Discussion in 'other anti-virus software' started by wildvirus88, May 10, 2008.
Oh yeah! Didn't notice, thanks !
@Zetelo & @smith2006
If you keep comparing antivirus programs, you could get this thread closed.
I didn't ask any questions related to '' What Is the Best Antivirus?'' , I just put my personal opinion into this thread.
But I will take your advice into consideration, I'm not going to compare anything
I wonder how A2 + Twister would perform? NOT A COMPARISON ISSUE BUT A QUESTION OF CURIOSITY!
Does anyone have A2 antimalware 3.5 Real Time + Twister so that some RAM usage can be posted?
Also, how is Twister with respect to power management. I noticed that Rising wouldn't allow my HDs to go to sleep.
Probably not. You might try asking your question in THIS thread -- there are more A2 users than there are users of Twister.
In my reply, I was just stating the fact that product X runs on 2 engines & I didn't go on to discuss A or B is good.
No every post that involves A & B is comparing.
May be you want to read my reply again? Thanks.
I was merely quoting, didn't see even the other topic. Sorry if I made anyone paranoid or, worse, adnoid.
i submit many malware samples yesterday nigth twister
it response now.
it is very fast response. thanx twister.
Bellgamin, I think it is not necessary here to mention that a minority of western users are using Twister AV. The link to the thread explains it all.
I don't have a2 installed on my PC but I can tell you is that Twister is performing great on my PC. Scanning is a bit slow if you are using the high sensitive option but generally I can't feel any lags during bootup or surfing through the net. Adding a2 won't be much of a problem imo.
a2+twister = very good combination
i use it and i feel protected
Unfortunately there always seems to be this saying that rings true.
"You get what you pay for."
Take that how you will but it still always seems to come up correct.
@ Zetelo and guest, I'm going to give Twister a try.
@ Fajo, I hope the results are good!
It's better than good -- it is truly an excellent combo (includes a-2 antimalware + Ikarus AV on demand + Mamutu behavior blocker + Twister AV + filseclab's FDD)!
Thats not entiely true. With lets say avast! Home Edition you get far far more than you payed for (since you haven't payed anything).
Avast is okay except that its fanboyz seem to feel obliged to go around adding off-topic Avast plugs to threads about competing AV programs.
I haven't seen much evidence of that ,however i have a licence for twister but at present prefer avast free due to twisters false positives and lack of http scanner.That said i do believe that twister will get better.
I hope that Twister does NOT add an http scanner. The value of such scanners is questionable at best. Plus they can really slow down browsing. Please read discussions HITHER, THITHER, & YON.
Actually, http scanners do not protect well against browser-based exploits such as XSS, drive-bys, cross-linking, etc, which do not directly & immediately impact the file system. Protection while browsing is best obtained via use of such as NoScript, as well as Sandbox apps (e.g., Sandboxie, Defense Wall, etc).
In sum, http scanners (blacklist-based) are more of a marketing device than a meaningful adjunct to security while surfing.
Collections of uninformed opinions do not magically transform into reality - not even when they're repeated over and over numerous times.
Is it your goal to contribute to this discussion in any meaningful way, or are you simply out to insult all the posters as being "uninformed" simply because you disagree with them?
The threads I linked contain BOTH viewpoints, pro & con, concerning web scanners. I provided them in order for the reader to have facts whereupon to base his own conclusions. Further, those threads are not "uninformed opinions," but instead include posts by several security mavens -- writing on both sides of the issue.
It wasn't meant as an insult. It was meant as a statement.
As far as I can observe, the few posters with their usernames in yellow appear to advocate web scanners. The remainder, on the other hand, appear to offer nothing more than anecdotal evidence that often don't concern the functions of webscanners, sarcastic rejoinders, or at worst flamebait.
Perhaps you can point out who are those knowledgeable security mavens (other than the yellow username posters, who seem to be more or less in agreement), and why are their opinions so valuable.
I second that! Dear Filseclab, please keep Twister LIGHT! Say NO to bloatware!
Dear Saberfox. The "yellow" posters are actually developers of antivirus , that , surprisingly, have HTTP scanners. So, would you expect them to say that they aren't needed?
To make myself more clear. HTTP scanner DOES add some more security because as explained by Vlk, there can be an exploit, that can be parsed from the browser, theoretically, in an unpatched system. In this case the real time scanner will intervene only after the execution.
But then, theoretically, it is even MUCH MORE probable that you will try to execute something infected locally, which your AV doesn't have the definitions! So, if you ask Melih, over to the Comodo forum, or Mike Nash in OA, it would be best if the antivirus had a classical HIPS module too. I mean, it IS much more probable to do that, than going to a site with a browser exploit that won't trigger the real time scanner and for which your browser-OS are unpatched, right?
