Twister-AntiTrojenVirus Thread.

Discussion in 'other anti-virus software' started by Taliscicero, Dec 3, 2008.

Thread Status:
Not open for further replies.
  1. Tony

    Tony Registered Member

    Joined:
    Feb 9, 2003
    Posts:
    725
    Location:
    Cumbria, England
    The commit now works perfect so i will use this feature in future (if i remember too)
     
  2. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    Some home made test i did on Twister with supposedly recent malware and exploits. The latter were pdf and swf and are supposed to be quite recent. The other test with trojans are supposed to be a bit older (2-3 weeks).

    This was on demand only (not FDD coming at play). I uploaded the results (files scanned vs detected), here:



    Also some screenshots from Jotti's on some samples missed for comparison. Twister didn't shine exactly.

    http://www.megaupload.com/?d=46Z1EKID

    I didn't scan them all at Jotti's , just by luck. On a brighter side, it's with a good company (read AVG, NOD32) on many of them. Avira on the other hand is sweeping the floor.

    But i wouldn't quite rely too much on Twister for zero day malware... Of course, i remain, a faithful Twistee! (and submitted the malware to Filseclab). Just take precautions and add defense layers.
     
    Last edited: Jan 11, 2009
  3. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    FDDS is an important part, Its like useing comodo firewall for defence without Defence + Enabled.
     
  4. LethalBoy

    LethalBoy Registered Member

    Joined:
    Aug 10, 2008
    Posts:
    119
    Do you recommend me getting Twister?? and putting another defense security programs like Malwarebytes, SUPERAntispyware, etc?

    Right now I have KIS
     
  5. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,099
    Location:
    Hawaii
    I am a Twistee -- a big fan of Twister -- but it is not yet in the same league as KIS. If KIS is running nicely on your computer, I recommend you stick with it. KIS is a superb antivirus program -- one of the very best.
     
  6. GES/POR

    GES/POR Registered Member

    Joined:
    Nov 26, 2006
    Posts:
    1,490
    Location:
    Armacham
    Ot.: In one of them VBA32 has exactely the same naming detection as KAV, im pressuming this is the result of some sort of partnership or?
     
  7. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    Yes, in all tests seen so far, FDD accounts for a good number of detected samples. But even under Shadow Defender and Sandboxie, i dare not launch that malware. (I have no VM). You can never know... I did launch only one, under Sanboxie, and Twister didn't blink. Next thing i knew i got a firewall outbound alert (Ashampoo is 0 at Matousec but real life is simpler). Now, i don't know if FDD can see inside the Sandbox though...

    Anyway, this is just one test from samples from the same person, who most probably had submitted them already to *some* AV companies, but certainly not to Twister. And they were supposed to be "fresh" samples. So i wanted to see how Twister would fare. That's all. I certainly won't make an opinion on Twister based just on one sample batch coming from one person.

    Compared to KIS, Twister is worse. Probably runs lighter though. :D But if you want better detection, stay with Kaspersky.

    I suppose they follow the same labelling of samples or share samples.
     
  8. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    On a brighter side. I sent the samples to Twister about 9 hours ago. From 97/202 samples detected yesterday, with the today's definitions the detection is now at 146/202. (For the record, probably there are some dud files in there (1 i saw is 0kb), as i installed Avira too and flags 172/221. The files are 165 actually. They become more after unpacking some of them).

    http://img442.imageshack.us/img442/7964/55457232eh0.png

    For being an uknown antivirus company, they work hard. Also they are penalised from the fact that they are unknown... People don't submit malware to them, because they don't know they exist! :ninja:
     
    Last edited: Jan 12, 2009
  9. Zetelo

    Zetelo Registered Member

    Joined:
    Sep 23, 2008
    Posts:
    110
    I'd say they're working very hard to really meet the standards. Filseclab even works on weekends, this is quite remarkable if you ask me. It's a shame they still remain so unpopular, they definitely deserve more attention.

    It's always nice to see members like you, who are willing to make exacting tests and submit them to AV-Companies. A Big Plus for you as well :D


    EDIT: Btw, Twistees will conquer the world :argh:
     
  10. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    Yep. The av updates many times a day, even on weekends and i had email from Mr. Bright Chu replying to me even on Sunday (though i don't know what time it was in China).

    Twister has still work to do (like not slowing down so much on jar files and reduce false positives), but sure enough they maintain a decent level and out there there are other antivirus programs that require annual fee, run much heavier and detect less or are at the same level. So Twister for the results it achieves, is certainly unfaily unknown and underestimated. It's not Avira or KAV, but in the hands of a user that uses caution and more defense layers, it can suffice.

    Well, i am only an amateur really. The people that are really in position to make worthy tests, actually know what they are running, if all samples are really infecting and so on. In my case, i was just given (after much effort) from a not-so-close-friend (friend of a friend) these samples, and scanned them. I had no idea which exactly samples they are, if they are real malware or not etc. And unlike the person that gave them to me, i am not collecting malware , so to cherish and protect it and hope it will never be totally discovered by all AV etc. So why not submit them... Contrary to him, who submits them only to his "favourite" antiviruses and not all of them. Actually this is yet a way to improve an AV. From what i understood there are many "enthusiasts" out there that collect malware and submit the non detected samples only to their av of choice, so that it will maintain an advantage over the others for some time. In this way, they "help" their antivirus over the competition. Unfortunately, Twister , being unknown and having a low userbase, is lacking in this sector too. Filseclab should do something about pubblicity, beginning from the chinese market. There are 1.2 billion people out there, so Twister HAS to target them more!

