Twister Antivirus

Discussion in 'other anti-virus software' started by wildvirus88, May 10, 2008.

Thread Status:
Not open for further replies.
  1. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    Hi, i thought to try this. Yes, it can be used on demand and with no running processes in the background. You install Twister, untick "run at Windows startup" in options. The right click scan still remains or you can launch it manually. If you launch it manually though, the realtime scanner kicks in. Right click on systray, "Disable real time monitor" and exit.

    That's it.
     
  2. cryon

    cryon Registered Member

    Joined:
    Apr 7, 2006
    Posts:
    45
    Thanks, Fuzzfas. Appreciate the answer.
     
  3. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,339
    Location:
    Hawaii
    In the words of Mr Spock: "It is not logical." That is, since you want to use Twister On-demand only, what does it matter as to how light or heavy it is when running as a real-time monitor?

    In any event, Twister's "power" appears to stem largely from its three-module approach in real-time monitoring: 1-antivirus scanner PLUS 2-behavior blocker PLUS 3-registry guard. If Twister were used on-demand ONLY, I am unsure as to whether or not Twister's three-module approach would even be fully activated & applicable.

    Further, Twister's overall detection has never been fully tested against a large, broad-scope, contemporarily representative data bed of nasties, inclusive of determining how well it deals with polymorphics, metamorphics, et alia. Neither has it been tested for zero-day (pro-active) effectiveness.

    One of Twister's China-based competitors (Rising AV) has been tested. For example HERE. Rising has been shown to be 2nd tier, at most. As to whether or not Twister out-performs such a major rival as Rising is untested and unproven.
     
  4. cryon

    cryon Registered Member

    Joined:
    Apr 7, 2006
    Posts:
    45
    Thanks, bellgamin. Appreciate the answer. Am still new. Still have a long way to go.
     
  5. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,339
    Location:
    Hawaii
    Me 2. The journey is lots of fun.

    As to AV, you are well protected with KAV. If you want an on-demand back-up AV, there are lots of good choices with proven track records. One of these that you might consider is Antivir-Free.
     
  6. tbay2athome

    tbay2athome Registered Member

    Joined:
    May 24, 2008
    Posts:
    38
  7. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    Thanks. I should be happy, but i can't understand why he put WinPatrol in an AV contest. It was useless. Plus, i think that he used the free version that will flag something with much delay... I think that Twister flagged some registry changes in those tests, WinPatrol plus, should see some of them too.

    In any case, for what value such test may have, fine with me. To tell the trush, i am not amazed of the 10 out 10, since Twister is by far the most trigger-happy AV i have used. Today i was updating my DVD with programs and Twister had 4 false positives or "suspicious" files. It actually makes the PC-life interesting. It's so boring never seeing malware some times that even some false positives are good and keep you alert. :D
     
  8. tbay2athome

    tbay2athome Registered Member

    Joined:
    May 24, 2008
    Posts:
    38
    I've removed Twister and gone with AntiVir Premium for the next two years. Twister needs some fine tuning. Its detections seem good but at the cost of many FPs. I think it uses a shotgun type of approach and produces a fair number of alerts that someone who is not computer savvy will simply be overwhelmed by.
    Between my two systems when I do complete aggressive scans, Twister finds 28 FPs and Antivir Premium only one.
    Twister also aggressively intervenes in the creation of Temp files and folders so you have to turn it off if you want to install something or do Windows Updates unless you want to click through a myriad of permission requests.
    Also when I want to download a file using Firefox I get a prompt from Twister because the downloaded file goes into a Temp folder created by Firefox. If I grant permission the file downloads no problem but then in extended options Firefox gets placed in the trusted/ignore list. That's not where you would want a browser in my opinion. If on the other hand I deny on the prompt, Twister quarantines the Firefox executable and Firefox doesn't work at all until you take it out of quarantine.
    In my opinion Twister is promising but not quite ready for prime time yet.
     
  9. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    True, plenty of false positives. Right now i am sending them the new Abiword executable by mail, flagged as trojan. The previous version was flagged too, but they fixed it.

