G data Internet Security Version 2017

Discussion in 'other anti-virus software' started by Ripcord, Dec 24, 2016.

  1. Ripcord

    Ripcord Registered Member

    Joined:
    Jun 18, 2011
    Posts:
    118
    Capture.PNG G Data released it's newest version 25.3.0.1 for 2017 w/ AntiRansomware blocks extortion Trojans
    • Cloud backup
      Automatically store your encrypted backups in the Cloud – using Dropbox or Google Drive.
     
    Last edited: Dec 24, 2016
  2. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,836
    Location:
    the Netherlands
    December 2, I tested G Data IS 25.3.0.1 with AntiRansomware module, using KnowBe4 RanSim Ransomware Simulator, version 1.0.2.1.
    G Data IS 25.3.0.1 with AntiRansomware module didn't test particularly well.

    Of the ten RanSim test scenarios, G Data IS 25.3.0.1 with AntiRansomware module stopped LockyVariant, Mover, StrongCryptorFast and ThorVariant.
    G Data IS 25.3.0.1 with AntiRansomware module did not stop InsideCryptor, Replacer, Streamer, StrongCryptor, StrongCryptorNet and WeakCryptor tests.

    Streamer is not very relevant, as that one puts encrypted data into a single archive file, but only deletes the original files, so those can be recovered using recovery software.
    However the fact that G Data IS 25.3.0.1 with AntiRansomware module did not stop InsideCryptor, Replacer, StrongCryptor, StrongCryptorNet and WeakCryptor tests, that's not good.
    So, please don't count on G Data alone to protect your files against ransomware.

    N.B.
    December 2, I tested G Data IS 25.3.0.1 with AntiRansomware, using RanSim version 1.0.2.1.
    By now, there is a new RanSim version 1.0.2.2.
    I haven't tested G Data 5.3.0.1 with AntiRansomware using the new RanSim version 1.0.2.2.
     
    Last edited: Dec 24, 2016
  3. Ripcord

    Ripcord Registered Member

    Joined:
    Jun 18, 2011
    Posts:
    118
    I doubt any security program will stop all ransomware that's why most on here run multiple programs. Like many on here have said the best defense is between the ears...thank you for your input. Merry Christmas.
     
  4. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,836
    Location:
    the Netherlands
    Of course, but I think that when a company is serious about offering an anti-ransomware module or application, it should stop most ransomware, not only four or five out of ten. Otherwise offering an anti-ransomware module or application could be regarded as offering a false sense of security.
    HitmanPro.Alert does a better job. It should stop nine out of ten RanSim version 1.0.2.2 test scenarios. (With Streamer as exception, for the reason mentioned in my previous post.)

    Thanks, Ripcord.
    Same to you and everyone.
     
  5. Spartan

    Spartan Registered Member

    Joined:
    Jun 21, 2016
    Posts:
    1,424
    Location:
    Dubai
    Last time I tried G Data it gave me many FPs......not touching it again personally
     
  6. Ripcord

    Ripcord Registered Member

    Joined:
    Jun 18, 2011
    Posts:
    118
    Over the yrs using G Data I've had one false positive and never been infected. I can't speak for there Ransomware detection never been hit but there Behavior Monitor /PUP detection is very good from my experience. IMO only.
     
    Last edited: Dec 24, 2016
  7. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,836
    Location:
    the Netherlands
    I don't recall G Data IS ever reported any real false positives, on my systems.
    But since 2014, G Data is insanely strict on PUP supported installers.
    With default settings, it stops downloading, accessing and/or execution of most PUP supported installers, and stored PUP supported installers may be quarantined.
    I only use a few PUP supported installers (FreeFileSync, ImgBurn, RIOT), but it is very annoying if G Data interferes with downloading, storage, accessing and/or execution.
    Therefore, in G Data's real-time protection, I disabled checking for PUPs.

    In 2014, I had a lot of mail contact with G Data. I mentioned several ways in which G Data could handle PUP supported installers a lot smarter. For a while, it looked like development was working on smarter ways to handle PUP supported installers. But in the end, nothing happened. Last time I checked (which was quite a while ago), G Data IS still reacted in the same insane way regarding PUP supported installers.
    Oh well, I'll keep checking for PUPs disabled, no biggie. But still, this is one annoying aspect of the G Data software, and I can't understand why development has done nothing to make G Data's handling of PUP supported installers smarter.
     
  8. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,131
    Location:
    Baden Germany
    @Stupendous Man :
    You are fighting for PUP supporting installers...
    I don't get it...:blink:

    I which more AVs would fight against PUPs, but they don't.
    Most likely out of fear for legal issues.
     
