Twister-AntiTrojenVirus Thread.

I'm sorry it was a bad joke on my part i was tired and cranky.

Twister has a wierd ability to suprise and stump me completely.

But any tests being done on Win7 or vista don't count in my oppinion since twister has never really been fully compatible with them, i think all tests for it should be done in XP because it shows the true ability of the program in a situation it would be functioning properly.

And i'm not sure about Win7 but it may have a different file system that confused twister.

 

The filing system is unchanged in Windows 7. However I agree with you about running tests in XP since it has been determined that either Twister doesn't work in Winodws 7, or possibly only works for some people running Windows 7.

 

i installed Gimp 2.6 and twister prompted over a hundred viruses.....

can anyone with Twister try installing and then scan... wanna know if its just me or FPs

http://www.gimp.org/downloads/

 

Gimp is safe. Used by many many people.

See if the gimp portable installation does the same:
http://portableapps.com/news/2009-01-15_-_gimp_portable_2.6.4

 

I know that Gimp is good...

but why so many FPs from Twister

http://img186.imageshack.us/img186/1340/logzg9.png

 

Holy **** lol

 

LOL! Trojan Zhelatin strikes again! If someone searches the Twister threads, i 've been battling against FP with trojan Zhelatin for months. Every new version of Abiword is flagged as trojan Zhelatin!

I 'm afraid there's a Zhelatin curse in Twister. You can only submit them as false positives and wait till they get fixed, like i do with Abiword.

 

Thanks for all the info everyone especially Zimzi and Zetelo. Sorry but I couldn't reply earlier as i have been very busy lately. Here are a couple more questions.

How does FDDS work? Is it a classical HIPS? Is it chatty? Also registry protection will I assume inform you if any keys are added to the registry? Anyways I'm currently looking at other security apps like HIPS and virtualisation and gonna stick with my trial version of NOD32 but I would be really interested if there are any tests with twister on default settings.

 

FDDS is a noisy Behavior Blocker. im not sure exactly about the registry protection.

 

Registry protect will flag newly installed programs so that malware cant install itself as easy threw Drive by downloads.

 

True, but there's a strategy for that. Namely, after installing Twister on your "clean system", use it to do a full-system-scan. Then *carefully* consider/trust all the resultant FPs.

After that, Twister will become pretty quiet BUT -- when it does give an alert -- it is fairly certain to be something that you ought to look into.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

P.S. A well-seasoned Behavior Blocker is similar to the animal you get when you cross-breed a lion with a parrot -- when it talks, you better listen!

 

LOL i like that

 

Registry Protector will flag only if it find a problem (suspicious information in the Windows Registry)!

You can get more information on Twister Anti-TrojanVirus Help page under the "Registry Protector" link.

P.S. I hope that this year Filseclab will publish not only the new version of the Twister, but, also, more modern and informative website.

 

it would be interesting t see what the new version will be like, any ETA on its release?

 

Since there are many FPs, User can set safe files to "Trust".
It then prompted that these trusted files will not be scanned again. Meaning excluded from subsequent scans...

What are risks should these files are infected?
How to minimize?


PS. i have added about 400 files as trusted........ isnt it too much??

 

Tonight I catched up a litlle more interesting malware. It is spyware/adware type of malware. On Virus Total only 4 programs recognize it as malware (mostly as a "suspicious"). The most well-known antimalware cannot detect it. I run the file on my PC to verify that it is a real malware, not a FP.

Twister also cannot detect it by virus signatures, but Twister's File Dynamic Defense System (behavior analysis component) flag it (see picture) so malware can be stopped.

 

Hi Zimzi,

How to resolve the issue of trusted files being subsequently infected?
Cos twister will bypass it..

 

Assume that the solution is to not have a lot of trusted files. Also, you can choose "Trust Temp" option which allows the file to be considered trusted during the next five minutes. I am using the default settings and really very rarely have problems with false positives. I do not have even a single trusted file.

 

I am performing manual scan....
so the option is not wat u have attached....

only have Clean / Rename / Reimmunize / Trust

 

In that case the file marked as a trusted will not be scanned in the future when you are using on-demand scanning, but if such a file be launched Twister will catch it by real time protection by virus database or by FDDS module ...

You can try this with Eicar test file.

If you want to make such a file untrusted again, go to Twister main window - Extended options and remove the file from the right tab.

 

Bryanjoe,

I see in your signature that besides Twister you have other programs.

Do you run the all at the same time?
Are the some conflicts between Twister and some of the applications or conflict between different applications?

Do you have D+(HIPS) activated in comodo or not?
I think that SSM it's similar with D+ in comodo, right?
Don't you think this is an overlap?

Hey guys, would you reccomend for securing Twister running two HIPS at the same, D+ from comodo and EQS (or SSM) and even behavior blocker like Threatfire?
And would this be problem, with too many applications?

I'm saying this for Twister, not for every AV that is out there.
I know that Twister doesn't have HTTP scanner, so would this be some preventive measure and securing Twister.

Thanks.


You setup seems pretty much interesting.

 

hi renegade08,

I have run both SSM and D+ with twister previously.... No issues with it.
Infact, i run Malware Defender previously as well.... hahaha....

But for now it is those at my signature with D+ disabled.

 

Hey,bryanjoe.

Thank you for your quick response.

And even you have ThreatFire beside all those programs.

Man that setup is like killing spree (From Unreal Tournament). Pretty cool.

 

Hi, thanks for clarifications.
I always thought that after setting it "Trusted", it will bypass the real time protection.

 

I wouldent recomend installing D+ with FDDS on but if you add all the FP's to trusted list then i dont see that much of an issue if you keep FFDS on medium or low setings.