The motto of German security company G Data is “Trust in German Sicherheit” (security). That probably goes over better in Europe than in the US, but there’s no question that G Data has a history of providing security for decades. G Data Internet Security includes all the features you’d expect in a suite—antivirus, firewall, parental controls, spam filtering, and more. That said, the quality of the components spans quite a range, from very good to very poor, and the poor ones haven’t improved since my last review almost two years ago.
Just under $80 is a common price for a three-license security suite subscription—Bitdefender, Kaspersky, and Trend Micro Internet Security match that price. That same money gets you five licenses for G Data. You can also pay $64.95 per year for three G Data licenses; it’s less expensive than many competitors.
This product’s main window features the familiar bold G Data color scheme, with a red banner holding a row of icons at top. As with the standalone antivirus, there are icons for Security Center, Virus Protection, and Autostart Manager. The suite adds icons for Firewall, Backup, and Parental Control.
Shared With Antivirus
The antivirus protection in this suite is precisely what you get in G Data Antivirus. I’ll summarize my findings here. For more detail, you can read my review of the antivirus.
Lab Test Results Chart
Malware Protection Results Chart
Phishing Protection Results Chart
Two of the four antivirus labs I follow include G Data in their tests and reports. In the real-world attack simulation tests by SE Labs, G Data took AA certification, the second-highest of five possible levels. That’s good, but a half-dozen other products managed AAA certification.
G Data didn’t do quite as well in the three-part testing performed by AV-Test Institute. It earned the maximum six points for protection against malware, and six more for few false positives, but poor performance dropped its score to four in that category. A total of 16 points isn’t so good; only PC Pitstop and Malwarebytes scored lower in the latest report. Nine products managed 17.5 or 18 points, enough to earn the title Top Product.
The very best products earn top marks from all four labs, and my aggregate lab score algorithm reflects this. Tested by all four, Avast Internet Security achieved 9.9 of 10 possible points, with Kaspersky second at 9.7. Only three of the labs tested Bitdefender Internet Security this time around, but perfect scores in those three tests took it to 10 points.
By default, G Data scans in the background, when the computer is idle. I usually advise a full scan of the whole computer just after installing antivirus protection, but you’ll want to set aside a goodly chunk of time to do that with G Data. Its full scan took more than three times the current average of 45 minutes.
In my hands-on malware protection test, G Data detected 97 percent of the samples and earned 9.5 of 10 possible points. Only Webroot, which scored a perfect 10, has done better against the current sample set.
While testing the suite, I was surprised to find that G Data’s DeepRay component identified a valid instance of the Microsoft Malicious Software Removal Tool as the WannaCry ransomware. My contacts at G Data agreed that it shouldn’t have done that.
G Data didn’t do as well in my malicious URL blocking test, which uses a feed of URLs recently observed by researchers at MRG-Effitas. It diverted the browser from 67 percent of the dangerous URLs, and quarantined the malware downloads for another 23 percent. That total of 90 percent protection sounds good, but over a dozen products have done better. Notably, Norton and Bitdefender got to 99 percent, and McAfee came close with 97 percent.
G Data uses the same combination of real-time analysis and cloud-blacklist lookup to help users avoid phishing sites, fraudulent websites that try to steal login credentials. It did better this time than in my previous test, but it still just detected 79 percent of the verified frauds. In their latest tests, McAfee Internet Security and Kaspersky reached 100 percent, and another six products scored 97 percent or better.
Other Shared Features
Exploit protection is usually associated with firewalls, but G Data offers it in the standalone antivirus. When I tested it using 30-odd real exploits, it detected and blocked 68 percent of them, which is better than most. Note, though, that Symantec Norton Security Deluxe blocked 85 percent, and Kaspersky 82 percent.
Not everyone needs a local spam filter, but for those that do, G Data makes this feature available in the standalone antivirus. It filters POP3 and IMAP email, tagging spam and suspected spam by modifying the subject line. For Outlook users, it diverts spam to a junk folder; those using a different email client must create a spam-sorting rule. G Data uses numerous filters to distinguish spam from valid mail, but most users should leave these at their default settings, except to whitelist known safe correspondents.
