laurentio
15th October 2008, 11:05 PM
I had a call the other day from Infinite Business UK (0844 887 0000) as apparently they're the main G Data Antivirus Reseller in UK.
The guy on the phone was very polite and he kept trying to convince me that G Data Antivirus is the best Antivirus on the market at this moment. As I always prefer to check for myself I have requested a sample. They had no samples to sent out but he directed me to a free trial download link.
Have downloaded and installed it on 3 computers. Two Vista OS and the 3rd one is on Windows XP. All OS were freshly installed for testing purposes only; all connected to the internet, 1 wired and 2 wireless.
The results were bad to begin with! 3 out of 3 computers couldn't connect to the internet once the G Data was installed. I called Infinity Business and explained them the problem. The guy on the phone (same guy, lucky me) told me that G Data Antivirus has to be configured prior to allow the internet access??!
Well, I said, this should not be a problem for me personally as I would figure out how to configure it (or I was hoping) but what about the domestic customers? Do you expect them to fine tune G DATA Antivirus in order to let them online? Do they have time to waste on G DATA Antivirus configuration...?
The answer was YES and NO at the same time. Yes because he would expect them to fiddle with the Antivirus and no because in fact they (didn't specify they who, Infinity or G Data) do not target the end consumers but the businesses only! Interesting isn't it? G Data is not aimed to private individuals but only to the IT community. Not clever at all....but hey...who am I to judge them?
Anyway, when I told him that in my humble opinion even if the target is the IT ready customer, having the internet access ON by default would make our life easier and better, giving us the option to focus on the fine tuning task at a later time...he had no replay. Maybe he was just a seller...
Back to the program and to what we have found so far:
In theory G Data should be good. (At least the Antivirus part of it)
Why it should be good? Because G Data Antivirus' uses the so called DoubleScan technology, which gives them access to two independent detection engines to scan suspect files. They're referred to simply as 'Engine A' and 'Engine B', with Engine A described as the more effective but slightly more resource-heavy of the two.
In reality, Engine A is a licensed implementation of Kaspersky's scanning engine, while Engine B is licensed from Avast. You can use both in combination or just one if you're worried about resource usage - and you do have to worry as in real-world usage we saw a major penalty while using both engines, as per the default configuration.
This also raises a real concern: since G Data doesn't own the scanning engines, it's reliant on third parties to keep its libraries up to date.
G Data supplements this antivirus with its own 'OutbreakShield' system, using data from email security specialists Commtouch to identify traffic patterns that look like a virus outbreak. In theory, this lets it keep malicious emails off your system even before the threat is identified. Unfortunately it is redundant in these days of webmail and hardened email clients, but it's good to have.
With its multiple engines, G Data Antivirus added sixteen seconds to our boot time (CPU spikes and hard drive activity continued for around 40 seconds afterwards, though that's always a hazard on a Vista system). It then occupied 46MB of RAM when idle - the same as Kaspersky.
Another major problem we had with G Data 2008: The kernel driver GDTdiIcpt.sys shipped with G DATA Antivirus/Internet Security/TotalCare 2008 contains a vulnerability in the code that handles IOCTL requests. Exploitation of this vulnerability can result in:
1) Local denial of service attacks (system crash due to a kernel panic), or
2) Local execution of arbitrary code at the kernel level (complete system compromise) The issue can be triggered by sending a specially crafted IOCTL request. Read more about this major problem here. (http://www.trapkit.de/advisories/TKADV2008-008.txt)
As you can see it took them 294 days to release a patch....294!!!
Sorry but this is not what I call a reliable Antivirus solution or reliable support. NOT RECOMMENDED AT ALL.
Good bye for now.
The guy on the phone was very polite and he kept trying to convince me that G Data Antivirus is the best Antivirus on the market at this moment. As I always prefer to check for myself I have requested a sample. They had no samples to sent out but he directed me to a free trial download link.
Have downloaded and installed it on 3 computers. Two Vista OS and the 3rd one is on Windows XP. All OS were freshly installed for testing purposes only; all connected to the internet, 1 wired and 2 wireless.
The results were bad to begin with! 3 out of 3 computers couldn't connect to the internet once the G Data was installed. I called Infinity Business and explained them the problem. The guy on the phone (same guy, lucky me) told me that G Data Antivirus has to be configured prior to allow the internet access??!
Well, I said, this should not be a problem for me personally as I would figure out how to configure it (or I was hoping) but what about the domestic customers? Do you expect them to fine tune G DATA Antivirus in order to let them online? Do they have time to waste on G DATA Antivirus configuration...?
The answer was YES and NO at the same time. Yes because he would expect them to fiddle with the Antivirus and no because in fact they (didn't specify they who, Infinity or G Data) do not target the end consumers but the businesses only! Interesting isn't it? G Data is not aimed to private individuals but only to the IT community. Not clever at all....but hey...who am I to judge them?
Anyway, when I told him that in my humble opinion even if the target is the IT ready customer, having the internet access ON by default would make our life easier and better, giving us the option to focus on the fine tuning task at a later time...he had no replay. Maybe he was just a seller...
Back to the program and to what we have found so far:
In theory G Data should be good. (At least the Antivirus part of it)
Why it should be good? Because G Data Antivirus' uses the so called DoubleScan technology, which gives them access to two independent detection engines to scan suspect files. They're referred to simply as 'Engine A' and 'Engine B', with Engine A described as the more effective but slightly more resource-heavy of the two.
In reality, Engine A is a licensed implementation of Kaspersky's scanning engine, while Engine B is licensed from Avast. You can use both in combination or just one if you're worried about resource usage - and you do have to worry as in real-world usage we saw a major penalty while using both engines, as per the default configuration.
This also raises a real concern: since G Data doesn't own the scanning engines, it's reliant on third parties to keep its libraries up to date.
G Data supplements this antivirus with its own 'OutbreakShield' system, using data from email security specialists Commtouch to identify traffic patterns that look like a virus outbreak. In theory, this lets it keep malicious emails off your system even before the threat is identified. Unfortunately it is redundant in these days of webmail and hardened email clients, but it's good to have.
With its multiple engines, G Data Antivirus added sixteen seconds to our boot time (CPU spikes and hard drive activity continued for around 40 seconds afterwards, though that's always a hazard on a Vista system). It then occupied 46MB of RAM when idle - the same as Kaspersky.
Another major problem we had with G Data 2008: The kernel driver GDTdiIcpt.sys shipped with G DATA Antivirus/Internet Security/TotalCare 2008 contains a vulnerability in the code that handles IOCTL requests. Exploitation of this vulnerability can result in:
1) Local denial of service attacks (system crash due to a kernel panic), or
2) Local execution of arbitrary code at the kernel level (complete system compromise) The issue can be triggered by sending a specially crafted IOCTL request. Read more about this major problem here. (http://www.trapkit.de/advisories/TKADV2008-008.txt)
As you can see it took them 294 days to release a patch....294!!!
Sorry but this is not what I call a reliable Antivirus solution or reliable support. NOT RECOMMENDED AT ALL.
Good bye for now.