And then, theoretically, if you go to Sanboxie forum, the Sandboxie's developer, will most probably say that a more perfect defence should have a virtualization module, because what if the AV definitions fail and what if you reply incorrectly to the HIPS popup? A sandbox will take care of that.
So, to be honest, the perfect AV should have sandbox + HIPS + HTTP scanner. With the last one being the less probable to save you.
OR, you can leave Twister alone, with just real time scanner and FDD and enjoy your full browsing speed and use 3rd party programs to be safe.
People, from time to time, should make a clean installation of Windows and then browse with just Windows Firewall on. Then they will (maybe) feel the difference with their gazillion applications that all filter the same thing.
Right now, i have my firewall filtering my internet traffic (not to mention the router's built-in firewall). Threatfire also wants to do that. Double slowdown. I don't want Twister to be the 3rd application trying to filter! Let the internet connection breathe freely!
One of the main advantages of Twister , that made several people buy it apart the price, was it being LIGHT. A BLOATED Twister would be worthing nothing.
Reminds me of when people were ditching Avira Free for not having email scanner.
Dear Filseclab, keep Twister LIGHT!
You might consider trying harder to meet that goal.
In any event, if you want to contribute in a meaningful way to any of the several threads on web scanners, I hope you will do so. Perhaps you might elaborate upon their value (or lack of it) in protecting against browser-based exploits such as XSS etc. I repeat my previous stated view, that NoScript & Sandboxes offer better protection against browser-based exploits as well as file-threat vectors.
For a relatively smaller-staffed outfit such as filseclab, IMO there are a number of higher priorities than providing a web scanner -- such as improving their FDD and their emulator, to mention just two. (Those two components already are quite good but, as they are vital parts of Twister's detection apparatus for zero-day et al, they can & should be improved before fiddling around with lesser aspects of security.)
This is a no brainer. Even the HTTP scanner, must rely on the AV definitions-Heuristics to detect something before the real scanner. So it is OBVIOUS, that in deed, you are much safer with NoScript and a Sandbox, because they will block or render harmless the exploit regardless of AV definitions. The HTTP Scanner is in deed the weakest solution of ALL.
Heck, you are safer even with a good classical HIPS. Sooner or later the exploit will need to execute something locally or write to a folder, which in case of and will be caught.
So it would make more sense to put sandbox or classical HIPS into Twister rather than HTTP scanner. ( Theoretically speaking, please don't do it Filseclab! ).
Or perhaps it's the other way round. The experts saw the need for a HTTP scanner, and then decided their product should have it. I am rather much inclined to trust the experts like Stefan and vlk who have built their reputation and experience in the field, rather than the smart alecky nameless Joes who try to dismiss them with a conspicuous lack of arguments of substance.
I thought you were just claiming that we shouldn't trust vendors who have vested interests in their own products.
Until you provide some sort of evidence or statistics to this, it remains your personal opinion. Not that it has much relevance to the discussion at hand.
Again, you're going on a tangent. We're talking about HTTP scanners, not sandboxes or HIPS or whatnot. If you want to blame vendors for not implementing these features in their products, start your own thread.
You base this argument on the unproven supposition that Twister will become bloated if it should ever have a web scanner. It's perfectly possible and likely that Twister will remain light even with one: just ask NOD32 and avast!. Your words sound good and pleasing on paper, because it's based on stock-standard rhetoric, but unfortunately they do not hold up to closer scrutiny.
I think I've done quite well. You're welcome to disagree, though, by providing the list of knowledgeable smart mavens that I've mistakenly labeled as uninformed, as I've requested earlier.
As I've mentioned, Stefan and vlk have explained this quite well. A HTTP scanner extends the detection capabilities of an antivirus beyond the file system, to another rather important domain as well - to incoming HTTP data streams, before they hit the browser and deliver their payload. Unless an antivirus implements some mechanism to detect malware that execute in memory BEFORE touching the hard disk, those antivirus software are useless against those threats even if they have the signatures to detect them, because the malware are activated in a region of the computer that the antivirus cannot touch. It's like placing the security guard behind - instead of between - the door and the intruder.
As for XSS, they're simply another class of exploit. If an antivirus with a HTTP scanner has the detection signatures for them, they'll be blocked like any other malware.
That may or may not be so, but that's not the point. The point of a HTTP scanner is to allow the antivirus do what it's supposed to do - catch malware BEFORE they activate. If an antivirus does not have such a mechanism, then their including detection signatures in their databases is essentially WASTED. If you want to discuss the effectiveness of HTTP scanners in comparison to other tools to defend against specific threats, on the other hand, that's another matter altogether.
Separate names with a comma.