According to the G Data company website, G Data developed the very first antivirus utility way back in 1985. Yes, the German company is better known in Europe than here in the US. Yes, others may point to a different product as the first antivirus. But there’s no question that G Data has a long and admirable history. While G Data Antivirus is the company’s entry-level product, it goes well beyond the basics of antivirus protection.
G Data’s price has gone down since my last review, from $39.95 to $29.95 per year for a single license. Cylance, BullGuard, and Emsisoft are about the same. You pay $39.95 per year (or thereabouts) for Bitdefender, ESET NOD32 Antivirus, Trend Micro, and Webroot, among others. That price gets you three G Data installations. In truth, you can order up precisely the number of G Data licenses you want, up to $99.95 for 10 licenses. If you opt for a multi-PC license, you create an account for the first installation, then log in to that account for the rest.
G Data’s main window hasn’t changed much in the last few yers. It still features a bold red banner across the top, with icons to select Security Center, Virus Protection, and Autostart Manager (more about the last one later). It’s not red for danger, or for stop—it’s just red. I still find it slightly jarring that the whole banner turns grey when a different program is active.
The rest of the main window displays the status of the product’s numerous protection features, in several groups. A green checkmark icon indicates that the feature is fully active. For a partially disabled component, the icon changes to a yellow exclamation point; a fully disabled feature gets a grey dash icon. Naturally, you want to see those green checkmarks throughout.
Mixed Lab Results
G Data participates in testing with two of the four independent testing labs that I follow. SE Labs is one of the two. This lab’s researchers capture real-world web-based malware attacks and use a replay system to challenge each antivirus with precisely the same attack. Products can earn certification at five levels: AAA, AA, A, B, and C. G Data took AA certification, which is decent. However, over 60 percent of the tested products, Kaspersky and Norton AntiVirus Plus among them, managed AAA certification.
Testers at AV-Test Institute look at antivirus products from three different perspectives, assigning up to six points for each of the criteria. G Data fell just slightly short in all three categories, earning 5.5 points each for protection, performance, and usability. Its overall score of 16.5 points (out of a possible 18) is near the bottom. Just a half-dozen products, among them PC Pitstop PC Matic and Malwarebytes, scored the same or lower.
In that same test, Bitdefender, Kaspersky Anti-Virus, and Norton scored a perfect 18 points. Another eight products earned 17.5 points. These antivirus utilities earned the company’s Top Product designation.
I use an algorithm that maps available lab results onto a scale from 0 to 10 and generates an aggregate result. I require results from at least two labs to generate an aggregate score; about half the products I follow have just one result, or none.
G Data’s two lab scores yield an aggregate of 9.1 points, which is in the bottom half, score-wise. Tested by all four labs, Avira Antivirus earned an aggregate score of 9.9 points, Norton managed 9.8, and Kaspersky took 9.7. SE Labs omitted Bitdefender from its latest test run, but based on the other three labs Bitdefender scored a perfect 10.
Effective Malware Protection
Your antivirus system has many oportunities to save your PC from a malware attack. It can block all access to the malware-hosting website, eliminate the threat on download, detect and delete known malware based on its signature, and even detect unknown malware based on behavior alone. G Data includes all these layers of protection. New since my last review is a new behavioral monitor dubbed Beast.
In addition to scanning files on access, G Data scans your computer any time it’s idle. Between real-time protection and idle-time scanning, there isn’t a screaming need for a full scan of your whole computer. If you want a full scan, you click the Idle Time Scan link on the main window and choose Check Computer.
Last time I tested G Data, the full scan took well over two hours, roughly three times the average at that time. This time around, at one hour five minutes, it almost precisely hit the current average. In addition, a repeat scan ran much faster, finishing in 14 minutes.
On the Virus Protection page, you can pick individual elements of the full scan, such as checking memory or checking for rootkits, and you can schedule hourly, daily, weekly, or monthly scans. As with Kaspersky, Panda Free Antivirus, and others, you can create a bootable antivirus disc to handle malware that interferes with booting Windows. Note that Bitdefender bypasses the need for a disc, allowing you to boot into an alternate operating system with total ease.
