Twister-AntiTrojenVirus Thread.

After rebooting I now have the new version of Twister, but the scanning still does not work under Windoze 7.

However as I've said earlier the FDD System does work under Windows 7, and it caught a trojan yesterday and stopped it from infecting my computer.

 

I don't think they are interested in Win 7 compatibility right now. It's beta, things can change in a beta and changing the application to match the change mustn't be pleasant for a 20 people team, while they work on the next version of Twister.

Well, i 'm glad! You must have been lucky, cause some malware don't trigger neither FDDS nor the Registry Protector. Fortunately, as seen in PC Security labs tests too, FDDS does account for a good number of caught malware by Twister and fortunately your malware was in the category that triggers FDDS.

 

Its happening the samething to me

 

Zimzi, you have on several occasions you've claimed that on default settings Twister will produce zero FPs. By zero do you actually mean zero? Or do you mean it will produce low FPs? If you mean it will produce low FPs then in comparison with NAV, which is lower?

 

Twister has many FPs, even with default settings.

 

Not according to Zimzi.

 

I guess you will have to choose between different opinions then. (in case this thread isn't enough to understand).

 

From the Filseclab Chinese Website (Windows 7 Support):

Given the current anti-virus software more Windows7 not support the status quo, to protect the user's computer system security, safety laboratory in Fairbanks 2009-2-7 launch date of the latest safety tests Twister Anti patch, this patch can be achieved cost security Windows7 support 32 mission. Has the use of Windows7 (32 bit) beta users can install the latest version of Twister Anti safety second edition V7 R3 (7.32) and then manually download http://www.filseclab-us.com/down/immdrv_win7.zip, by which you can readme_cn.txt operation.

http://74.125.19.101/translate_c?hl...rev=_t&usg=ALkJrhiBwHWOYuM6eARQfscjXXxARaNcxA

 

Be nice, Fuzzy.

As to FPs -- if an FP is produced by Twister's sigs, then it is truly an FP. However, if an FP is produced by FDD (Twister's behavior blocker slash registry watcher) then it is NOT *truly* an FP.

Rationale- A behavior blocker's job is to report suspicious behavior to the user. If an "honest" application manifests suspicious behavior, and the behavior blocker reports that fact to the user, it is a valid warning -- not truly an FP.

Example- If you see someone trying to jimmy open the window of a neighbor's home, that is definitely "suspicious behavior." However, if the person doing the jimmying turns out to be the owner of the home, who misplaced his key to the front door, then it's a false alarm, but a valid alarm nonetheless.

By the way -- I have NO idea what I'm talking about so feel free to disagree (you have a right to be wrong).

 

I am doing my best. But you know, when just 1 or 2 pages ago, there are 2 instances of FPs, one mine (Abiword) and 1 with 170(!) FP (all Gimp's plugins), what else is there to say?! Apart the fact that it has been mentioned for a gazillion times that Twister has FPs. I use default settings plus the registry prot.

I completely agree! I don't count FDDS alerts as false positives.

 

Twister's false positives that have occured to me only and posted in this thread and the previous one (since people don't use the search function, well, i guess i did!).

Abiword (every single new version is Trojan Zhelatin. Every time i send it as false positive, it's fixed and when the new version is out, it's again Zhelatin):

http://img131.imageshack.us/img131/7691/64887329vz5.png

The Gimp. ALL 170 plugins, trojan Zhelatin:

http://img7.imageshack.us/img7/7102/85621589mc2.png


Here's another interesting variety and my personal record in a single scan, before seeing the Gimp (Argente Registry Cleaner, Auslogics Disk and Registry Defrag, Quick Time Alternative, Media Player Classic, Real Alternative):

http://img13.imageshack.us/img13/4018/68594506jt7.png

Of course i had them fixed all.

A driver from Ashampoo Firewall, reported as rootkit (granted it's a very bizarre driver):

http://img13.imageshack.us/img13/6296/77009256tz3.png


So, yes, maybe it has FPs and hopefully the next person that will ask, will bother browsing 2 pages ago or bother to go to "search" for "Twister antivirus", like i did. Or even yet, wonder, why the starter of this thread, makes an opening post with configuration advice on how to reduce the FPs to a minimum (logic says, FPs must be an issue...).

 

FP are an issue, But no program is perfect, I would rather have FP's then lackluster detection anyday

 

I am not an expert like you and I had no idea what settings you or anyone else were or were not using. I dont like jumping to conclusions since Im new to pc security. Indeed I was aware of Twisters reputation for FPs but I was interested in getting the opinion of people experienced with the product, which is why I asked some questions on this thread. One of the posters(Zimzi) who seems to know a thing or two about this product was of the opinion that it produced low fps on default. Intrigued that someone was giving opinion contrary to the common view on the subject I questioned further. I dont like basing my opinions on just on reputations and reading alone because I am inexperienced and can be misled.

