Twister Antivirus 8 Arrived

Back when I was testing it, the spike were not just do to loading web pages. I was getting spikes for a lot of different things, often in the 25-35% range. When I get a chance, I'll try this version though.

 

I m getting a 0-2% spike when i open a mkv file for example, i get an 8% if i open a folder with many pics inside.

I suspect that on lower CPUs, these spikes will be higher, but give it a try. I think there is an improvement, but we 're not done yet. I hope in future versions to iron things out.


EDIT: I thought to disable heuristics in realtime, just in case it was causing the spikes, but no... It seems it's inherent with the AV engine. It's just non light...

 

BTW, i just noticed that the lifetime license of Twister is now at "special offer": 49.95$ instead of 89.95$...

I think they are rushing things a bit on the 89.95$. Not that a lifetime license can't theoretically be worth that money, but Twister isn't yet in position to convince people that this will be a viable option every year.

Anyway, i am glad i got it when it was 25 or something in v7.

The other weird thing, is that in the chinese forum, at least from the little i understand with machine translation, there don't seem to be people complaining about high CPU usage... What can i say...

 

A few months back I tried disabling a lot of the different settings trying to see which was causing the issues. The only thing I found that did the trick was disabling to whole AV module, and just leaving the defense wall on.

 

Yeah, it's the realtime scanner. It seems completely rewritten, the old one of v7 was light as a feather.

I guess if i get tired from the spikes, i could disable the realtime and leave it there with just the Defensewall. Better than nothing and i could still do manual scans.

Thanks for the idea!

EDIT: I also find irritating that i can't find in the UI the version number of the program.

 

I installed it for a little while, and didn't really see any improvement.

 

Sorry to hear that. Maybe it was placebo effect on my part. But seeing the cpu time, i have the impression that it was somewhat better. Could be wrong. I emailed again Mr. Chu asking if they intend to do anything about it, will wait and see what he replies.

 

I am installing Avast Free. My preference for CPU-lightness has won. I guess i will wait for a Twister update, crossing fingers.

 

Today, i did my own amateur test with 90 samples (the newest were from today, the older ones from early December). The source where i took them from, also had their origin indicated. I scanned with Avast, rolled back, installed Twister and scanned with that too. Avast got them all right, although couldn't delete some. Twister got about half of them (on static scan) and deleted all that found. My conclusion was that Twister missed mostly the "western european" and "southern hemisphere" samples, while got the "eastern ones" (intended from Ukraine and to the east up to the China sea) much better.

Now, of course static scan doesn't trigger behaviour blocker or the registry defense. With heuristics to MAX, Twister got 4 samples more than with heuristics set to "dynamic" btw.

Just FYI.

P.S.: Of course i uploaded all the missed samples to Twister's cloud.

EDIT: Both Avast and Twister had their respective clouds disabled.

 

I uninstalled Twister and it crippled Windows defender 8. couldn't even start the service or anything. I had to do a windows 8 refresh. that worked.

 

Twister should be still in beta. Needs ironing out. v7 was way more stable and usable. Sad, but true

 

Got word back from Mr. Chu.

They will try to solve the issue, but some problem in there is "very complicated", it may take some time.

Also, they will consider to improve documentation and the fact that you can't see the version number.

So, based on that, i wouldn't hold my breath for the next version update. If they 'd fix it 2 version updates ahead, it would be huge success.

 

That was a similar response to what I got on the issue a few months back. Like you, I'm not going to hold my breath. Luckily there are plenty of good alternatives.

 

Yeah, i think they 've more bugs to solve out, before they get interested in things like CPU usage. If i am to judge from the chinese forum, this is low on their customer demands. We seem to be an exception here that looks at the task manager. By "Very complicated" he may also politely imply "we 'd need to rewrite the engine, so bug off!"

Anyway, Avast free is fine, it's as light as it can get for AV. I am putting Twister's license back to the freezer for now and will wait for other versions.

 

I'm glad I just bought the one lifetime license. I was close to buying a second prior to the price inc, but I had concerns if v8 was going to be usable.

 

Yeah. I believe at some point they will fix it, but who knows when. 1 license for 25$ was acceptable investment, 2 were too risky, at the current price the lifetime license wouldn't worth the risk at all for me.

 

I ll give Twister another shot. I just installed BitDefender trial and it spikes too. And most of the time it spikes worse than Twister. Twister spikes worse on some sites, but Bitdefender spikes to 5-6% almost at all sites.

