Twister-AntiTrojenVirus Thread.

thanks for the comments..
I do hope that Twister will improve....
too many FPs.... hahahaa

 

3DFireStarteR, That was my point for the question exactly.

I know that Twister has some protection with FDDS, whether or not That is considered as like HIPS or like behaviour blocker.

That's why i asked wouldn't conflict with other HIPS such as in comodo, SSM, EQS or confilct with behaviour blockers (ThreatFire, Mamutu).

Thanks for the clarification.

 

I presume your many "trusted" processes are false positives right? Then, there is only 1 way to get rid of them. Submit them as false positives to Filseclab. Then they will get fixed and you can untrust them again.

FDDS is a behaviour blocker. And runs on XP fine along D+, Online Armor, PC Tools Firewall with Enhanced Security on, SSM, Process Guard, Threatfire and Mamutu. Twister is generally easy-going with other security applications.

 

Glad i could help ^^

 

Ladies and gentlemen, please welcome, the Twister's favourite, the legend of false positives, the unrivaled, the one and only,

Trrrrrojaaaaaan Zzzzzheeelatiiiiiiiin!!! (Applause!)

http://img131.imageshack.us/img131/7691/64887329vz5.png

Once more... Abiword's latest version. And it's always requiring email, because it's over 2 MB... Every single Abiword version is trojan Zhelatin!

One thing i must say. You 're never bored with Twister! And trojan Zhelatin is like a pet now for me. As a matter of fact, i am afraid that some day i will encounter the REAL trojan Zhelatin and i won't believe it, being used to having it as false positive!

 

Did you send it to Filseclab as a false positive?

 

Of course! I also noted to Mr. Chu that a user has FP with Zhelatin and the Gimp. Now i am uploading 197 missed samples from a malware package. I ran 7-8 of them under Shadow Defender. Most would trigger the Registry Protector, 1 the FDD. But some didn't provoke any reaction. The detection rate on demand in this package was low. 207 flagged out of 415. Dr. Web cure it flagged about 308, Avira missed about 15 (someone had submitted it to Avira earlier).

http://img246.imageshack.us/img246/6775/52686700xr2.png

And then i must send some remaining samples via mail, because they are more than 2MB.

 

I was going to ask on what daily basis does Filseclab are adding definitions and what is the number of definitions. But never mind i found the answer.

Man, they are working like mad. Really hard and devoted. Good job.

BTW can some tell me what is number(roughly) of definitions of other AV's compared with Twister, and how important is the number of definitions for detecting of threats.

 

Mind sending that set of files to me?

They produce many signitures a day compaired to some, Kaspersky produces about 2000 a day so half of what kaspersky but twister is a team of 20 and kaspersky labs has many more.

So for the workload they are very good, as some bigger companys produce less signitures daily.

 

Yes, in the filseclab home page, on the top left corner, they also put every day a small notice with the new signatures added. Yesterday after uploading the samples from the built in uploader, i sent the >2MB samples to Mr. Bright Chu who tool the time to answer me that they will analyze them as soon as i can.

The number of definitions isn't a safe index of judging the detection, because some signatures are more generic than others (they detect more variants under the same name/signature). Anyway, i think Twister's number of 1.225.294 is one of the high ones.

Check your PM.

Manpower is certainly an issue for Twister. I think someone mentioned that Dr. Web has about 80 employees. So Twister's human resources are really overstreched i would think. And this has impact on the product. For example, some months ago, a Filseclab representative was posting in Wilders' too. Then he disappeared. Probably he doesn't have time, i don't blame him. Now there is one in the chinese Filseclab forum, but nobody yet appeared in the Twistee.org. And that's unfortunate, because an active presence in fora, is pubblicity for a product. And Twister surely needs some!

Even the fact that western users ignore the existance of Twister, is bad for it, because i imagine, Twister must have better response time in malware circulating in China and a far worse for malware circulating in the west, since very few western users exist and send malware to them.

Bottom line: They should work on more pubblicity. This will bring more income, which will allow for more manpower and better product. Twister, surely deserves a better position in the west than the one it currently has (unknown to the 99.999999% of users).

 

Mr. Bright Chu, great guy.

Hope he stops by Wilders again soon.

 

Yep, he is!

And... Twistees! Rejoyce!!! We have a program update!!!

45MB update downloaded through the automatic update!


http://img262.imageshack.us/img262/3812/79563977su1.png

From version 7.3.1.9969, we are now to 7.3.2.9971!

I can't see any gui changes, there must be engine improvements.

I am also happy to report that in the malware package i scanned yesterday, in less than 24h the detection went from 207 to 361. Great work Mr. Chu!


Probably the signatures were included in this:
Twister virus definition v9.71.63926(02/03/2009.20:35) released. For our 2nd update today, we've added 819 new trojan and virus definitions. 964 new definitions today, 1226113 in total.

 

Over 190 employees (100 in R&D)

http://new-company.drweb.com/

 

Well, my memory failed me then. So, Twister's condition is even more miraculous!

 

C'mon everybody -- twist & shout!

I'm gratified by this update, but I do wish Filseclab would give advance warning when they are going to do this. When the update started downloading, MalwareDefender (the HIPS I use) went berserk, sent me a ton of pop-ups, & broke the download. I had to disable MD & repeat the d/l.

Does anyone know "What'sNew" in this Twister update?

 

Well, it was time!

Comodo has similar problem. It didn't brake the download, but once setup.exe was downloaded and tried to execute, i had to "retrust" Twister and if i weren't present at the moment, it would be for hours in a limbo.

I asked the same in the Twistee.org forum, cause if someone can tell, probably Ftfans can (since they have a Filseclab representative in the chinese forum).

There is also a new installer in the Filseclab site with the 7.3.2 version.

 

Ah, notice that Filseclab Messenger after this update is again running at startup. Just a hint for the Twistees that prefer to disable it (like me).

Which btw, though, maybe it was announcing that there was a new update...

 

I only knew that Twister had automatically updated as Pc tools firewall told me that the binaries had changed.
I then came here to make sure that a program update was the reason for it.

 

Is any of you running the Filseclab Messenger at startup? I am curious to see if there was an announcement that a program update is coming.

 

... and Mr. Fuzzfas who sent a bunch of nasties to Mr. Chu (Mr. Chu likes to receive malware. He is that type of man.)

 

That's the very reason why I refuse to use HIPS or UAC.

The occasional warning messages from Twisters own protection system I can certainly live with, but anything more than an occasional message I can not.

 

I presume you need to reboot for the new update to take effect. I have installed the update twice from the updater (the second time without Twister running), but I still have the old version of Twister.

Anyway, in a few days when Windoze starts playing up and I am forced to reboot I will see if the update has worked.

 

I am running the Messenger. Yes, there was a message about program update (Mr. Chu inform me about update in his response to one of my message that I sent to him on his hotmail address.)

 

how do i submit the FPs online?

when i click, it prompt me to attach a file...

what file?

anyway, i send email but attached an csv file? correct?

 

No reboot here on XP. Simply Twister disabled itself for some seconds and then relaunched itself and the Twister icon re-appeared in the tray and the new version was runnung.

If it gives you problems, try the new installer from the site (after uninstalling manually).

Ah thanks. Well, so much for not notifying then. Mr. Chu is too polite!