    We will assimilate them all! The Twistees are coming! Resistance is futile! :argh: Honestly, i can't wait for the new version of Twister this summer. *puppy*
     
  11. LethalBoy

    LethalBoy Registered Member

    Joined:
    Aug 10, 2008
    Posts:
    119
    It sounds very interesting -- I'm going to try Twister because I saw that I can use it for 90 days (trial).

    In Filseclab homepage I see that they updates the virus database constantly and this sounds very good!

    The only problem with Twister is that they are unknown but like you said they need to make some publicity.
     
  12. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    Yes, a pretty long trial period. Make sure you apply the trial key (it needs a key) that you can find in their website.

    Yes, the automatic update is set to update every 3 hours and usually it really has new signatures every 3 hours. Oh, for the first time, it's preferably that you download the definition update pack from here:

    http://www.filseclab.com/eng/download/downloads.htm

    Because the installer has the definitions of Jan 2008 and if you pick a slow server (they have several servers) you may wait a while before updating. If you download the package and run it, you will be updated more quickly. Then do an on demand update too, it may update some components.

    Yes they do need... The way i see it, even if you keep Twister as on demand antivirus, it's still a good deal for their current lifetime license. Now, why they are not so well known at least in China, beats me. 1.2 billion people that speak your language and you haven't penetrated the market yet? They may work hard, but maybe they need a marketing consulting. (Kees, Mr. Chu needs you!). :D
    Maybe it's not the best av out there, but there are definitely some other worse which still are more famous than Twister and cost more and run heavier.
     
    Last edited: Jan 12, 2009
  13. LethalBoy

    LethalBoy Registered Member

    Joined:
    Aug 10, 2008
    Posts:
    119
    I'm using it right now with SUPERAntiSpyware Pro & Online Armor!! It runs very light :D

    I like it so far :)
     
  14. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    You bet! I am paranoid about CPU usage and if it wasn't light, i wouldn't have bought it, no matter of the lifetime license. I was using AVG 7 before that and when AVG 8 came out i was desperately seeking a lighter substitute. Then i met Twister and that was it! :D
     
  15. Miyagi

    Miyagi Registered Member

    Joined:
    Mar 12, 2005
    Posts:
    426
    Location:
    None
    Let's hope the next version would be an eye opener. Seriously, this would show us how much improvement they have promised and satisfy our lifetime license.

    I personally would like to see how much effort it placed on the cleaning of the file. Inspector Clouseau generously gave an advice here:

    https://www.wilderssecurity.com/showpost.php?p=1250092&postcount=161

    And I miss Inspector Clouseau's malware education lately. I guess the sunshine is taking him away from here. Remember Happy Bytes? Those were the good ol' days.

    EDIT: URL fixed.
     
    Last edited: Jan 12, 2009
  16. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    Yes, we will see...

    Myself i would prefer better detection and less false positives while keeping it light. I am too paranoid to stay with the same windows installation after an infection (what if there is a rootkit hidden somewhere), so i don't care so much about cleaning. I will use First Defense PC Rescue or restore an image and that's it. Prevention is the key. The cure is "format"/"recover"/"restore" for me.


    He transfered to Florida if memory serves me? True, we don't see him around much since then... :(
     
  17. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    I got word from Mr. Chu. 2 samples that were too big to submit and sent them via mail are dud files. Who knows how many of the others i submitted via the program too... The detection today of the samples hasn't changed. (146/202). So i suspect that at the end, if you count out probably dud files, Twister's detection was better than i first thought.
     
  18. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439

    <3 the Chu.
     
  19. computerfan7702

    computerfan7702 Registered Member

    Joined:
    Dec 8, 2008
    Posts:
    8
    I amm loving the fact Twister found 2 viruses in my Opera folder that even NOD 32 Could not detect, my only question is does it intergreate with Vista Security center? It says its out of date but when i click on "update, nothing occurs..Thanks..
    Matt
     
  20. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    Glad you like it. Unfortunately i can't help you here. I run XP with Sec Center disabled. :D Actually i think you are the first Twister user i see that runs Vista. Twister runs well apart that security center fact, i trust.

    Maybe one of the other Twistees also runs Vista and can answer you.
     
  21. Tony

    Tony Registered Member

    Joined:
    Feb 9, 2003
    Posts:
    725
    Location:
    Cumbria, England
    Twister works just fine with the Vista security centre for me.
     
  22. computerfan7702

    computerfan7702 Registered Member

    Joined:
    Dec 8, 2008
    Posts:
    8
    Added into the Security Center well. I Have never heard of how they want you to pay for purchase, I have never done paypal and this share'it sounds interesting..is it legit? Matt
     
  23. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    I bought it through shareit and had no problem. It's legit alright.
    http://www.shareit.com/company.html?sessionid=1125146913&random=bfb40d8bd19fcc60f567db4b782f4cad

    Paypal is easy to use too. You make a free account and "load" it with money (associate it with a credit card or bank cheque etc). And then you click paypal when buying, and you will be transfered to the paypal site to confirm the amount of money you want to transfer to the vendor. The advantage of Paypal is that you don't give your credit number to anyone but Paypal itself. Or , you don't use credit card at all.
     
  24. computerfan7702

    computerfan7702 Registered Member

    Joined:
    Dec 8, 2008
    Posts:
    8
    I have decided to give myself a birthday present in march with buying a lifetime in license. You have to understand, I tried what was almost every AV--Mcafee, AVG, Avast, Antivir, Nod32..nothing could stop Firefox from freezing and locking up and killing paages till now:)

    Matt
     
  25. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    You mean that all these antiviruses cause Firefox to freeze? It's very improbable. Most likely there is something wrong with your Firefox installation or windows installation or something. Maybe some registry cleaning would also help...
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.