Twister-AntiTrojenVirus Thread.

I installed the updated driver after you posted this, and after I rebooted today, Twister is fully functioning under Windows 7! The scanner is working on on demand on on acces, so I'm happy now

I ran a scan on the malware collection I posted about originally, and Twister detected the majority of the samples. Of the ones it missed many are just HTML files, and of the remaing exe files (which are very few), I've scanned a few so far at virscan.org all all came up clean except for one which was only idenitifed by on av program.

 

The end of my last post should have read: all came up clean except for one, which was only identified by one av program

 

Thanks for all your replies Zimzi, Fuzzfas and Bellgamin. Initially I wanted a product with low FPs. But recently ive had a change of heart. I am now willing to consider a product which is a little more aggressive as long as there are reasonable reasons for the FPs produced and there is some way in which the makers of the app will inspect the flagged product to ascertain if it is really malware or an FP and get back to me. Does Twister offer this?

 

Took about 1-15 min's to get back to me ^^

 

Good. I honestly didn't expect them to fix this... They 're 20 people, but working like mad...

The fact that only 1 AV flagged it, may indicate it's FP... Specially if it is one of the "lesser" AVs. Also keep in mind, that Twister, won't always flag something on demand, but upon execution, when it's packed. Examples:

The installer wasn't flagged, but when installation began:

https://www.wilderssecurity.com/showpost.php?p=1401780&postcount=165

https://www.wilderssecurity.com/showpost.php?p=1401881&postcount=173

This isn't true only for signature based detection, but even more with FDDS. In PC Security labs tests, it appears that Twister is the best in signature-less detection, thanks to FDDS. So, when you do on-demand scan of a malware folder, Twister doesn't show its REAL detection rate.

 

Maybe support for unpacking 7-Zip archives should be added to Twister. The software in the links is packed with 7-Zip (as is all software from C-Net Media).

 

Can anyone access the Filseclab.com website?

http://filseclab.com

Looks like it's down.

 

Yes, this time i can't access it either. (I wish they were updating/redesigning it, but most likely not).

 

Thanks Fuzzfas. I'll wait.

 

It's down for me, too. However, Twister updated today so (hopefully) the AV server is okay.

 

As long as the AV updater is working that should be good!

 

My last definition update is of 3 hours, 30 minutes ago.

I am now trying to do manual update, it takes a while before saying "no new updates available". I get about 2 retries with any of the 5 update servers. So, i think their servers work, but they do have speed problem. Whatever it is, is affecting everything, but mainly the website.

 

Yep, their site is down.

 

Confirmation from the chinese forum that the next Twister will have improved FDDS. The translation from google is pityful, but at least, i understand that.

ROFLMAO @ "Twister anti Safety"!!!

 

Possibly bad news... Twister v8, from what i understand, will have for the 40% completely rewritten code and they can't give a date of release?

 

Thanks Fuzzfas. The first article almost brought World War 3 in my mind. I mean defense and meal cards? Where are we going? But anyway, I am glad to see them moving and being more active.

 

LOL! True! I can't understand much of the first article. He tries to explain how FDDS gives a score to suspicious activity, but other than that, i can't follow the words into a coherent conclusion.

It's also hilarious that Antivirus is translated in "AntiSafety" and Filseclab in "Fairbanks".

Yes, they 're doing a major change. Personally i more excited about the improved FDDS. If they manage to make it effective to the levels of TF, that would be amazing! The scanner is already decent enough, so improving it isn't a priority for me. Mostly needs bugfixing and reduction of FPs.

In my tests that i did on demand, the scanner is way lightning fast. If they only make it get "unstuck" from cab and jar files, it will do fine.

 

A-ha! Maybe time to grab more licenses.

 

OFF-TOPIC: If only Twister was in Hawaii, it would have been a great marketing from mother nature. (2 days ago)

Here and here.

 

That HI twister had less wind power than a flatulent mongoose. An F-zero

Hey Fuzzy, thanks for the translations. I am looking forward to a power hike in FDD.

Oh yes -- the Fairbanks website is back online now.

 

LOL! Well, then, it's better to have always so feeble twisters. Must be interesting too to watch though. I 've never seen a real twister , except for TV news/documentaries.

Anyway, Twister could use that pubblicity! These people are the definition of a company that looks into the substance of a matter and neglects the appearance (i.e. the opposite of the natural). They have a good AV, with a crappy interface. Most rogue antiviruses have better skin. Their site goes down, their update servers stay functioning, even if slower. They only have 1 person that speaks english well (as he said in here), but he takes the time to reply to your mails. These people do very well the essential parts of the business, but are terrible in pubblicity and "glamour". Unfortunately thought, the latter is what attracts customers.

Me too! I am eager actually! BB is the best thing an AV can add to its arsenal. It can be easy to use and effective. What techies and non techies want alike. And FDDs surely has room for progress in that field. I am very optimistic about it. Already in PCSL tests, Twister was one of the most effective antivirus when the signature wasn't included. Imagine what will happen with FDDS further enhanced!

Imagine a very strong FDDS in v8, coupled with TF or Mamutu! Already in the chinese forum, i saw that several users use : Twister + Micropoint for their security setup. With 2 strong BBs + say something like Sandboxie or DW, you can even drop classical HIPS alltogether. Chances of infections would be too slim.

Yes and it's still the old one...

 

See... This is yet another reason i love the little underdog Twister. These people really try, even if language is also a problem. I had sent one of the fake antispywares to Mr. Chu, he replied that it doesn't show malicious activity. I told him that this is true, they are more like a "phishing" tool, detecting fake infections, urging the user to buy it. And i sent him a jotti's scan showing the program as "FakeAV" from one vendor, adding, that i don't know if they intend to detect it, but if they do, this labelling is IMHo the most appropriate.

This thing has gone over and over for 4-5 emails. In the last one he told me that he will talk about it with his senior staff and i told him that it's not necessary to always reply to me, cause i know they 're busy. Today he replied to me...again, just to say "Ok, i got that, thanks for your tips again, Best regards, Bright Chu".

I mean, you gotta love Mr. Chu. And this thing would never occur with one of the big AV vendors. Here you have a 20 person dev team, and only english speaking amongst them, is taking the trouble to reply back just to say "Thanks".

Mr. Bright Chu, i hope they give you a salary raise, cause you deserve it!

 

But then again alot of you lot make excellent suggestions n contributions to them so i dont c y their staff shouldnt be in contact with u - just because big boy vendors are arrogant and protect less then lil boy vendors doesnt mean they are better. Au contraire, they might have more bread but they lack in so many things

 

True, true. In fact, the best support comes from the "small fish". And they 're also more willing to listen to the customers. You can see it in this forum too. The "big boys" don't have representatives (why should they care) in the forum. On the contrary you see Ilya, Cold Moon, Xiaoling, Katie, Eirik, PrevX (hope i didn't miss anyone) always ready to help.

As for Twister, i hope that they will hire some more with good english too, because Mr. Bright Chu had said that he is the only with good english in the team. So, poor fella, all english language emails, end up on his PC. And he is one of the devs too, not a dedicated support person.