  9. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    Some PUPs are useful. I've got a number of PUPs on my system that I installed myself and want to keep.

    I don't have an issue with agressive PUP detection, as long as it is easy to ignore anything that you want to keep installed.
     
  10. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,131
    Location:
    Baden Germany
    Some PUPs may be useful, but PUP bundling installers are a pest.
     
  11. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,836
    Location:
    the Netherlands
    I never installed any PUPs and I never will.
    As many PUPs are unnecessary, unwanted, or worse, I do think PUPs are a pest.
    If I want any additional software, I'll go to the publisher's site and download it, I will never install any software if offered as PUP in a PUP supported installer.

    Nevertheless, a few wonderful software applications for Windows are only offered as PUP supported installers (think of FreeFileSync, ImgBurn and RIOT, that I mentioned).
    I want to be able to download, store, access and/or execute such indispensable installers. With executing, I will not install the PUPs of course, as mentioned above.

    I'm fine with any security software that stops installing any PUPs, in a smart way. That is, only preventing the PUPs from being installed, not blocking the installer altogether.

    In 2014, I suggested G Data development a few smart PUP blocking mechanisms:
    1. Only block the process of PUPs being installed, without detecting and blocking the complete PUP supported installer as malware.
    2. Integrate an element in the G Data software that can do something similar as Unchecky does.
    3. Offer an option in G Data settings, with the most aggressive detection and blocking as default, but with an option for advanced users to change blocking to warning only, so that PUP supported installers can be downloaded, stored, accessed and/or executed if the user chooses to.

    G Data development didn't pick up on any of those suggestions. G Data's only suggestion was to disable checking for PUPs altogether.
    I don't know if developing smart PUP blocking mechanisms was too hard for G Data development, or if they simply weren't interested in offering a smarter product.
     
    Last edited: Dec 25, 2016
  12. guest

    guest Guest

    I agree.
    Installers are bundling PUP's and the user should be able to run the installer but only the PUP should be blocked.
    But blocking the installer from being downloaded to hard disk would be "too strict" for me:
    If i want to install CCleaner, i want CCleaner and not a Google Toolbar (PF-Toolbar-2016.exe - 'Google Toolbar Installer') or a complete Browser ('Install Google Chrome as my default browser')
    Ok, some installers are deselecting it by default and it is optional so this is not a big problem.
    But some are confusing the user on purpose and if the user clicks on the wrong button it's game over.
     
  13. Ripcord

    Ripcord Registered Member

    Joined:
    Jun 18, 2011
    Posts:
    118
    For myself I like a av w/ strong PUP detection. I'm well pass my school yrs and don't have the kind of job or interest that I have to download certain types of programs that come bundled w/ PUPs...I guess for some folks there's a fine line for what works great or can be just a pain in the backside.
     
  14. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Yes correct, what I do like about GDATA, is that they at least try to offer pro active detection, they were one of the first with a safe banking feature, and they also have exploit protection, but it's less advanced than HMPA and MBAE.

    Didn't know about this testing tool, looks cool. Do you need to run it on a VM?
     
  15. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,836
    Location:
    the Netherlands
    You can just download RanSim and run it.
    It offers a harmless simulation of a ransomware infection. It doesn't use any of your own files. No need to run it in a VM.
    For details, see the RanSim documentation.
    As mentioned in the documentation, it is important to not turn off your anti-virus/ anti-malware/ anti-ransomware software at any point during the process. In order to have an accurate and meaningful ransomware simulation test, your anti-virus/ anti-malware/ anti-ransomware software must be configured and operating as it normally would.
    If you like to test certain components, for instance G Data's anti-ransomware module alone, you can turn off other anti-ransomware software, like for instance HMPA's CryptoGuard component. (Or vice versa.)
    Additionally, you could also test anti-ransomware software together, to see if they are compatible (for instance, G Data with anti-ransomware module plus HMPA with CryptoGuard component).
     
  16. Spartan

    Spartan Registered Member

    Joined:
    Jun 21, 2016
    Posts:
    1,424
    Location:
    Dubai
    I'm disappointed, NOD32 didn't detect anything in this ransomware simulator....
     
    Last edited by a moderator: Dec 26, 2016
  17. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    162,650
    Location:
    Texas
    Let's not take the thread off topic. The thread title is "G data Internet Security Version 2017".
     
  18. Spartan

    Spartan Registered Member

    Joined:
    Jun 21, 2016
    Posts:
    1,424
    Location:
    Dubai
    sorry
     
  19. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,836
    Location:
    the Netherlands
    As I didn't like the fact that I didn't test G Data IS 25.3.0.1 with the current RanSim version, I tested G Data IS 25.3.0.1 with AntiRansomware module, using the current KnowBe4 RanSim Ransomware Simulator version 1.0.2.2.

