Twister-AntiTrojenVirus Thread.

LOL

 

Probably a conflict with DW or bad uninstallation of KAV that was leaving behind something... I 'm glad you have resolved. Twister is generally very easygoing.

 

Id like to hear from you guys what the strengths and weaknesses of this product are? Does Twister throw up a lot of FPs? Whats its self protection like? What are its outstanding features? What kind of RAM usage are we talking about? How fast is its scan? Any major or minor issues with the product? Does it have good detection? Any other info that a newbie looking for an AV should know about?

 

I think the 1st page of this thread can answer to all your questions. Plus this:

http://www.twistee.org/viewtopic.php?f=2&t=9

 

I can remember your from your last thread, unfortunately I could not answer your questions before it was closed. So yeah, Fuzzfas has already pointed you to a good spot, so let me just put some basics into a nut shell:


Twister has a lot of FPs
Its self-protection seems to be stable (I haven't noticed anything so far, except an issue with Taskmanager, but it is mentioned later)
it has alot of additional features such as PowerRemoval (erase deeply rooted files) or an own ProcessViewer with info about the different processes plus an WindowsFixer, which fixes many common problems with Windows. Also you can enable the TaskManager or disable it via the program itself, so it's pretty funny tbh
It currently consumes about 4.000k (shown in the taskmanager) and FilMsg.exe, an additional tool of about 6.000k (but you can disable it at any time, it does not cause any problems atm)
Full scan takes a great deal of time, but it's acceptable´for me...
It seems that on German Windows systems, Twister isn't able to prevent itself from being terminated by the user using Taskmanager, I have this option unticked however and Mr.Bright (From Filseclab) has promised that this will be fixed within the next version of Twister.
And last but not least, it detects a splendid amount of threats and it will participate in the following AV-Comparatives tests in the near future

Zetelo

 

if i purchase now, will i entitled to update the new version when times come?

 

Of course! It has lifetime license. As long as the product exists, you will be able to use any new versions without paying again! This lifetime license may not be available in the future...

This is the screenshot from my Twister:

 

This is my opinion on Twister.

Does Twister throw up a lot of FPs?
With default settings Twister does not give false positives. There will be false positives only if user enables some advanced options (high level of Dynamic Defense System, Virus Infection Defense, Virus Immunity System).

Whats its self protection like?
Not particularlly good. System Shotdown Simulation Test (sss.exe) is able to close Twister and than to drop Eicar virus test file (but it is the same case with Avast or some other antivirus, for example)

What are its outstanding features?
Twister is combination of a classical antimalware software (like Avira, for example), malware behavior analysis (like ThreatFire), registry realtime protection (like RegProt etc ...) and some other very interesting components and capabilities.

What kind of RAM usage are we talking about?
Very light with default settings, like Avira Free (small footprint).

How fast is its scan?

Standard speed except if there are many CAB files.

Any major or minor issues with the product?
I have never had any issue with Twister.

Does it have good detection?
Yes, even with the default settings Twister has a very good detection. On my tests Twister always achieved score of 97-99% (Admit that I have a small sample collection, several thousand mostly older samples. If someone is willing to send me newest and rarest samples would be happy to test Twister)

Any other info that a newbie looking for an AV should know about?

Twister is little-known antimalware software but it is very promising. If you are average user stay with the default setings!

Thanks.

 

I've been trialing Twister for a bit over a week, and I have to say that the detections rates are truly abysmal.

I downloaded and unzipped a malware collection and then scanned the folder with Twsiter (using the default settings). The results were that is scanned 2,177 pieices of malware, and if found ZERO infected files!

Just to make sure the files were actually infected, I scanned the first file online at Virscan.org and aut about two virus scanners said the file was infected.

Next I did an online scan with BitDefender and these are the results:
Time
00:03:02

Files
3193

Folders
4

Boot Sectors
0

Archives
0

Packed Files
209




Results

Identified Viruses
1062

Infected Files
1550

Suspect Files
2

Warnings
0

Disinfected
0

Deleted Files
0



Remember I used the default scan settings in Twister, and to not even detect a single virus indiciates a very poorly performing scan enginge.

 

Here is a screenshot showing scan results form Twister and VirScan.org

~Screenshot removed. See our policy.

https://www.wilderssecurity.com/showthread.php?t=180057

 

In my first post I meant to say:

and all but about two virus scanners said the file was infected.

 

I would be very grateful if you would send me the archive becouse for me it is very hard to believe in what you said here. But, If what you said is correct I will confirm it here without hesitation. Thanks.

antidote@inbox.com
(protect archive with password "samples" please)

 

It is difficult to make any sense out of roger_m's comments. As quoted here, roger_m claims to have tested Twister against 2177 pieces of malware & then tested BitDefender against 3193 files. Is it "pieces" or "files" or what? And how many were there actually -- 2177 or 3193 or.... what? And WHAT was the composition of the test database, & WHERE did roger_m get this stuff? Were they old nasties, new nasties, in the wild specimens, or what? Were they trojans, worms, viruses, key loggers, spyware, or... what?