    Fortunately with Opera it doesn't do any strange behaviour and i don't mind much about false positives. But it does slow down defragmentation with Auslogics (i have to disable the real time scanner).

    Antivir is more ironed out, so you should be fine. What i like about Twister is that it's lighter than most out there.
     
  10. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,570
    I use twister and firefox but dont get any prompts when downloading a file through it? unless its "malicious".Maybe settings in options are different for us?
    ellison
     
  11. Az7

    Az7 Registered Member

    Joined:
    Sep 14, 2005
    Posts:
    139
    Is this useful ? :-
    Az.PNG

    Source : Here..
     
  12. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    It's 1 year old, yet...

    Wow, ClamWin beating TrendMicro, Norton, Avast and Bit Defender Free! :rolleyes:

    Well, Twister is almost on par with Norton, so for what i paid, i shouldn't be complaining. :D

    Also from what i understand, this was an on-demand scan only, so Twister's Registry protection and FDD System were made practically useless.

    Fine with me! :argh:
     
  13. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,339
    Location:
    Hawaii
    Inasmuch as ClamWin uses Clam AV's database, that means Clamwin is pretty good at detecting the kinds of malware that affect Unix-based servers, such as malware that infects email. Perhaps that might explain Clamwin's ranking. Even so, I agree that it seems odd for ClamWin to surpass the likes of BD, Avast, snortin' Norton & TM.

    Compared with Twister+FDD+RegistryProtection, I think you would have much better protection using (e.g.) a first tier AV+Threatfire (with Kees' advanced rules set for registry protection).
     
  14. dan_maran

    dan_maran Registered Member

    Joined:
    Aug 30, 2004
    Posts:
    1,053
    Location:
    98031

    If it were 2007.....
    Things change so fast now, yesterdays evaluations are not good enough!
     
  15. solarpowered candle

    solarpowered candle Registered Member

    Joined:
    Jan 9, 2003
    Posts:
    1,181
    Location:
    new zealand
    regarding that above report from malware-test it further says "Note: This report is for reference only. Nowadays antivirus softwares have provided total protection for malware, but antivirus test organizations still use old test methodologies to evaluate them, they cannot reflect antivirus softwares' capabilities, so we will use other test methodologies to evaluate antivirus softwares in the future.


    I looking forewards to the next release of Twister to see if and what is changed after all the commments and suggestions here in this thread for the next version. I wouldnt be too hasty to not try this AV either. Its the lightest AV on the market . Currently there are a few false positives which is perfectly normal for an AV breaking into a western market . Its stood up to tests that are informal and come through with flying colours for those who have played around with it. There is an Issue that the Inspector raised which can be addressed in the next versions . They are in the cutting edge seat as china is now the emerging world superpower and govts and businesses are all trying to get a slice of the trade with them . I only see big things ahead for such a company.
     
    Last edited: Jun 20, 2008
  16. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    I agree. But i didn't buy Twister because it was the best. I bought it because it was the lightest. And it's also fun with the lifetime license. They propose you a sort of "bet" or "long term investment". Something like "help us now, financially and pubblicity-wise, so we can become better and make your trust in an emerging product pay later". And i like Twister enough to make the bet.

    My prime concern isn't the best av (or i would use my KAV license), but the lightest av. There are other products that can be used to lockdown everything if you want. The thing is, i haven't seen live malware executing without my will on my pc for a long time. So i don't care about "super duper AV". I trust Twister enough as an AV (more than i did with AVG Free 7.5 for example) and i can add other apps and still be secure.

    On the other hand... what if Twister ends up like the Kaspersky or Norton of China in a few years... Then my current lifetime license will be worth gold. :D Heck, even if Twister gets worse, i can keep it as on demand scanner. For now, unlike most western AVs, Twister can be used on demand, without having background processes running. So, i will have bought a lifetime license for an on-demand scanner. Not bad.
     
  17. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,339
    Location:
    Hawaii
    Makes sense 2 me, Fuzzy old bean. Although Filseclab never got their firewall beyond second tier status, perhaps they will have greater success with their AV.