 

Me too.

I am not an expert either. Simply, when i was interest in security, i started reading over the internet, googling, searching and trying products for myself. This is the only way to make up your mind. Cause Suppose Zimzi insists that it doesn't have FPs, then what? How are you going to make up your mind? Does it or does it not have FPs? So, 2 pages ago, there were 2 instances with 170 +1 FPs. In page 3 a lab test (post #57):
https://www.wilderssecurity.com/showthread.php?t=226929&page=3

Yes, i should repeat that more often.

Reputation apart, there is probably enough evidence to make someone understand, just 2 pages ago and in the opening post of this thread.

Take my advice on this. Leave alone reputations when it comes to products, and search for screenshot reports and most of all, TRY them. = SEARCH for hard evidence and TRY them. I mean, what if different people tell you different things because of lack of information , like in here? (of course in that thread nobody else is going to answer, but just in case).

https://www.wilderssecurity.com/showthread.php?t=232822

Would you trust them? Instead of the official site? If i came in that thread and told you "AFAIK, yes it does", then you 'd buy it? Google is your friend. "Search is your friend". "Mr. A says 1, Mr. B says 2, is only a hint, may be right, may be wrong. If Mr.A, Mr. B, Mr. C say 1 and is supported by hard proof while Mr. C says 2, chances are it's 1. Then one tries and sees.

My final advice: Don't use Twister, you 'd have trouble with it, it requires a certain AV experience.
My final prediction: You 're not going to buy Twister.

 

I agree with the bolded part in its entirety. But if Mr C says something different, I dont think theres anything wrong in questioning him further to see his basis for what he says. He might be full of crap, but he might also maybe know something.

The thing about hard facts/statistics is that to a large extent it depends on interpretation. I have no idea what abiword is. I am not sure how to interpret the fact that it keeps getting flagged as a trojan. I have no idea what settings you are using and Zimzi made it a point to stress that Twisters supposed 'low fps' was on default settings, giving me the impression that others on this thread/board were may be using advanced settings, something not totally uncommon considering the number of knowledgeable people on these forums.

Same with the 170 plugins. I know jackshit about all these things. You may have been using advanced settings, also maybe the nature of the plug-ins is such that they are likely to be flagged as FPs. I would have no way of knowing really.

Obviously I look at the other factors you listed and not just the opinions of particular posters, but for me someone experienced with a product can give you insights that are not available from other sources like the official site, reviews, tests etc. By adding the opinions of posters and comparing it with reviews, tests and other hard facts I think one can come to the best decision.

Oh and off course I trial ALL products before paying for them. For me asking around for opinions is part of the process before I actually trial a product. It helps me, considering how many products are out there, as it among the other factors you listed helps me trim the products down to a couple that sound ideal for me and then based on that I can trial and make my decision. I just dont see the harm in questioning someone, especially someone who seems to have reasonable knowledge and experience with a product, even if their views conflict with the majority. Perhaps they know something the rest dont. Or maybe they are just wrong. I will only know if I question them and compare what they have to say with the other facts known to me.

To be honest with you Im a bit sceptical of Zimzi's opinion, because of everything else ive read on the subject, but he seems like a knowledgeable and responsible poster. Hence why I am questioning him further.

 

Fine. Go on, enquire. I won't interfere any longer.

 

I'm too lazy to read most of these recent posts

But from what i gather, Twister has multiple settings, Each give different results, But if your looking for no FP's or "Few" FP's i would recomend setting it onto Auto low, That will Turn off everything includeing HEUR.

Twister will still have a good detection rateing because its highly signiture oriented, And if thats not good enough you can enable FDDS and click Save custom in the options section.

 

Fuzzfas,

How do you find infections that Twister has missed them?

What's the drill ?

You go surfing on the net, bad or good places, p2p(doesn't matter if only you are searching for new samples) and after that what??

You un-install Twister and install other programs(Kaspersky, Bitdefender, NOD32 etc) or maybe you just disable Twister and the install other AV.

Does scanning with online scans can detect as same as installed the products mentioned above.

Or maybe you have virtual machine(box) and test on it.

Too bad that most shadowing programs don't have the option to keep changes on restart.

I go couple of hours(or days) on the net, i un-install Twister, install several other AV's and see what are comparative results.

And if let's say other AV's doesn't find anything within my regular internet usage, i pressume that Twister is definitely is worth considering.

Maybe Comodo Disk Shield (a.k.a Time Machine) could be interesting for this kind of testings.

 

I only did that once. As i wrote about it in this thread, i was given a malware package, i didn't find them myself... The 2nd case, it was a package found by rogerM, i just scanned it to verify his findings...

By searching you find few samples at a time. Before Xmas, i was also using the links in PC Security labs forum. P2p might have "older" samples, yet you can find samples that are not detected. In general, i don't go regularly in "seek malware" missions, nor i am a collector. Even the malware in the 2 packages i scanned, i deleted them days ago, once i had submitted them, it was annoying having them being flagged in every on demand scan.

