Tencent stripped of antivirus rankings for cheating on tests
Another week, another Chinese firm accused of gaming system
Antivirus ratings firms AV‐Comparatives, AV-Test, and Virus Bulletin have stripped another company of its rankings for trying to game their tests.
This time the culprit was Chinese giant Tencent, which is accused of compromising its own security systems for the sake of speed credits in testing.
"After in-depth investigations, certain optimizations have been identified in Tencent products which are clearly designed to improve their ratings in AV-Test's performance testing," Virus Bulletin explained in a statement.
"These optimizations, which have been found in all recent public versions of the products, provide minimal benefit to normal users and could even degrade the level of protection offered by the products."
John Hawes, chief of operations at Virus Bulletin, told The Register that Tencent had sped up its AV engine by whitelisting the applications and files used AV-Test's testing procedure. This allowed the software to whip through the tests much faster and achieve higher grades.
The downside of Tencent's hack is that malware writers, if they got smart to it, could then hide malware in these whitelisted files; it would just be a matter of sticking an innocuously named piece of malware in the right file and the software wouldn't bother to scan it.
"The whitelist appeared to change at the same time as we changed the types of applications being checked with each different test," he explained. "It's very difficult to keep anything secret. Their software has so many feedback systems and each user was pumping the data back to Tencent's labs."
As a result of the trio's finding, Tencent is to be stripped of any antivirus awards or rankings it received in 2015. That's a serious blow to Tencent's credibility, since AV‐Comparatives, AV-Test, and Virus Bulletin are together considered the gold standard of anti-malware testing.
This is the second time in as many weeks that the testing firms have punished a company for trying to game their tests. Chinese antivirus vendor Qihoo 360 was barred last week after it was found to have used another vendor's engine in its software when it submitted it for testing – an option not available by default to ordinary users.
In retaliation, Qihoo 360 then fingered fellow Chinese firms Baidu and Tencent for gaming the antivirus tests in similar fashion, and an investigation led to Tencent's censure. Researchers are still looking at Baidu to see if there is any truth to cheating claims. ®