G Data InternetSecurity 2014 - Dynamic test

We've put G Data InternetSecurity 2014 to test to see how does it behave in real life.

A short summary:
- 84.4% detection on a 22.140 malware set from the last 5 days
- 37 out of 40 infected websites blocked
- 0 out of 10 phishing websites detected

Full results and details here: http://www.faravirusi.com/2013/03/2...-test-in-dinamica-realizat-de-faravirusi-com/

Translated into english here: http://translate.google.ro/translat...-test-in-dinamica-realizat-de-faravirusi-com/

 

Very bad rendering on anti-phishing sites!

 

Any comparison with other AVs for this malware set?

 

I ran the suite on a w8x64 box.
With out-of-the-box settings G Data scored 190 points.
Setting the firewall to 'maximum security': 210 points.

 

I performed the test on a X86 machine with default settings for G Data.

 

A bit misleading calling it dynamic... may be dynamic for 40 malware? As the usual on-demand scan is run on the 22140 samples. Was the sample tested (not virustotal) to exclude broken or irrelevant files?

I don't see much difference in this test with youtubers or home-grown testing apart from been published on a website. On top the responsible seems also comodo forums moderator. This raises some potential conflict of interest.

No offense intended to the staff that spent time on this but I would take this with a bit of caution. I though this type of testing was discourage here at wilders. I guess its difficult to draw a line between acceptable and not acceptable tests.

 

The tester isn't comodo forums moderator. Where did you draw this conclusion?

 

Yes... sorry Comodo forum malware cleaner/helper, on top using Comodo suite leak/hips tool to test products. Not the best set-up for a neutral/indipendent testing

 

Gotta say these results are disappointing...As Blackcat asked, any comparisons with other AV's for this malware set? Maybe Bitdefender? I think that would be pretty relevant in comparison with G Data.

 

I dont understand how any of these Home grown or tests conducted by organizations are of any importance or bare any importance to real life usage

 

I have said this before, engine (B) in the new version does pretty much nothing in my own testing. You would have seen a higher rate of detection in your test if you had Avast! as engine (B) just due to signature files. I would guess G-Data changed it from Avast! so they did not have to pay for new technology licensing, its purely a financial decision. Loss of a little protection, gain of a lot of money.

 

This is exactly why I asked pykko if they had tested Bitdefender itself against the same sample set. It would be a good indication of what G Data may or may not have lost by dropping Avast in favor of Close Gap. One thing to consider though, is that any malware detection I've ever seen by G Data, was made by the Bitdefender engine, not Avast. Not a knock, just an observation.

 

I will try to perform the same scan with another scanner during this week-end.

 

Being a G-Data user for years the Avast! engine caught a few things for me and so did the BD engine. I can't see Bitdefender doing worse then what G-Data did on this test, it would not make sense and is probably the Bitdefender engine that detected all of the threats. CloseGap is a silly idea because it works on "Whats hot" in the threat world, but guess what. When you know what's hot and have coded a defense against it, its already defunct and there is a new thing. CloseGap updates like this, "Threat A" is prominent, the CloseGap people look at the threat and code a "Defense" against it, not a signature file a defense that plugs what ever hole the "Threat A" is abusing so no variant of "Threat A" can get through. Its kinda dumb though as the time it takes CloseGap to figure out and block "Threat A" it is already a new "Threat B" on the rise, and "Threat A's" defense is not null and void and thus removed from "Engine B" They will only keep active threat defenses for that moment and drop old ones to save resources. So CloseGap is kinda pointless in my opinion and i would rather a second signature engine.

 

@ pykko- Thank you, looking forward to your further test results..

@ Taliscicero- I can't see Bitdefender doing worse than G Data either. What I'm saying is that a BD/G Data comparison would show how BD, plus whatever modules it uses that G Data doesn't, does against G Data, with Close Gap, in a head to head test.
Also, maybe I'm misunderstanding how exactly Close Gap works, but it does appear to be signature based. This is a snippet from the G Data website--"G Data CloseGap technology breaks new ground and combines proactive and signature-based security technologies".

 

It says signature, but not what we think of as a signature. In my best knowledge of researching CloseGap, it is a signature in the way, it tells G-DATA (B) what vector of activity to block. if Java has a recent exploit, it downloads a signature to tell CloseGap to block the attack vector and not the file. Its signatures in that respect, but in reality its kinda a bad way to block threats as that is what patches are for which in this case Java would update.

 

Once again: how do you manage to run only engine b? Even if this is not the way G Data should be configured...

 

I cheated, I ran the full product and scanned new malware samples from my honeypot in a windows environment. I went for a while until there were 100 files not detected with Engine (A) Bitdefender "Native product and in G-Data". I then waited 6 hours and scanned the same 100 files again with the G-Data product where about 40% more were detected but by engine (A) Bitdefender. I got no detections by engine (B) CloseGap in the first test nor 6 hours later. I came to the conclusion that either CloseGap does nothing, or it does not contain signature files. On further research I'm lead to believe that Engine (B) CloseGap protects only a limited set of malware by blocking attack vectors like Java or Flash from exploits before patches come out. It then deleted its protection module / signature files once the patch comes out. I believe this is not such a great technology since Java/Flash update themselves pretty fast, and maybe CloseGap does not even have a chance to be effective in that short time between exploit and patch.

 

Your conclusions are wrong.

 

Please enlighten me then, I came to the conclusions in my own testing. If you know anything that I don't then please tell me. If you have done your own tests are are familiar with how CloseGap works and performs then feel free to enlighten the group. My own testing seem like some of the only testing done.

 

i would be interested in behaviour blocker results, in the past it was not so great i think.

 

now is excellent.

 

also against ransoms?

 

Yes,check yourself

 

no, i have an antimalware software, was only interested.