    A few questions --

    Q1- Do you have Twister's FDD configured & *under control* to your saitisfaction?

    Q2- Do you consider that Twister's FDD displaces the need for running a full-time HIPS-with-gonads (such as Threatfire or Defemse+)?

    HINT: I'm somewhat likely to question your answer to Q2, no matter what that answer might be...

    >>If you answer "Yes" then I might respond:

    FDD offers no file protection. What about that?
    FDD offers no buffer overflow protection. What about that?

    >>If you answer "No" then I might respond that running FDD is an exercise in futility if you are also running a HIPS-with-gonads (such as Threatfire or Defemse+ or ProSecurity or SSM). Or will you say "FDD is an added layer. Why not?" In which case, I shall strive to list some nots. Chiao;)
     
  18. sach1000rt

    sach1000rt Registered Member

    Joined:
    May 29, 2007
    Posts:
    171
    Location:
    india
    i think one have choose AV depending on how that AV will protect user.rather than looking at the tests and checking how much it detected.
    what i meant is as a starter i started using AVIRA based on many tests in which it was very good.but as months passed many malware passed through,
    as i know little about how all this av stuff works i submitted the samples to them but many users will not do that they just want an AV to detect malware.

    and right now i have few more samples which were not detected by big guns like Avira, kasp, norton etc. but they are detrected by twister.so that means twister is working for me despite its results in the tests.and many non computer savvy users may think like that only,they just want an AV to detect malware.
    This is just my opinion.
     
  19. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    I sure hope so. :D

    I didn't change anything in FDD options (security set to medium and behaviour to "block first and then ask me"). I thought initially to set it to "High", but i have had many "suspicious" alerts from ligitimate applications, that i think it would become paranoid in high... The only thing i 've changed from default options in general, is tick "Monitor Reg Run Key" and "Registry Prot hi-detect suspicious".

    No. I don't think it's so advanced yet. Just think that Threatfire in 3, even flags Emule as malware, because it tries too many connections at once. Threatfire is "specialized" in behaviour blocking and Defence+ in "classical HIPS" and as usual with specialization, i think they do their job better than a "generic" product.


    Yes, if you run one of the two above, you could say that FDD is futile. But there are some considerations here.

    1) Personally i have no idea of what's the behaviour algorithm of Threatfire and FDD and how this translates to behaviour rules. Meaning, how do i know that Threatfire will suspect all the types of malicious behaviour that FDD does? I can't see the rules in TF or FDD...

    2) For traditional HIPS (such as D+,SSM, ProSec), the discussion is even wider. One could say that you don't need the antivirus at all, since you have execution control in the first place. You could just use an AV on demand before executing something, just in case. Yet, there are some fellas, that run for example OA or Comodo + TF.

    3) At the end, the way i see it, even if you consider FDD as useless when ran along TF or classical HIPS, the point is, "what do you have to lose"? I mean, it's so light that who cares! :D Where can you find an AV that can run realtime scanner + FDD + Reg Protection with only 1 running process? (i have disabled the Filseclab Messenger). Look at this... WinPatrol Plus (which people think of it as superlight, little application), is eating more CPU Time (3rd column) than Twister:

    sec.png


    At the end of the day, it all comes down to what your user risk level is. I don't get infected for years, so i don't sweat about Buffer Overflow or File Protection. Usually i just hop from one security app to another. Right now i have 2 "fixed" apps, Twister and WinPatrol, even if the latter is prolly reduntant with most setups. Now i use Returnil. Next week i may get bored and use Threatfire instead and next week Comodo (where WinPatrol will be practically useless, but WinPatrol is also somewhat a system utility application). No matter the setup, Twister and WinPatrol will stay, because i paid for them and because they are light (which is a big reason of why i decided to pay for them in the first place).

    For a period i was running without AV at all, just HIPS or TF+Returnil and nothing happened. I tell you, i even like Twister's false positives! :eek: :D It's so boring having all these security apps and never having the chance to see them in real action. :argh:
     
    Last edited: Jun 21, 2008
  20. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,339
    Location:
    Hawaii
    The march of time passed WinPatrol by several moons ago. It is a sentimental favorite from days of yore but, as of now, is grossly outmoded.