No, nothing so complicated. I 've written it clearly really in this thread! I simply use Shadow Defender and Dr. Web Cure it and Avira free that don't need reboot. Of course i disable Twister. In online scans i 've only scanned a few, it's too time consuming to upload one by one malware at Jotti's. One thing about Twister. In malware that comes with installer, often it does detect it , but once you try to install, while another AV may flag the installer. This isn't a miss for Twister, it's simply the way it treats packed malware. So, in some cases, only trying to execute will show what happens.

 

I convince you that Fuzfass is very knowledgeable about Twister Anti-TrojanVirus and it seems to me that he is also very responsible poster.

I want to clarify something. Twister do not produce false positives on my PC. But, as it is the only one PC I can not give the firm conclusion. There is possibility that on your PC Twister will give zero or very few false positives but there is also other possibility to give much more than very few. It depends mostly on software that are used on PC. It is fact that Twister produces false positives if you are using Abi Word or Gimp. I do not use these programs so I do not have such problems. On my PC that Twister is installed, beside Windows XP Pro SP3, drivers and system updates, there are also 102 programs of diferent kinds. So I rather say that Twister gives false positives in relation to specific programs, but that it is its general characteristics in terms of the majority of well-known and popular programs. It is also true that Twister's FDDS once or twice reacts during the launching programs that I considered legitimate because of digital signature mising. As I agree with Bellgamin (whose texts read with great attention and pleasure) I do not consider Twister's FDDS warnings as a false postive results.

Regarding that if Twister should be your primary antimalware software I have specific opinions but, anyway, certainly should listen Fuzfass's advice and try Twister before making a decision about the purchase and final usage.

I hope I was of help. Best regards.

 

False positives, at a point, are a matter of luck. Well, i 've had quite a few. The above aren't even ALL the FPs i 've had. Simply i am tired of uploading all here. Lately, i thought FPs were reduced, until i saw the Gimp. It was horrible to upload 170 samples.

But i am not the only one. In the last PCSL test when Twister got 0 false positives, many people were surprised, not just me.

 

An ISR like rollback rx, Eaz-Fix and Ayrecovery is what you're looking for renegade. I am not sure about Comodo Disk Shield. It sounds like a virtualiser like Returnil from what ive read. Does it keep changes on restart without committing to the real HD?

 

1) Of this I have no doubt whatsoever. I can tell from his posts not only on Twister but also other security apps that he knows what he is talking about. Also he has helped me and given me advice on other security products.

2) I see I think I have a better idea of the weaknesses and strengths of this app. Thanks!

3) My opinion of Twister was initially more in line with Fuzzfas, which is why I was intrigued by your claims and asked for some clarification. Im not entirely convinced that this is the product for me, but you've helped me better understand this product and Im not as intimidated of it as I once was. Im still looking around and considering various different apps and combos so I will not be making my decision any time soon, but I will only make a decision only after having trialled the product.

 

Zimzi is correct -- Twister produces few FPs. Fuzzfas is correct -- Twister produces many FPs.

A paradox? How can both be correct? They can both be correct because...

+Twister is an aggressive antivirus. Thus, it tends to view with suspicion *certain types of applications* such as security apps, apps that do any hooking, apps that use the internet, & almost anything that is strange or new. { I am beginning to suspect that TAV is somewhat Xenophobic. }

+If your computer has those *certain types of applications* that generate FPs with Twister, then (like Fuzzfas) you will have many FPs.

+If your computer does NOT have those *certain types of applications* that generate FPs with Twister, then (like Zimzi and me) you will NOT have many FPs.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OT- It bears repeating that Filseclab/Twister folks will answer questions directly when you submit them using THIS query page.

P.S. I have never used that query page myself. Has anyone? If so, did Filseclab reply? If so, how long did it take for them to answer?

 

Bellgamin is right. It depends on applications you have and... luck...

It also appears that some FPs are always related to specific trojan signatures (trojan zhelatin for example).

In the next version the will come out in summer, i think and hope, that the engine improvements, will also benefit the false alerts.

In any case, Twister, is very good value for money application. It has much potential and you don't find lifetime licenses for AVs every day.

IF, you can live with the known possibility that you may get some false alerts now and then, try it on your PC and if you like it, buy it.

With the current FDD, be aware also, that you will have false FDDS alerts for some legitimate applications and such alerts can't be "fixed" by uploading the application as false positive. Meaning, every time you install Twister from scratch and encounters the same application, you will get the same alert. Of course, as long as Twister is installed, you will only encounter the alert once (you trust the application and won't bother you again). It's not a FP, but a false alert, because of the behaviour blocker.

If the above is OK with you, Twister is great. Understanding FPs or false alerts isn't difficult either, if you know your installed applications and use virus total or similar for verification.