Twister's result on SSUpdater's "Do it yourself" test!

discussions about Twister Anti-TrojanVirus
Post Reply
Twister Watcher
Posts: 3
Joined: Mon Jan 19, 2009 11:25 pm

Twister's result on SSUpdater's "Do it yourself" test!

Post by Twister Watcher » Mon Jan 19, 2009 11:53 pm

Hi to everyone!

I tested Twister and Avira using legendary SSUpdater's "Do it yourself" 500 malware test. Here are results:

Twister - Scanned: 618 files; Infected: 514; Left after removal: 6; Score: 98.8%
Avira - Scanned: 639 files; Infected: 541; Left after removal: 11 files; Score: 97.8%

Congratulations to Filseclab!

After that I run System Shutdown Simulator test - sss.exe (standard test on Matousec Firewall Challenge testing) with purpose to check self-defense capabilities. Here are results:

Twister - FAILED: Twister was closed and the test software droped Eicar test file.
Avira - SUCCESS: Avira remain active and picked up Eicar test file.

Conclusion: Twister has great detection capabilities but needs some improvement in the self-defense.

Thanks.

ftfans
Site Admin
Posts: 112
Joined: Sun Jan 18, 2009 12:18 am

Re: Twister's result on SSUpdater's "Do it yourself" test!

Post by ftfans » Tue Jan 20, 2009 1:09 am

Twister Watcher wrote:Hi to everyone!

I tested Twister and Avira using legendary SSUpdater's "Do it yourself" 500 malware test. Here are results:

Twister - Scanned: 618 files; Infected: 514; Left after removal: 6; Score: 98.8%
Avira - Scanned: 639 files; Infected: 541; Left after removal: 11 files; Score: 97.8%

Congratulations to Filseclab!
Thank you for your test. I guess next time you can attach the screenshots in your post.
Twister Watcher wrote:After that I run System Shutdown Simulator test - sss.exe (standard test on Matousec Firewall Challenge testing) with purpose to check self-defense capabilities. Here are results:

Twister - FAILED: Twister was closed and the test software droped Eicar test file.
Avira - SUCCESS: Avira remain active and picked up Eicar test file.

Conclusion: Twister has great detection capabilities but needs some improvement in the self-defense.

Thanks.
Yes, Twister Anti-Virus needs to prove self-defense, I use Eqsecure( a HIPS) to do so.
By the way, can you give me the link of downloading this file (System Shutdown Simulator test - sss.exe)?

Thanks you.
I am not officer from Filseclab, LOL

Twister Watcher
Posts: 3
Joined: Mon Jan 19, 2009 11:25 pm

Re: Twister's result on SSUpdater's "Do it yourself" test!

Post by Twister Watcher » Tue Jan 20, 2009 2:48 am

Hi ftfans. You made great place for all Tweestes. Best wishes.

This is the URL of the Shutdown System Simulator developer's homepage (I guess you know him, he is a member on Wilder's)
http://zeroday-software.110mb.com/

I attached two images: "Twister in action" and "Left files"

Just to add that I send the left files to Filseclab as a malware samples but after 24 hours still not received a response (-1 for tehnicians in Filseclab :o ).

Kind regards.
Attachments
Left files.jpg
Left files.jpg (33 KiB) Viewed 18256 times
Twister in action.jpg
Twister in action.jpg (109.11 KiB) Viewed 18252 times

ftfans
Site Admin
Posts: 112
Joined: Sun Jan 18, 2009 12:18 am

Re: Twister's result on SSUpdater's "Do it yourself" test!