My malware protection test starts when I open the folder containing my current collection of malware samples. G Data started examining them right away. The process was slower than with many competing products, but clearly very thorough. In almost every case, it offered “Disinfect and copy to quarantine” as the default action. For a couple of PUPs (Potentially Unwanted Programs) it suggested simply blocking file access, but I told it to quarantine those as well. In every case, merely disinfecting the original failed, at which point G Data deleted the sample. By the time it finished, 98 percent of the samples were in quarantine.
To complete the test, I launched the few samples that survived G Data’s initial on-access examination. Having already ignored these, it didn’t react when I launched them. It scored 9.8 of 10 possible points overall. Only Webroot SecureAnywhere AntiVirus has done better against this sample collection, with 100 percent detection and a perfect 10 points.
I keep a second set of samples, hand-modified versions of the originals. To create each modified sample, I change the filename, add zeroes at the end to change the file size, and overwrite some non-executable bytes with nonsense. Skipping any for which G Data didn’t detect the originals, I found that G Data detected 84 percent of the same samples, even in their tweaked form.
I didn’t see G Data’s behavior monitoring kick in during these tests, because other protection layers beat it to the punch. In any case, behavior monitoring in some antivirus products bombards the user with dire warnings about good and bad programs alike. For a sanity check, I install about 20 old PCMag utilities, programs that tie into the operating system in ways that malware might also do. Even with the new Beast module active, G Data correctly left the PCMag utilities alone.
For another view of each product’s ability to protect against malware, I use a feed of current malware-hosting URLs supplied by MRG-Effitas, typically no more than a couple days old. I launch each URL in turn, discarding any that are defective and noting whether the antivirus blocks access to the URL, wipes out the malware download, or completely fails.
Shortly after you install the product, it offers to install web protection extensions for Chrome, Firefox, and Edge. Rather than bombard you with these installations all at once, it spaces them out, and lets you postpone them if you’re busy.
In testing, I observed that G Data replaced some dangerous URLs with a white screen containing a G Data shield icon and a description of the found malware. For others, it used a red warning screen that reported “infected code” without a specific malware name. My G Data contact explained that the first screen indicated that G Data’s signature-based detection identified the threat, while the second meant the URL matched G Data’s cloud database of dangerous URLs.
In almost every case, G Data handled the threat by blocking access to the URL. I only observed a few cases where it wiped out a malware file during download. One way or another, it fended off 99 percent of the malware downloads. That’s an impressive score, though McAfee, Sophos, and Vipre Antivirus Plus all blocked 100 percent in their latest tests.
Improved Phishing Protection
Coding a data-stealing Trojan and sneaking it onto victim PCs isn’t easy. Tricking users into handing you their passwords and other personal data (what we call phishing) is a lot less difficult. Phishing websites masquerade as financial sites, Web-based email services, even online gaming sites. If you enter your username and password on the fraudulent site, you’ve given the fraudsters full access to your bank account, your email, or that character whose stats you’ve been building for a year.
If the website looks just like PayPal but the URL is something goofy like idiotfriend.ru, at least some users will detect the fraud. But sometimes the URL is so close to the real thing that only those with sharp eyes will spot the phishing attack. Antivirus programs that have a Web protection component usually attempt to protect users against phishing as well, and G Data is no exception.
To test the efficacy of a product’s antiphishing component, I first scour the Web for the newest phishing URLs, making sure to include URLs that have been reported as fraudulent but that haven’t yet been analyzed and blacklisted. I launch each in turn in a browser protected by the product under test. I also launch each URL in Chrome, Firefox, and Edge, relying on the browser’s built-in phishing detection.
As with the malicious URL blocking test, I found that G Data sometimes displayed a white screen indicating that it detected phishing, and other times displayed a red warning based on the cloud database. Frequently the white detection page appeared, only to be replaced by the red warning. In each case, G Data displayed one or more popup warnings about the detected phishing URL.
G Data defended against 90 percent of the verified phishing URLs, quite a bit better than its 79 percent score when last tested. Even so, a dozen products have done better in their latest phishing tests. Kaspersky and Trend Micro top the list, both with perfect 100 percent scores.
See How We Test Security Software
Partial Ransomware Protection
If you click Real-time protection from G Data’s Security Center page, you’ll find four protective layers: virus monitor, Beast behavior monitor, Anti-Ransomware, and DeepRay (a machine-learning system). A brand-new ransomware attack that gets past all three other layers could wreak havoc on your files. Even if G Data’s experts come up with a defense a day or two later, your files are still gone. But does that ransomware protection work?
