.
I didn’t find any sign of a bootable rescue CD, so if ransomware has taken over or if malware prevents Windows from booting, you may be out of luck. Tech support is available via email, FAQ, a feedback system, and social media. There’s no option to get support via live chat, or to let a technician take over for remote-control diagnosis and remediation.
On Baidu’s settings page, there’s a very clear on-off toggle labeled “Anti-Phishing,” and I made sure it was set to ON. However, despite many hours of testing I never once saw this feature spring into action.
To find the very freshest phishing URLs, I tap into several lists of URLs that have been reported as fraudulent but not yet verified. Quite a few prove to be bad links, or pages that don’t match the definition of phishing. This time around three quarters of the links weren’t valid, so testing took extra long.
I score antiphishing products by comparing them with Norton AntiVirus (2014), which consistently does well. Norton managed 98 percent detection this time, so with a detection rate of zero, Baidu’s score is minus 98 percent, a new low.
“But wait,” you say. “It’s not fair to compare the free Baidu against the commercial Norton!” Perhaps so. Let’s look instead at Bitdefender Antivirus Free Edition (2014), which actually scored one percentage point better than Norton. FortiClent came in just four percentage points behind. Sorry, Baidu, free is nice but it’s not an excuse here.
To learn more about how I perform and score this test, see How We Test Antiphishing.
Baidu Antivirus antiphishing chart
Anything but Baidu
Baidu Antivirus looks pretty, but it just doesn’t do the job. The independent labs don’t love its protection abilities, and in my testing I couldn’t see the anti-phishing component working at all. It scored super-low in my local malware blocking test. The best thing I can say is that it’s score in my malicious URL blocking test was precisely average.
If your budget requires free antivirus, just about any other product would be a better choice. You can try as many as you want, of course, but our Editors’ Choice for free antivirus remains AVG AntiVirus FREE 2014.
|Tech Support||Built-in and online feedback, FAQ, email, Facebook, Twitter|
|OS Compatibility||Windows Vista, Windows XP, Windows 7, Windows 8|
Copyright © 2012 Ziff Davis, Inc