My hands-on testing confirmed that G Data’s keylogger protection works. A sample keylogger captured keystrokes in Notepad (which isn’t protected) but caught nothing when I typed in the browser.
The ransomware protection component didn’t fare as well in testing. To simulate a brand-new ransomware attack that slips past other protective layers, I turned off all layers except for Anti-Ransomware. G Data only caught half of the in-the-wild samples I hit it with, and one of those managed to encrypt my files anyway.
Like the SafePay feature in Bitdefender and Safe Money in Kaspersky Internet Security, BankGuard protects your browsers from man-in-the-middle attacks and other data-stealing attacks. Unlike the other two, it does so invisibly. The AutoStart manager lets you reversibly disable programs from launching at startup, or set them to launch after a delay. Once again, all these bonus features appear both in this suite and in the standalone antivirus.
See How We Test Security Software
The firewall that’s built into modern versions of Windows does a fine job of blocking simple attacks from outside and putting the system’s ports in stealth mode. A security suite that replaces Windows Firewall must handle those tasks at least as well, and G Data hits that mark. It fended off all the port scans and Web-based attacks I used, and it stealthed all the ports.
On the firewall’s simple settings page, a large slider lets you choose from five preset security levels: Maximum, High, Standard, Low, and Disabled. There are three other pages with more detailed settings, but G Data deliberately keeps these unavailable, changing them automatically as you change security levels. If you’re a true firewall expert, you can choose custom settings and thereby gain access to those pages. If not, just leave the firewall set to its default Standard level.
In most suites, the firewall also keeps track of how programs are using your network connection. Advanced firewall systems like Norton’s automatically define permissions for millions of known programs and carefully monitor any unknown programs, suppressing any that show signs of misusing the network. You’ll also find old-school firewalls that unwisely rely on the user to decide how to handle unknown programs. Confronted with a deluge of popups, most users just blindly click Allow.
Like Bitdefender’s, G Data’s firewall runs by default in autopilot mode, meaning you won’t see any queries. It’s not clear that it does anything more than blocking unsolicited incoming connections in this mode, though. To see the program control component in action, I turned off autopilot. By default, the program will temporarily turn autopilot back on if it detects you’re launching a full-screen application, which is smart.
For a simple test, I tried launching a program that wouldn’t be known to G Data, a small browser I coded myself. G Data popped up a screenful of information including the port, protocol, and IP address involved, and gave me four choices: allow access once, allow it always, block access once, or block always.
Unfortunately, it also popped up for some Windows internal components, and for programs that surely should have been known and trusted, such as Chrome and Firefox. And it popped up repeatedly for the same program with different port and protocol details.
In addition, firewall popups appear for all user accounts, not just Administrators. A child playing games could disable access for your browser, or some essential Windows component. If that happens, open the Application Radar window from the main firewall page and unblock the application.
Firewall protection that can be turned off by malicious code isn’t much protection, so I always check some possible weak spots. I couldn’t disable G Data by tweaking the Registry, though it didn’t protect its Registry data against change the way Bitdefender, McAfee, and others do. It also protected all eight of its processes against termination by Task Manager; I just got an “Access denied” message.
Unfortunately, G Data’s essential Windows services remain vulnerable to a simple attack that could be carried out by a malware coder. I set the Startup Type for each of five services to Disabled and then rebooted the computer. On reboot, the services remained disabled, and G Data didn’t start; the attack on its services effectively killed its protection. I mentioned this in my previous review; alas, there’s been no progress.
This personal firewall component handles the basic tasks of protecting against outside attack and preventing programs from misusing your Internet connection, but that’s about all. And most competing products harden their Windows services against tampering more thoroughly than G Data does.
Cloud Storage Backup
To get started with G Data’s backup system, click the main Backup icon and click New task (found near the top right corner of the window that appears). You get a popup explaining that with this product you get cloud backup only, and that additional features such as local backups and backup to optical media require an upgrade to G Data Total Security.