To simulate the effect of G Data’s ransomware protection against a brand-new ransomware attack, I turned off all protective layers except Anti-Ransomware and hit the test system with a dozen real-world ransomware samples. The system is designed to detect file-encrypting ransomware, so it’s no surprise that it didn’t block my one disk-encrypting ransomware sample, or the one screen-locker ransomware in my collection. Two other samples took no action at all, perhaps spooked by the presence of G Data. Still, that left eight active samples for testing.
The results weren’t great. G Data caught four samples, preventing them from doing their dirty deeds. It caught another two, but only after they encrypted dozens of files. The remaining two ran to completion, encrypting files and displaying their ransom notes. This ransomware detection component clearly does function, but you’re chances are fifty-fifty that it will block an attack missed by the other defensive layers.
I’ve encountered a couple of ransomware protection systems that fail when the ransomware launches at startup, before they can get their protective services in place. I took one of the samples G Data successfully detected and configured it to launch at startup. Good news! G Data successfully blocked the attack.
Fewer and fewer people need a local spam filter utility, as more and more get email through services that filter spam automatically, or through business email systems with server-side spam filtering. If you’re one of the few who need this feature, G Data has you covered. You get spam protection at the basic antivirus level; you don’t have to spring for a full security suite.
The spam filter analyzes incoming POP3 email and assigns a spam index to each message. At specific thresholds it deems messages to be suspected, likely, or highly likely to be spam. By default, it marks the first category with [Suspected spam] in the subject and marks the other two with [Spam]. For Outlook users, it moves all three types to the Antispam folder; those using other email clients must define a message rule to sift out the spam.
You can manually add addresses or domains to the whitelist (never blocked) or the blacklist (always blocked). You can also tweak the Bayesian learning system, and fiddle with other filters, but most users should just leave these settings as they’re initially configured.
Along with the expected antivirus features, G Data gives you several features that other companies might reserve for a security suite. I tested its exploit protection by hitting the test system with about 30 exploits generated by the CORE Impact penetration tool. It identified 55 percent of the exploits using the official CVE number, and picked up a few others using generic detection, for a total of 71 percent. That’s better than most. As in my previous tests, it reported the wrong CVE number for quite a few of the exploits, but to most users that identification just isn’t relevant.
Like Kaspersky’s Safe Money and Safepay in Bitdefender Antivirus Plus, G Data’s BankGuard feature aims to protect your financial transactions. Bitdefender runs SafePay in its own separate desktop, and Kaspersky identifies a protected browser by giving it a glowing green border. By contrast, BankGuard works invisibly to protect all your browsers. The only way to see it in action is to encounter a Trojan that both gets past the antivirus component and attempts a man-in-the-browser attack or other data-stealing technique. That’s not a test I’ve been able to accomplish.
The related keylogger protection feature was easier to test than BankGuard. I installed a popular free keylogger, typed some data into Notepad, typed into my browsers, and then typed in Notepad again. When I brought up the keylogger’s keystroke-capture report, it showed no keystrokes between the two uses of Notepad.
G Data has long featured the ability to manage the programs that launch automatically when your system boots. Its Autostart Manager can set any program to launch after a delay, which defaults to two minutes. You can adjust that time from one to 10 minutes, set the delayed app to never launch, or have G Data automatically launch it when the system’s startup activity has died down. This is a more fine-grained control than you get with the similar feature in Norton, and certainly more subtle than the simple on/off toggle offered by Windows itself.
A Mature Product
G Data has existed longer than most security companies, so it’s no surprise that G Data Antivirus is a mature product. It includes components specifically designed to protect against spam, exploits, keyloggers, banking Trojans, and ransomware. The software earned a great score in our hands-on malware protection test, and it took decent scores from the independent testing labs. It also did a good job of preventing malware downloads. However, while its phishing protection has improved, it lags many competitors, and its ransomware protection proved porous in testing.
Bitdefender Antivirus Plus and Kaspersky Anti-Virus consistently take top scores from the independent labs. Webroot SecureAnywhere Antivirus uses a detection system that can roll back malware activity, even some ransomware activity, and it’s the tiniest antivirus around. And a single license for McAfee AntiVirus Plus lets you install protection on every device in your household, whether it runs Windows, macOS, Android, or iOS. Out of the huge range of antivirus products, these four have earned the title Editors’ Choice.