G Data AntiVirus 2014 review

G Data AntiVirus 2014 has a new look, and it's good at keeping malware out of a clean system. However, in testing it did a poor job of cleaning up existing malware infestations, and its over-enthusiastic cleanup rendered two test systems unbootable.
Photo of G Data AntiVirus 2014

Even though not all of us can distinguish red from green, the vast majority of antivirus programs include an icon or banner that stays green when all is well but turns red when a problem arises. With its new user interface, G Data AntiVirus 2014 ($29.95, direct) marches to a different drummer. The top stripe remains red regardless of security status and turns gray when another window becomes active.

The new user interface doesn’t leave you clueless as to system status. Three big green checkmark icons let you know that security status is fine, your license is still valid, and your antivirus definitions are up to date. If there’s any problem the icon will turn red or yellow, depending on the severity. It took some getting used to, but I kind of like the look. I was less impressed with some of the current security features, though.

Some Collateral Damage
G Data installed without incident on most of my twelve malware-infested test systems. Malware interfered with activation or with updates on a few systems. A full scan solved those problems, and I scanned again after an update. The G Data Boot Medium rescue CD salvaged one system on which ransomware rendered the desktop inaccessible.

On more than half of the systems, the scan was interrupted by a request to reboot for thorough cleaning of active malware. After this reboot, the scan picked up where it left off. On a few systems this reboot request was repeated two, three, or even four times, but eventually they all finished the full scan.

That’s where the problems began. The antivirus quarantined an essential Windows file on two systems, disabling my ability to boot into Windows. I booted the rescue CD and gathered logs for tech support to peruse. Doing so was quite a challenge, as I had to use a Linux terminal with a German keyboard layout. I typed “szstem32″ all too many times and had to learn new locations for important command-line characters like dash, slash, and asterisk.

On advice from tech support, I tried booting Windows with the “Last Known Good” option; that sorted out one damaged system. As for the other, I had to use that Linux terminal again to restore non-infected versions of the problem files. I do wonder how Joe User would have managed when confronted with this level of hands-on repair.

Disappointing Malware Removal
G Data did a good job of restoring virus-infected files to health, but it wasn’t nearly as good at detecting other sorts of malware and removing their traces. It detected 58 percent of the malware samples, the lowest detection rate among products tested with my current collection of samples. Ad-Aware Free Antivirus+ 10.5 has the best detection rate in this group, 83 percent.

Looking at the larger group of products tested with my previous collection, only one had a detection rate lower than G Data’s 58 percent. Malwarebytes Anti-Malware 1.70, Norton AntiVirus (2013), and Kaspersky Anti-Virus (2013) all detected 89 percent of the samples in this set.

Detection rate is just one part of the overall malware removal score. A product also needs to thoroughly clean up the malware it detects. G Data left behind executable files for quite a few found threats, a few of them actually running. Its score of 4.3 points is the lowest among products tested with my current malware collection.

Just a handful of products tested with my previous collection scored below 4.3 points. Malwarebytes has the best score in this group, 7.1 points. Norton, Webroot SecureAnywhere Antivirus 2013, and Comodo Internet Security Complete 2013 tied for second place, with 6.6 points.

The article How We Test Malware Removal explains the intricacies of my malware removal test.

G Data AntiVirus 2014 malware removal chart

Much Better Blocking
In past tests, G Data has always scored better at keeping out new malware infestations than at rooting out existing trouble, and this latest edition is no exception. It quarantined 83 percent of my samples within minutes after I opened their folder, and whacked several more when I tried to launch them. With a detection rate of 92 percent and an overall malware blocking score of 9.2 points, G Data has the next-best score among products tested with the same set of samples, beaten only by Ad-Aware’s 94 percent and 9.4 points.

Looking at products tested with the previous malware collection, Webroot earned a near-perfect 9.9 points. SecureIT (2013) and BullGuard Antivirus 2013 weren’t far behind, with 9.7 and 9.6 points respectively.

G Data’s Web-based protection kicked in when I tried to re-download that same set of samples. It blocked 61 percent of the still-valid downloads at the URL level and eliminated another 17 percent during the download process, for a total of 78 percent. That’s better than some, but Ad-Aware managed 92 percent.

Please see the article How We Test Malware Blocking for a full explanation of my malware blocking test.