These is random i took:



I saw it up to 8%, but couldn't catch it on time. Probably that's why Twister's dev isn't so anxious to "fix" this. Seems others do it too. Vipre's engine also spikes. Not as badly, but it does up to 16% when i tried Lavasoft.

I supposed i 've been spoilt by Avast running only file shield, which is doing nothing unless you click on something. For example, i had tried to download the same malware. Twister was blocking it as soon as i was initiating download. Avast, wasn't. That's why Avast was so light.

I was almost ready to buy Bitdefender at 5,95, but i thought, "let's check that out first". So, if i am to see spikes, it may as well be Twister spiking.

EDIT: I ll let you know if i get some program update that fixes the spikes. But at this point i only hope for a reduction and i will avoid the task manager.

 

Twistee again! (as long as it doesn't BSOD).

 

Surprising results for Twister's EVANet (Cloud), although it could be also the behaviour blocker working in the cloud, while not in my PC.

I scanned 18 samples that are supposed to be today's (0-day). EVANet was disabled in my settings. It says 24, after scanning them and probably unpacking something, but in the folder there were 18 visible to me.

Static Scanning on my PC (Cloud disabled). A meagre result.



Manually uploading them to EVANet. Amazingly 15 out of 18 are caught:



Morale of the story: When in doubt, upload them yourself!

 

MBAM Free's opinion on the matter:

 

More confusingly, i repeated the static scan, with EVANet enabled this time. Twister again detected just 3. So, at this point, i can't understand how this cloud works. Shouldn't it flag at least 15 with the cloud enabled?

The ways of Twister are mysterious...

 

Errr... This is probably something Dan Brown should look into and write "The Twister's code". But i have a theory now based on this riddle:



What a nice story, where did i put my Avatar disk?

My guess is, that v8 is at stage 2, in which, the behaviour blocker is what automatically reports "suspicious activity" to the cloud and if many users report it, the cloud reports back as potential threat. Maybe...

So it's a cloud at its infancy and can't be used for static scanned objects. It needs dynamic execution of a program. Uh, i guess...

The third stage seems not implemented yet, but seems a "proper cloud", with also some magical properties, like resurrecting dead computers.


I will also call my favourite fortune teller to ask what he can make out of this.

At any case, before clicking on something, better manually upload it to the Cloud. The Cloud seems working much better than Twister's own scanner, but doesn't seem intended to help you much, if you just have it enabled and wait for its miraculous intervention "from above". Probably it MAY intervene after it's executed, but then it may be too late... So the best use of the Cloud is "on demand". If you wait for it to intervene "realtime", you may wish stage 3 was active, in order to "bring back to life" the PC.

 

I think I will leave my Twister AV mothballed for a bit yet. It is in beta at best atm imo.

 

IMHO, if your Twister doesn't BSOD and you don't look at the Task Manager to see how much it spikes and you 're low risk user (by browsing habbits or because you have more layers of security) and you remember to upload manually "unknown" files to the cloud (which seems to be working remarkable well), Twister is usable. For newbies i wouldn't say the same, but for Wilders' members, it's usable. I profoundly hate the CPU spikes, but after trying Vipre's engine and Bitdefender, doesn't seem to be much of a difference in that. For older CPUs that are so weak to be hogged up, something like Avast with File shield and BB seem to be the solution.

At least Twister won't say you activated it too many times. In this week i have already activated it 4 times. Just did it again, cause i found out i had left the Windows defragger schedule on, in Rollback's baseline, so i had to go back and "correct" the error, make new baseline and reinstalled Twister.

My plans are mainly 2 configurations for the future:

- Twister+WinPatrol+classical HIPS (like NoVirusThankYou/Comodo 5)
- Twister+WinPatrol+Sandboxie/ShadowDefender (when it will support TRIM).

That should be more than enough.

Cause i m not sure at all they will reduce CPU spikes any time soon... I suspect they consider it "normal", given how others spike to or "low priority", seeing how EVANet is missing a stage and a website still.

EDIT: If Shadow Defender comes up with TRIM support, maybe i will try execute live malware to see how the Behaviour Blocker does. That's the section of Twister i haven't tried yet.

 

I agree with you to a point. It was breaking some of my other programs by quarantining them, and Twister AV was unable to restore them to previous functionality. In essence I would have had to re-install the programs to get them working again.