    N.B. For RanSim to run, I had to whitelist a few RanSim files in G Data settings.
    See RanSim documentation, FAQ, "My antivirus flagged RanSim.exe, Launcher.exe, or RanSimSetup.exe as malicious."

    This time, of the ten RanSim test scenarios, G Data IS 25.3.0.1 with AntiRansomware module stopped LockyVariant, Replacer, StrongCryptorFast and ThorVariant test scenarios.
    This time, G Data IS 25.3.0.1 with AntiRansomware module did not stop InsideCryptor, Mover, Streamer, StrongCryptor, StrongCryptorNet and WeakCryptor test scenarios.

    So, different from December 2, this time Data IS 25.3.0.1 with AntiRansomware module stopped Replacer,
    but this time it missed Mover, that it stopped on December 2.

    As I mentioned before, the fact that G Data IS 25.3.0.1 with AntiRansomware module did not stop Streamer is not very relevant, as that one puts encrypted data into a single archive file, but only deletes the original files, so those can be recovered using recovery software.
    But the fact that G Data IS 25.3.0.1 with AntiRansomware module did not stop InsideCryptor, Mover, StrongCryptor, StrongCryptorNet and WeakCryptor tests, that's still not good.
    As I mentioned before, please don't count on G Data alone to protect your files against ransomware.

    P.S.
    If any of you would like to discuss RanSim testing of any other security software,
    I started a new topic to discuss RanSim and RanSim test results,
    that is the RanSim Ransomware Simulator test and discussion thread.
    Enjoy. :)
     
    Last edited: Dec 26, 2016
  20. Ripcord

    Ripcord Registered Member

    Joined:
    Jun 18, 2011
    Posts:
    118
    Thank you Stupendous Man and all that had input into this thread,it's always a learning experience here at Wilders Security forum.
     
  21. NiteRanger

    NiteRanger Registered Member

    Joined:
    Nov 15, 2016
    Posts:
    651
    Location:
    Far East
    Hi

    I just installed the trial version of its Antivirus and during the installation it informed me of compatibility issue with HitmanPro Alert. I noticed that it also has the similar features with HMPA

    1) Antiransom component
    2) Exploit Component
    3) Keylogger and BankGuard

    So should I disabled the mentioned features and keep those of HMPA or vice versa?

    BTW, where's the PUP feature? Can't find it in the Antivirus.

    Few things good include hourly virus definition updates and ability to scan removable media

    Thanks
     
    Last edited: Dec 26, 2016
  22. NiteRanger

    NiteRanger Registered Member

    Joined:
    Nov 15, 2016
    Posts:
    651
    Location:
    Far East
    OK just tested G Data AV v25.3.0.1, RansomFree v2.1.1.0 and HMPA independently against RanSim 1.0.2.2

    8/10 - G Data failed both Streamer and InsideCryptor

    9/10 - HMPA failed Streamer only

    0/10 - RansomFree failed ALL!!
     
    Last edited: Dec 27, 2016
  23. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,836
    Location:
    the Netherlands
    I installed G Data first, and after that I installed HMPA. That way I got no warning of compatibility issues.
    I'm not sure if there are any real compatibility issues, or whether G Data simply scans for other security software and says there may be compatibility issues.

    I don't think I found any compatibility issues with G Data IS and HMPA.
    I use both, with nothing disabled.

    I don't think there's a need to disable any features.
    If you really do want to disable any features, I would rather disable G Data's anti-ransomware component, G Data's anti-exploit protection and G Data's keylogger protection, and not HMPA's.
    I don't know about G Data's BankGuard and HMPA's Safe Browsing.
    Anyway, as I said, I don't think there's a need to disable any features.

    You find it in G Data's settings under AntiVirus\ Real-time protection\ Advanced.
     
  24. NiteRanger

    NiteRanger Registered Member

    Joined:
    Nov 15, 2016
    Posts:
    651
    Location:
    Far East
    Hi thanks

    However, I had HMPA installed first then G Data afterward. G Data cannot install unless I disabled the exploits, cryptoguard, keylogger, BadUSB features of HMPA first.

    After G Data installation completes I disabled its exploit, BadUSB, keylogger and BankGuard features and enabled those of HMPA

    FI, it also detected Comodo's Internet Security Essentials as having compatibility issue during installation which I removed before installing G Data
     
  25. lyldz

    lyldz Registered Member

    Joined:
    Jun 4, 2016
    Posts:
    16
    Location:
    turkey
    any discount for new version? :)
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.