    As for Twister -- ram usage is of little interest when most of us have 1 gig or more of it. Besides -- Twister often uses up to 40 megs of the stuff -- just let Process Explorer run while you use your computer a bit & you will see. In any event, as you no doubt know, it's cpu usage that primarily affects an app's drag on one's system.

    If you monitor cpu usage, there are at least 2 1st tier AVs that are equally as light as Twister but I do not want to throw this into an A versus B thread so I won't mention their names (which are DrWeb & Avira, but you didn't read that here.)
     
  21. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    Yep. But it's a once time fee and you can use it as startup, service modifier, controller of file types etc, which is why i said it's somekind of system utility. I don't expect it to stop anything but some spyware maybe. At the end, with the Dad's day discount, it was something like 12 euros i think (these days buying stuff priced in US dollars has become quite advantegous for the euro-zone), which is more than acceptable and a gesture of gratitude if you will, to a developer that has worked for years against spyware.


    I agree. I am more interested in CPU usage myself.

    Avira is maybe lighter (by little), but i had stability problems the last time i tried it. I have never tried Dr. Web but i know its reputation.

    The problem with both is, they don't give lifetime license. Honestly, paying an AV every year, for my habbits, is wasted money. Last time i did pay, i didn't use half of my time license, because of KAV's iSwift leftover ADS streams. I have been perfectly malware-free for years with Avast Home or AVG Free. I just don't get infected anymore. So why should i pay for Avira or Dr. Web? I have more faith in Returnil than any of the two. I happened to encounter Twister, i liked it and thought that it was worth the price instead of using Avast Home.

    It's really up to the user. Do you have malware dropping every week in your PC? Then you need Avira or KAV and all the HIPS, locks, chains and bulldogs you can find. You don't encounter malware? Then paying for security is wasted money. Or in my case, you buy once a Twister license and adjust the rest of your defence to complement it.

    You don't need to have the BEST AV in order to stay secure or worse, PAY for it. I have friends that run KAV and still get infected, because they simply click on everything they find. They could run KAV and Avira both resident (if it was possible) and would STILL get infected.
     
  22. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,570
    If i could compare an av to a firewall ,then twister would be the avs version of kerio 2.15 imo.Yes it doesnt have the bells and whistles or the detection of some of the bigboys but it works fine.I gave up on antivir ,kaspersky and nod to( mention a few)quite a while ago because although they are excellent in the detection dept ,i always had other issues with them which were unacceptable such as high cpu usage modules that failed to start ,and general sluggishness of my pc even though i now have a pretty much good spec machine.Of course many other users had no such problems.The only av im interested in now is avast (which i used before twister) and twister.Both relatively light and issue free for me.If avast can make its version 5 (or is it 4.9?) as good as 4.8 then ill be checking that one too.As for twister ,at the current price it was an opportunity too good to miss imo.
    ellison
     
  23. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,683
    How so?
    I still fine WinPatrol very useful.
     
  24. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,516
    Location:
    Paris
    WinPatrol, for what it does, is fantastic. It never really was any sort of HIPS or any other sort of antimalware monitor, so time really hasn't passed it by.

    But as a utility that lets you know that a program added itself as a startup service or default app for a filetype it's without parallel in my opinion. It's certainly saved me quite a bit of work over the years.
     
  25. Kyle1420

    Kyle1420 Registered Member

    Joined:
    May 27, 2008
    Posts:
    490
    Please modify my post if something within this does not comply with forums rules.



    This is the thread I have running on comodo's forums;
    http://forums.comodo.com/anti_virus...rity_products/twister_antivirus-t23382.0.html

    At 9:30pm 24th of June (Australian Time) I ran a test of malware samples I had collected,
    Twisted scored 98.13%.
    Nod32 scored 96.02%.


    3 and a half hours after I submitted the samples online to twister,

    Twister = 99.27% (I didn't count 27 objects because the ZIP files are counted as a scanned object)
     

    Attached Files:

Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.