If roger_m is claiming to have made some sort of test, then he should at the very least define the test base clearly & consistently. Good grief what a mish-mash!

Then roger_m later wrote...

Here roger_m refers to "the file" -- a single file, not 3193 files or 2177 pieces. Further, roger_m said there was one folder, but his post goes on to say that BD examined 4 folders. 4 or 1? 2177 or 3193 or "THE (singular) file"? What gives with all the variability?

I am always interested in valid tests, even those done by amateurs. However, the sort of inconsistent and unsupported comments made by roger_m are simply an incoherent mish-mash, and I fail to discern a basis for meaningful discussion.

 

I am still interested in roger_m's mish-mash even if it is incoherent. I hope he will send me the archive.

 

To answer your questions:

I meant pieces and files in the same context.

The difference in the number of files scanned is because as you would know, virus scanners often don't scan every single file in a folder, but just certain extensions.

There were four folders (three sub-folder under the main malware folder).

I have absolutely no idea as to nature of malware scanned - I just did a really quick (10 second) Google search for a malware collection and then downloaded the first one I found.

When I am referring to "the" file, I scanned just one of the file at VirScan.org to see if it actually was infected, as I found it quite bizarre that Twister did not detect even a single item of malware in the collection I scanned.

I understand your concerns about my testing, and I will say this:

As far as I know there has been absolutely no "valid" testing of Twister done yet. I consider a valid test to be something like Virus Bulletin's testing, where antivirus software is tested against viruses which are currently in the wild.

I think you are missing the point of my post, which is probably due to me not explaining myself. I was not testing Twister against this set of malware to compare the results with other antivirus scanners, as I consider the only valid tests are where every single file tested is actually identified as being a threat in the wild, and all other tests are worthless (in my opinion). However I posted here because for Twister to not identify even a single threat in the large collection means that in my opinion Twsiter's scan engine is really bad. Heuristics were turned on - and not even a single heurisitc detection was made. Further evidence of how badly performing Twister's scan engine is that when I scanned a single file at virScan.org even the majority of antiviruses with below par scanning engines identified the file as being malware.

Still I will continute to try out Twister for the remaining period of it's three month trial, due to it not slowing down my computer, and becuase 90% of time I have no antivirus software installed - so my computer is much better protected now than it usually is! (Having said that I'm very careful about what I let install on my computer, so it doesn't get infected, and accordingly I don't actually "need" antivirus software or firewalls (well I do use the built in Windoze one).

 

He HAS to send you the archieve, otherwise it is rather unlikely that Twister has scored so badly, or even impossible. Pics cannot be trusted, since Photoshop is a common program for every user.

Better let Zimzi or somebody else examine and confirm it, or it simply didn't happen.

 

I really don't know why you doubt me, anyway it seems you can not sent private messages here - I tried PMing Zimi earlier, but anyway if you search for "Some malware for analysis/detection" on Google it is the first search result.

 

did u just scan the files or did u execute them when u tested?

 

Ok, you are talking about "Some malware for analysis/detection" post which is published 2007-04-02 on the Offensive Computing? But it seems that in the archive there are 927 files, not 2177 or 3193 as you said in your post? Are we talking about the same archive?

You can send me the archive or the download link to my email: antidote@inbox.com. Just protect the archive with password.

Nobody doubt you but as a Twistees we are very, very curious about your story because we know although not perfect, Twister has great detection rates. Last night I catched up a little more interesting peace of malware (I can provide download link by request). After testing it turns out that some well-known antivirus cannot detect it the difference of the Twister, which can. Such things I see almost every day. Therefore, I find it difficult to believe that among the thousands of malwares in the archive you are talking about Twister could not detect any.

 

I'm not trying to be offensive, but as Zimzi has already mentioned, Twister detects a lot of threats that big companies do not and if you have the settings on maximum (High sensitive Mode For Experts), which I am currently running on my system, it almost flags every file as suspicious.

You cannot tell me that Twister is not capable of detecting a solitary threat from thousands even with maximum sensitivity, I just cannot imagine it.

 

if u just scanned the files, Twister might have missed some, but if u executed them, the FDDS and Registry protection would have DEFINITELY flagged them.

 

He said at default settings

 

Then I want to correct myself:
You cannot tell me that Twister is not capable of detecting a solitary threat from thousands, I just cannot imagine it.


Found another mistake?

 

He can tell you and he did tell you so yer

 

In fact, roger_m did not send me the archive nor provided download link. I download the other archive with 928 files which he mentioned in his last post, tested it and Twister found a bunch of malware.

So, as a final conclusion, I have no idea what roger_m was talking about?