Qihoo 360, which now offers even a vacuum cleaner, and an expensive one at that; and whose antivirus is hated or at least not trusted by many. And yet, I’ve returned to it.

I’ll keep using Win7 for a while–the time to make a double backup of everything, to find Linux equivalents for most Windows software I need, and to find WINE hacks (winetricks?) for those who will have to run under Linux. I don’t think I’ll return to Win10, based on the ever decreasing quality of its updates (and my license, should it still work, is for Win10 Home, which is half-handicapped anyway). I lean towards Linux Mint 19.3 XFCE, but I plan to test ~7 more distros before settling down (one being Linux Mint 19.3 Cinnamon, although the DE can be changed at any time); *buntu 20.04 pre-beta had some regressions, but given that it’s going to be a LTS, maybe it’ll be just fine eventually.

While still relying on this bastard of Win7, I seem to constantly become dissatisfied with no matter what antivirus solution I choose. I know I have gazillions of files on my disks, but still I can’t find it normal for an antivirus to slow down the system 6+ months after its initial installation. So after having ditched KSC Free (still in use on the other Win7 laptop, my wife’s), I decided to part with ESET NOD32 AV 13.1.16, despite having a valid license through August.

I want the system to respond fast, and I can recognize when a security solution (duh!) occasionally thinks otherwise. In version 12, ESET was faster, but now… The proof that it was indeed the AV? After having uninstalled it, with everything else (Windows Defender) turned off, the system behaved as if it were freshly reinstalled (except for a few tiny semi-broken things that were this way for ages).

I’m not going to stop using Window Firewall Control, which on Medium Filtering is a bit like COMODO in that it always asks before allowing any binary an outbound access. And the settings changed through NoVirusThanks’ SysHardener make my system less prone to some zero-day vulerabilities or ransomware. But I obviously need an AV anyway, and by AV I mean the AV only, not browser plug-ins, Internet filtering and such crap.

So I went back to Qihoo 360. The bloated Total Security, as Essentials is frozen at version 8.8.0, while TS is now at 10.6.0.1380. But it can be partially unbloated through proper configuring and by blocking promoutil.exe in the firewall.

What I always liked in Qihoo 360 (no matter what I disliked) is that if you did not use the added Avira and Bitdefender signatures, its own engines were blazingly fast and not that weak. What I like to call HIPS in Qihoo’s cases include notifying me about:

  • modifications made to the Registry (legitimate, e.g. during a Setup, but I want to be able to deny some of them);
  • programs added to startup (although I use Autorun Organizer for that);
  • scheduled tasks added that I might not want to let run;
  • code/DLL injection (even legitimate, but the mere existence of this mechanism is why Windows is so vulnerable);
  • potentially suspicious Office scripts (all scripts that are encrypted, no matter the reason, are suspicious).

Now Qihoo 360 got even more interesting after having dropped Bitdefender for its home-baked engine KunPeng, which I enabled (but not Avira):

And the virtualization “crystal engine” (not an engine, actually) extends the HIPS protection to the 64-bit system (remember when Kaspersky only offered partial 64-bit protection under Win10?), meaning it can block code injection in the 64-bit binaries:

Warm regards to comrade Xi Jinping!