G Data AntiVirus 2014 malware blocking chart

Behavior Blocking
In addition to identifying malware by signatures, G Data also includes a behavior-based detection component. This component flagged a number of malware elements in my testing. It also flagged several of my own handmade test utilities, with good reason. A program that remote-controls Internet Explorer to launch dozens of malware-hosting URLs or hundreds of phishing URLs really merits suspicion, especially when it’s never been seen on any other computer.

Quite often a behavior-based detection system will flag perfectly valid programs for behaviors that are also used by malware. A program that installs a service, for example, may trigger a warning, or even one that merely adds itself to the startup sequence. I check for this kind of heavy-handed blocking by installing a collection of old PCMag utilities that perform such actions. G Data correctly refrained from blocking any of these. Its behavior blocker truly does seem to trigger only on behavior that’s truly suspicious.

Good Lab Results
G Data’s antivirus technology gets generally good results in tests by independent antivirus labs. ICSA Labs certifies it for malware detection, and it achieved VB100 certification in all but one of recent tests by Virus Bulletin.

AV-Comparatives puts antivirus products through a variety of tests. In one test of on-demand malware detection, G Data rated ADVANCED. In another that simulates zero-day protection by forcing products to use old definitions, it managed ADVANCED+, the highest rating. G Data also rated ADVANCED+ in this lab’s grueling real-world dynamic protection test.

AV-Test rates antivirus products on protection, performance, and overall usability, assigning up to six points in each area. G Data earned 15.5 points, well above the 10 points required for certification. For more about the independent labs and their tests, see How We Interpret Antivirus Lab Tests

G Data AntiVirus 2014 lab tests chart

Bonus Features
The last time I tested G Data’s ability to protect against phishing, it turned in a stellar performance, with a better detection rate than antiphishing champ Norton. This time around, it seemed at first that the feature wasn’t working at all. I ran round after round of testing without ever seeing it block any fraudulent sites.

Then, suddenly, it started blocking just about every verifiable phishing site, staying pretty much on par with Norton. My G Data contacts confirmed that there had been a problem. “Due to server configurations in the run-up to the US-release of our Generation 2014 products a synchronizing problem occurred. This problem is fixed and will not emerge again.” I discarded earlier results and kept testing until I had a sufficiently large sample, over 100 verified frauds.

Even so, I’m not sure the antiphishing system was working at full capacity. G Data came in 34 percentage points behind Norton and 12 points behind Internet Explorer 8′s built-in SmartScreen Filter. For a full explanation of how I test phishing protection, please read the article How We Test Antiphishing.

G Data AntiVirus 2014 antiphishing chart

If you’ve got a lot of programs launching at Windows startup, you may have to wait a while before you can actually start using the computer. G Data’s Autostart Manager lets you take charge of those startup programs. When you put a program under G Data’s control, it’s initially set to start two minutes after Windows boots. A pull down menu lets you set the delay anywhere from one to ten minutes, or disable the program’s launch altogether.

There’s also an option called “Automatic,” which, I assume, means G Data will wait until the system seems idle before launching the program. I had to guess what it does, because clicking the Help button brought up an error page in the online help system. Indeed, the help system seems to be tailored to an earlier version of the antivirus.

Good, Not Great
Although AV-Comparatives gives good marks to G Data’s malware cleanup, it made a poor showing in my own tests. It exhibited a low detection rate and earned a low score; it also rendered two test systems unbootable, requiring an arduous series of steps for recovery. It did perform much better in my malware blocking test. If you’ve got a system that’s brand-new or otherwise guaranteed malware-free, G Data could work.

PCMag’s Editors Choice products for antivirus protection are Bitdefender Antivirus Plus 2013, Norton AntiVirus (2013), and Webroot SecureAnywhere Antivirus 2013. They cost slightly more than G Data, but they do a better job.

For that matter, if cost is an issue, you could try a free solution. Ad-Aware Free Antivirus+ 10.5 and AVG Anti-Virus FREE 2013 have both earned our Editors’ Choice award for free antivirus.

Specifications
Tech Support Free 24/7 phone and email support.
OS Compatibility Windows Vista, Windows XP, Windows 7, Windows 8
Type Personal

Verdict
G Data AntiVirus 2014 has a new look, and it's good at keeping malware out of a clean system. However, in testing it did a poor job of cleaning up existing malware infestations, and its over-enthusiastic cleanup rendered two test systems unbootable.
Published under license from Ziff Davis, Inc., New York, All rights reserved.
Copyright © 2012 Ziff Davis, Inc