Page 1 of 1

Comment of Twister Anti-TrojanVirus on VB100%

Posted: Tue Aug 11, 2009 12:17 am
by ftfans
Filseclab Twister AntiTrojanVirus
Detection rate 91.45%

The somewhat oddly named Filseclab's somewhat oddly named Twister AntiTrojanVirus
makes its second appearance in the VB100, having impressed last time around with
its slick presentation and stable operation if not with its detection rates. This
time once again the install process was fast and smooth, although the UAC system
presented some serious warnings about unknown and untrusted publishers. The main
interface is clear and lucid, with a user-friendly and attractive design.

Once again the on-demand mode proved fast and stable, while the on-access mode
presented something which we would later fi nd to be a recurring issue in this
test: the inability to block access to infected fi les. Twister is designed
primarily as a behavioural and HIPS product, intended to monitor executing programs
for malicious behaviour, with the standard anti-virus-style fi le access hooking
added later than much of the product. In this case the on-access detection seems
only to log attempts to access fi les, doing nothing to prevent them from being
accessed. The logging proved reliable however, and speeds were decent in both modes,
although as the on-access module was not actually preventing access, the speed
measurement may not be strictly comparable with other products. Detection rates
were also fairly decent, at least in the less recent items in the standard sets,
although handling of polymorphic viruses was less than impressive. In the RAP sets
detection rates were somewhat below par but at least even and regular. The WildList
was not fully covered, with fairly minimal coverage of the Virut variant included
there, and in the clean sets a number of false positives turned up, denying Filseclab
a VB100 award this time, but still looking a promising prospect.