Twister-AntiTrojenVirus Thread.

Discussion in 'other anti-virus software' started by Taliscicero, Dec 3, 2008.

Thread Status:
Not open for further replies.
  1. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    In the process of adding a sandbox, I hope the proponents of Twister (TAV) do not doom TAV to never being fully compatible with 64-bit.

    According to Tsuk (Sandboxie developer), Xiaolin (Malware Defender developer), & Ilya (Defense Wall developer), sandbox-type apps will not run well under Win 64-bit, unless they are emasculated to some degree. See the last few pages of THIS Wilders thread.
     
  2. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    I hope that too. By the next year i will probably be on 64bit W7, so i 'd like Twister working, even without sandbox.



    Anyway, some news from FTFans/ftfans.org:

    1. The price of V8, at least for the Chinese users, will increase.

    2. There was a MINOR UPDATE :

    Twister Anti Safety Update - 7.3.3 new features (2009-07-17)
    Fairbanks laboratory safety 2009-07-17 13:06

    Twister Anti 2009.7.17 security in the early morning drive to the main program and the core of a small-scale update of the main contents of the update for is:
    1, to improve the virus database updates to disk to improve anti-interference ability to write, some degree of ease the situation due to system or hardware caused by the virus database update 1970-1-1 become problems.
    2, to improve the dynamic defense warning IE8 issues.
    3, to improve the windows7 support in the core issues, share files on the network to improve the efficiency of monitoring to resolve deadlock scan encrypted file, vista system does not monitor individual special circumstances drive.
    4, to improve detection and false positive anti-trust measures.


    3. Antivirus daily tests performed in a chinese forum. They are on demand only (so Twister's behaviour blocker is excluded and considering it usually accounts up to 20% of its overall detection, it's going well):

    JUNE 2009 results:

    http://translate.google.com/transla...p://bbs.kafan.cn/thread-491981-1-1.html&hl=en


    JULY 2009 results:


    http://translate.google.com/transla...p://bbs.kafan.cn/thread-491981-1-1.html&hl=en



    Go Twister, go!!! :argh: :thumb:
     
  3. jlo

    jlo Registered Member

    Joined:
    Nov 29, 2004
    Posts:
    475
    Location:
    UK
    Sorry to raise an old thread but a question.

    If running a file in Sandboxie (Malware file) will proactive defense of Twister work and detect?

    I only ask as at the moment I have A sqaured antimalware and the hips part does not work when running a file in sandboxie?

    Cheers

    Jlo
     
  4. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    Good question... Maybe someone who is still running Twister and Sandboxie could make a test about it. I honestly think i never did such a test or if i did, i don't remember. Unfortunately i run Win 7 x64 now and Twister is not compatible. I am afraid that most Twistees have also migrated to other antiviruses or 64bit.

    Anyway, chances that Sandboxie is breached are very low. So i wouldn't worry much about it.
     
  5. jlo

    jlo Registered Member

    Joined:
    Nov 29, 2004
    Posts:
    475
    Location:
    UK
    Thanks.

    It was more for testing the proactive defense to be honest. Run some malware in sandboxie and see if twister detects.

    I may give it a run at some point.

    Cheers

    Jlo
     
  6. jlo

    jlo Registered Member

    Joined:
    Nov 29, 2004
    Posts:
    475
    Location:
    UK
    One thing I like on FDS (Hips detections) is you can do an online scan with the file. On quite a few 0 day malware when it checks on line it confirms its a trojan etc. Anyone know how it does this. Its a really useful feature?



    Cheers

    Jlo
     
  7. Tony

    Tony Registered Member

    Joined:
    Feb 9, 2003
    Posts:
    725
    Location:
    Cumbria, England
    Does anyone have any news on the upcoming version 8 release of Twister?
    I beleive the new version was due for the end of the year.
    Maybe they meant the end of the Chinese new year :p

    The Twistee forum has been down for a while now as well.
     
  8. quanzi_1507

    quanzi_1507 Registered Member

    Joined:
    Feb 18, 2009
    Posts:
    320
    According to kafan forum the V8 beta will be available in February ;)

    Here are some "teaser" screenshots (just 2 of them since other skins look awful IMO) :cautious:
     

    Attached Files:

  9. icr

    icr Registered Member

    Joined:
    Sep 6, 2008
    Posts:
    1,589
    Location:
    UK
    Will it be available in English language.?
     
  10. Tony

    Tony Registered Member

    Joined:
    Feb 9, 2003
    Posts:
    725
    Location:
    Cumbria, England
    Thanks for the info quanzi_1507 :thumb:

    icr, they have for years always produced an english version as well as a chinese with both their firewall and antivirus so i can see no reason for this to change in the future, especially not now that they are part of VB100% tests.
     
  11. quanzi_1507

    quanzi_1507 Registered Member

    Joined:
    Feb 18, 2009
    Posts:
    320
    I'm not sure about the BETA (Rising AV had an English version for beta testing, so maybe Twister will have one, too), but as Tony's said the final version will be available in English.
     
  12. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    Thanks, i like the new GUI. Have you read by any chance any information as to when the x64 version will come?
     