As with most cloud backup systems, you create a backup job by defining what to back up, where to back it up, when to do the job, and how to do it. The first step, what to back up, uses a somewhat confusing file and folder tree. The problem here is redundancy. Suppose you start by checking the tree item with your username, thereby selecting all your user data for backup. If you now disable the Libraries item below, you’ll find your documents, music, and so forth are no longer backed up. I strongly recommend that you review your choices thoroughly before proceeding, to make sure you’ve caught everything.
The next step is target selection, but your only target choice is cloud backup. When I tried to continue at this point, the program admonished me, “Cloud has been selected as target, but no login has been entered.” Clicking the cloud icon brought up a menu that let me choose Dropbox or Google Drive. Kaspersky Total Security also offers to store backups on Dropbox, but this is just one of its many options. With Kaspersky, you can also back up your files to any local, removable, or network drive.
Rather than rely on remembering to run the backup job from time to time, you can schedule a full backup to run daily, weekly, or monthly. On a separate schedule you can run a partial backup that only saves changed data, which takes a lot less time. For example, you might schedule a full backup monthly and a partial backup every day.
The Options page lists dozens of settings relating to your backup, but for most users only a few are relevant. To save space, you may choose to exclude certain files, such as temporary files, or the thumbs.db files that Windows creates in picture folders. And if you’re short on cloud storage space, you can crank up the compression setting.
That’s it; you’re done creating a backup job. Well, almost. I found that G Data demanded a Windows user account and password, allowing it to run backups regardless of which user is logged in. You can create as many jobs as you like, perhaps putting your most important files on a daily schedule, or backing up both to Dropbox and Google Drive.
Restoring backed-up files is a snap. Choose the backup set from a list, choose to restore all files or just some of them, and choose whether to restore to the original location or a new location. By default, restored files always overwrite existing files in the destination. However, you can choose to only overwrite if the two files have different size or last-modified times, or only if the backed-up copy is more recent.
Not all security suites require that you use third-party cloud storage for backup. Norton and Webroot SecureAnywhere Internet Security Plus come with 25GB of hosted online storage for your backups, for example. G Data does the job, but it could make the configuration process much simpler for users.
Porous Parental Control
This suite’s parental control system handles content filtering and time scheduling for Internet or computer use, but that’s all. You won’t find any advanced features, and the components it does include don’t work well.
The content filter can block websites matching five categories: drugs, hackers, violence, extremist, and porn. G Data can’t filter HTTPS sites, but it offers an option to simply block all sites using HTTPS. That’s a bit ridiculous. Yes, it would prevent access to secure anonymizing proxies, but it would also block any site that sensibly uses a secure connection, including Google, PCMag, and Wikipedia.
Parents can create new categories, but really, parents aren’t going to do that. Looking at the category-creation dialog, you can see that G Data detects content categories simply by looking for keywords in the URL, the header, the metadata, or the page text. That simple-minded analysis makes for poor filtering, as you’ll see below.
Parents can limit time on the computer, the Internet, or both. When enabled, the default in each case is 1.5 hours per day, 10.5 hours per week, and 45 hours per month. You can also define a weekly schedule, in one-hour increments, for when the child can use the Internet, or the computer. This feature uses a handy grid that makes it easy to set allowed and blocked times.
When I put G Data’s time scheduler to the test, I found that it foolishly relies on the system clock. Resetting the clock to an allowed time defeats it. If you’ve given your older child an Administrator account, the scheduler is powerless. Admittedly, I couldn’t find a similar way to defeat the daily cap.
The keyword-based content filter is both too lax and too strict. Photo-based naughty sites with no banned words in the URL or page text flew right past the filter, while perfectly innocent sites got the boot. For example, it blocks any Blogspot blog because the filter found “pot” in the URL. For a further test, I set it to block the made-up word “cma” and found that it did indeed block PCMag.com. I also found that it blocked some sites without displaying the standard warning, and logged some sites as blocked when it did no blocking. It’s useless.