Post by ftfans » Tue Jan 20, 2009 3:39 am

Twister Watcher wrote:Hi ftfans. You made great place for all Tweestes. Best wishes.
No problem.
Twister Watcher wrote:This is the URL of the Shutdown System Simulator developer's homepage (I guess you know him, he is a member on Wilder's)
http://zeroday-software.110mb.com/

I attached two images: "Twister in action" and "Left files"
Thank you, it is now more convictive
Twister Watcher wrote:Just to add that I send the left files to Filseclab as a malware samples but after 24 hours still not received a response (-1 for tehnicians in Filseclab :o ).
1. Filseclab recieves too many virus-sample emails, it may takes a very long time for them to handle your email.
2. The best way is using the reporting fuctional part on Twister Anti-TrojanVirus. May be the name of this menu item is "online report", or you can using "online scan system". I do not have english version Twister Anti-TrojanVirus here, so I am not so sure about the detail.
I am not officer from Filseclab, LOL

Fuzzfas
Posts: 58
Joined: Sun Jan 18, 2009 10:40 am

Re: Twister's result on SSUpdater's "Do it yourself" test!

Post by Fuzzfas » Tue Jan 20, 2009 12:03 pm

Twister Watcher wrote:Hi to everyone!

I tested Twister and Avira using legendary SSUpdater's "Do it yourself" 500 malware test. Here are results:

Twister - Scanned: 618 files; Infected: 514; Left after removal: 6; Score: 98.8%
Avira - Scanned: 639 files; Infected: 541; Left after removal: 11 files; Score: 97.8%

Congratulations to Filseclab!

After that I run System Shutdown Simulator test - sss.exe (standard test on Matousec Firewall Challenge testing) with purpose to check self-defense capabilities. Here are results:

Twister - FAILED: Twister was closed and the test software droped Eicar test file.
Avira - SUCCESS: Avira remain active and picked up Eicar test file.

Conclusion: Twister has great detection capabilities but needs some improvement in the self-defense.

Thanks.
Thank you for your input. It's very interesting. Thankfully i run Comodo's firewall, that should protect me from the shutdown exploit. Filseclab should look into this.
I attached two images: "Twister in action" and "Left files"

Just to add that I send the left files to Filseclab as a malware samples but after 24 hours still not received a response (-1 for tehnicians in Filseclab ).
Hmm... I have noticed too that the official mail is slower to process virus samples than the built-in uploader. When i have bigger than 2MB samples, i sent them to a hotmail address of Mr. Bright Chu. This way they get processed faster. :D

About the "left files". Have you tried "Power Removal"? It's under "Tools" and it's supposed to be there for removal of persistent malware.

Twister Watcher
Posts: 3
Joined: Mon Jan 19, 2009 11:25 pm

Re: Twister's result on SSUpdater's "Do it yourself" test!

Post by Twister Watcher » Tue Jan 20, 2009 3:21 pm

"Left files" are files that are missed by Twister during on-demand scanning. Although the Twister missed six files the result Twister achieved is exceptional. Twister has achieved better result than Avira, Kaspersky, NOD32, Avast, Norton etc ... According to information from others who are out this test only GDATA achieved better result.

Fuzzfas
Posts: 58
Joined: Sun Jan 18, 2009 10:40 am

Re: Twister's result on SSUpdater's "Do it yourself" test!

Post by Fuzzfas » Tue Jan 20, 2009 5:34 pm

Twister Watcher wrote:"Left files" are files that are missed by Twister during on-demand scanning. Although the Twister missed six files the result Twister achieved is exceptional. Twister has achieved better result than Avira, Kaspersky, NOD32, Avast, Norton etc ... According to information from others who are out this test only GDATA achieved better result.
I see. I thought they were files that couldn't delete. Thank you for the explanation. Yes, it is a very good result in deed. Of course in each test, there are many variables. For example i am pretty sure Twister has more quick response time and better detection on the malware that circulates in China, while russian AVs are better with the most common malware that circulates in Russia and so on. Anyway, there are repeated unofficial and official tests now, that show that Twister is keeping steadily at a respected level. And as i see it, with the new version it can only get better. And that's the most important.

Personally i was pleasantly surprised with the results you brought us, because they were on demand only. And it is common knowledge among Twistees, that Twister, relies on a good part of detection on the behaviour analysis system (FDDS), which couldn't help in this test. So , i am very happy about the result.

Post Reply