Skip to main content

Chinese Antivirus Maker May Sue Over Cheating Allegations

Chinese tech giant Tencent may sue German antivirus-testing lab AV-TEST over allegations that Tencent cheated by "optimizing" the antivirus software it submitted for evaluation, a Chinese website reported today (May 7).

"Tencent states that it did not violate any rules during the performance tests," the report on CriEnglish.com said, without citing a source. "It has requested the agency to lift its allegations and resume all certifications and awards granted to Tencent."

Tom's Guide could not independently confirm the CriEnglish report. Tencent has posted nothing regarding the controversy on its website, and has not responded to our request for comment.

Meanwhile, AV-TEST explained to Tom's Guide how Tencent allegedly cheated -- methods that might actually make Tencent's software more dangerous to use.

MORE: Best Antivirus Software and Apps

Yesterday, AV-TEST, along with Austrian lab AV-Comparatives and British lab and certification authority Virus Bulletin, said it had found that Tencent had cheated to get an edge on AV-TEST's evaluations. Tencent was stripped of the certifications and rankings it had achieved in the latest rounds of all three labs' evaluations.

Last week, Qihoo 360, another Chinese antivirus firm, was similarly punished by the labs after they alleged the company had switched the malware-detection engine in its software with that of another company's before submitting its software for evaluation. Qihoo has not denied the claim, but alleges that Chinese Internet usage is very different from Western Internet usages.

The three labs' periodic evaluations of antivirus software are highly regarded in the information-security industry. Tom's Guide uses AV-TEST's evaluations to gauge the effectiveness of the antivirus products it reviews.

Tencent allegedly cheated by "whitelisting" many of the applications that AV-TEST secretly used in its evaluations, AV-TEST CEO Andreas Marx told Tom's Guide. During a malware scan, the tweaked Tencent software would thus regard those applications as known to be clean, skipping their inspections and speeding up the overall process.

"The whitelist was identical to the tools we're using as part of our benchmark tests. So the tools we're using to check for slowdowns were excluded for scanning using the Tencent engine," Marx said in an email.

Futhermore, Marx said, the Tencent whitelist changed with the changes AV-TEST itself made to its evaluations. This implies that the Tencent software in AV-TEST's labs in Germany was transmitting information about the files it encountered during the tests to Tencent's headquarters in China.

"This whitelist was extended from month to month by adding exactly the programs we've newly included in the test setup," Marx told Tom's Guide. "So the whitelists were definitely not generic optimizations, but they were created just to perform better in our performance tests."

Such whitelists might actually make Tencent's software dangerous to use. Were malicious hackers to get hold of the whitelist, they could hide malware in the whitelisted applications, ensuring that it would go undetected by Tencent's antivirus software.

However, that would happen only if Tencent released the "optimized" version of its software to the general public. If so, people might see that version work much more quickly than the "normal" version -- as AV-TEST itself observed.

"The Tencent product was significantly faster in our tests under such 'optimized' conditions," Marx told Tom's Guide. "We also renamed the used [whitelisted] applications and confirmed that the performance would decrease significantly under 'normal' conditions."

Paul Wagenseil is a senior editor at Tom's Guide focused on security and gaming. Follow him at @snd_wagenseilFollow Tom's Guide at @tomsguide, on Facebook and on Google+.