You’d think the Hackers category would block secure anonymizing proxy websites, but it doesn’t. By connecting to one, I completely eluded the filter. You can be sure your teenager will figure out this hack.
G Data does report which websites it blocked for each user, along with a date/time stamp and explanation. The explanation helped me confirm that, for example the app did indeed block a blogspot.com page due to the embedded word pot. However, as noted, G Data logged some pages as blocked when they weren’t blocked at all.
This is just not a useful system. All it does is control screen time and filter websites based on content. A smart kid can get around the time scheduler, and the content filter both misses inappropriate sites and blocks innocent ones. If you need parental control in your security suite, look elsewhere. Check Point licenses the parental control component in ZoneAlarm Extreme Security from the well-known Net Nanny. Kaspersky Total comes with the excellent Kaspersky Safe Kids. And the parental control component in Norton does vastly more than G Data’s.
I should point out that the parental control system is wholly unchanged and unimproved since my last review, nearly two years ago. I’d like to see some progress.
If icons by the dozens have taken over your desktop, you might not notice a new one titled G Data Shredder. This is a secure deletion utility, for use when you want to delete a file beyond the possibility of forensic recovery. File encryption utilities often come with a shredder, so you can thoroughly wipe out the plain-text originals of your encrypted files.
Simply deleting a file sends it to the Recycle Bin, where it’s easily recovered. You can bypass the Recycle Bin, but that still leaves the file’s data on disk, just marked as space that can be reused. Overwriting a file’s data before deletion is enough to defeat simple software-based file recovery. Recovery experts use hardware systems to peel back the layers and find previously stored data, but those techniques run into the limitations of physics at about seven overwrites. Why G Data lets you choose up to 99 overwrites I do not know. Three should be plenty for normal use, and you never need more than seven.
Once you’ve configured the shredder, you drag files and folders onto its icon for secure deletion. You’ll also find a Shred choice on the right-click menu.
No Performance Impact
If users feel that their security utility is putting a drag on performance, even if that feeling isn’t justified, they’re likely to turn it off. Few modern suites have any significant performance impact, but I still put them to the test. I average multiple runs of my test scripts before installing the suite and compare those with the average after suite installation. One script times the boot process, another measures how long it takes to move and copy a variety of files between drives, and a third times a script that zips and unzips that same file collection repeatedly.
It’s common for these scripts to run a little slower with the suite installed, slower by anywhere from a few percent to 20 or 30 percent. In a few cases, I find next to no impact. With G Data, all three tests came in noticeably faster after installation. That result was peculiar enough that I completely uninstalled the suite and ran another round of baseline testing. Even compared to this second baseline, G Data’s results were all faster. My chart doesn’t account for a negative performance impact, so I recorded G Data’s results as zeroes—the best possible result!
Webroot, Bitdefender, and adaware antivirus total also came in with no measurable effect on performance. Indeed, in a few cases these three seemed to have speeded things up, just not to the extent G Data did. I can’t entirely explain it, but I’d say you should have no worries about G Data slowing your system performance.
Component Quality Varies
G Data Internet Security includes all the components you expect in a security suite and even offers a backup system. The antivirus performed well in testing, though its ransomware-specific protection layer missed quite a bit. The parental control system is both limited and ineffective, and the basic firewall could be disabled by a determined hacker. You’re better off with a suite in which all the components do their jobs well. And, given that almost none of the problems reported in our previous review have been fixed, perhaps you’re also better off with a company that’s more proactive.
For the purpose of defining Editors’ Choice products, we distinguish basic suites like G Data, feature-packed mega-suites, and cross-platform multi-device suites. In the basic suites arena, Bitdefender Internet Security and Kaspersky Internet Security are our Editors’ Choice products. Both cost more than G Data, but they also offer much better security.
Note: These sub-ratings contribute to a product’s overall star rating, as do other factors, including ease of use in real-world testing, bonus features, and overall integration of features.