  13. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,587
    Thought id try twister again today ,unfortunatley on this vista 32 laptop i get a bsod whenever i try a quick scan as reported by some other users.The only software that may conflict that im using is ZA pro ,appguard or admuncher.In fact without even performing a scan and clicking appguard tray icon caused a bsod.Minidump says one of the bsods was caused by appguard,however the other two blamed microsoft windows system files.Ive no doubt that twister is the root cause of all bsods,as i havent experienced any bsods until i installed twister a few hours ago.
    ellison
     
  14. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    Bright Chu, He solves all your woes, Perhaps someone will be nice enough to PM Ellison his email.
     
  15. Brocke

    Brocke Registered Member

    Joined:
    Mar 16, 2008
    Posts:
    2,306
    Location:
    USA,IA
    why is it when i download something for example i was downloading Windows 2000 pro SP4 it got to 96% and twister killed the file because it said it was supisous or something. whats the deal, twister flags safe DL's ?

    has anyone ran into this issue?


    Brock
     
  16. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    "Suspicious" means it's not signature detection and Twister doesn't have http scanner. So i will repeat this:

    https://www.wilderssecurity.com/showpost.php?p=1595498&postcount=12
     
  17. Brocke

    Brocke Registered Member

    Joined:
    Mar 16, 2008
    Posts:
    2,306
    Location:
    USA,IA
  18. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    If you 're on default, then i don't know how this is possible to occur, since Twister has no HTTP scanner and "suspicious" can't be triggered by the signature scanner, but only by the behaviour blocker, registry protector or advanced options (those not reccommended). And since the file wasn't trying to run, the behaviour blocker and registry protector can't have been triggered either.

    Unfortunately i 've lost Mr Chu's email when i moved to Win7. If you 're not bored to register, you may ask Ftfans in Twistee.org forum, he has the chinese Twister forum too.

    The alert was yellow, right? Then it's not signature.
     
  19. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    Or "something"? What EXACTLY did the flag say?

    "For example" -- Is that the ONLY example or do you have a smaller D/L where this occurred? (I will try a smaller D/L to see if I can replicate the issue. But I do not want to mess with something as big as Win 2000Pro SP4.)

    By the way -- may I assume that you were downloading SP4 from Microsoft (MS)? If so, I always suspend my HIPS (Malware Defender) during MS updates because MS does a good bit of internal checking in Windows while downloading/installing patches etc, & those types of internal checking actions (authentication, applicability, etc) will always generate a lot of HIPS pop-ups. I mention this fact because Twister's behavior blocker IS a *specialized* HIPS.
     
    Last edited: Dec 26, 2009
  20. Brocke

    Brocke Registered Member

    Joined:
    Mar 16, 2008
    Posts:
    2,306
    Location:
    USA,IA

    is there a log that is created? because the program log doesnt show anything on it.

    as for the alart i cant remember what it said it doesnt stay up long.
     
  21. Brocke

    Brocke Registered Member

    Joined:
    Mar 16, 2008
    Posts:
    2,306
    Location:
    USA,IA
    the FDDSlog says this


    maybe that will help but its doubful .
     
  22. Brocke

    Brocke Registered Member

    Joined:
    Mar 16, 2008
    Posts:
    2,306
    Location:
    USA,IA
    What are the extened definition?
     
  23. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    @ Brock --- No other examples? No answer to my question as to whether the download was from Microsoft? Oh well (sigh) :blink:
    ~~~~~~~~~~~~~~~~~~

    The FDDlog makes me think that the hit came from Twister's behavior-blocker-HIPS.

    As I noted, Microsoft downloads cause my HIPS to issue multiple warnings of suspicious behavior. It seems the same is true for Twister's HIPS.

    Ergo, I suspend my HIPS during download/installs of Windows patches/updates. You might want to do the same.

    P.S. As a matter of choice, I no longer get Win updates from MS. Here's an alternative.

    P.P.S. I also image my system disk before installing large updates/patches to Windows. "Safety first," I always say.
    ~~~~~~~~~~~~~~~~~
    Maybe yes, maybe no. Microsoft does lots of stuff behind the scenes when you are downloading/installing one of their updates/patches, & using IE (as they require). That's why I usually get my Win stuff from HERE, & I do NOT use IE.
     
    Last edited: Dec 26, 2009
  24. Brocke

    Brocke Registered Member

    Joined:
    Mar 16, 2008
    Posts:
    2,306
    Location:
    USA,IA
    yes the download what from microsoft.com, i wasnt updating my computer, while i am running windows 7, the update/SP4 was for a friend of mine that need it.

    is there a way that you can view the alart again? because it came up fast and left right away before i could even read it. they program log file didnt say anything about the alart at all.

    i find it odd that it wouldnt log the alart other than what was in the FFDS logs, but that wasnt much help either.

    you right the HIPs is 'attacking' it but the question is way, its just an update. Odd o_O

    Thank you for you help tho :thumb: :)
     
  25. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    The "Trusted" option is on the top bar or in Extended options. Also your IE may have a toolbar or some spyware on it that "TAV" is detecting, If someone from the West adds a toolbar they sometimes get overlooked because the product is in china.

    Just "Trust" IE and you should be fine. If i were you i would probably re-download my IE incase its infected.

    ~

    See Top bar and the bar to the right hand side. Trust and Extended options. This are the ones you want.

    " http://i38.tinypic.com/2vmwxf9.gif "
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.