It’s a competitive market in the world of Windows security software. But that hasn’t deterred virus specialist G Data from making a push beyond its home German market to these shores.
G Data’s Windows security wares are not new to the UK of course – we frequently print favourable PC World US reviews of both G Data’s AV and security suites, these reviews based on lab testing by AV-test.org – but you can expect to see more of the white-and-red liveried brand as it ramps up its marketing activities this year, spearheaded by its new 2012 line of consumer AV products.
If you have a Windows PC and you use it to get online, the internet is not a safe place to be. As the lucrative Windows security industry keeps reminding us, and with good reason.
Depending on who’s spinning the stats, there may be around 20 million different ways that a PC sporting a Genuine Windows sticker can pass ownership rights to someone other than the person sited between keyboard and chair.
Viruses once used to be a not-especially-amusing way for geeks to mess around with other people’s PCs, for fun and peer kudos. Not anymore. Today we have highly motivated hackers coding intrusion and takeover exploits for big cash.
The net results are often innocent-looking Windows boxes under the home or office desk that secretly work for strangers, as a member of a botnet.
They send swathes of dodgy spam email to other poor internet users; or get recruited for DDoS attacks for political or cash-ransom ends; or simply retrieve your credit card or online banking details to siphon funds from your bank account.
So back to G Data: it is candid enough to admit that it can’t fix PCs infected with some of today’s Trojans and rootkits. But it has got an interesting card up its sleeve, to help patch two of the more troubling malware variants that are skillfully engineered to hijack an online banking session, and thereby rob you of money.
Those are the online banking Trojans, of which the notorious ZeuS is one example.
G Data's proprietary BankSafe technique is to patch the Windows DLLs that have been subverted by the malware for these man-in-the-browser exploits. It's said to work for ZeuS/Zbot and Spyeye infections. But it's only a limited patch. Once these Tojans get in, they tend to set up rootkits with their own self-encrypted filesystems in the invisible master boot record (MBR) section of a Windows C drive.
The safest removal technique to be sure you're free of being exploited easily again is to completely reinstall Windows. Oh, and reformat the whole hard disk first, since there'll be nasties remaining in your MBR.
G Data pitch
The company now trading as G Data was founded by a couple of university graduates in Bochum, northern Germany, in 1985. It’s perhaps remarkable that their names and biographies were not explored in a fact-finding trip I took to the company’s headquarters this week. This is no tech giant figureheaded by a Gates, Jobs or Page-Brin; it’s an AV company that wants to be known by its product and services only.
Timeline highlights include the invention of the anti-virus program, AnitVirenKit, in 1987 (even if G Data is one of several firms that claims to have first invented anti-virus software. The jury’s out on who really got there first).
An important breakththrough was made in 2002 with the introduction of its twin-scanning engine, dubbed DoubleScan, which applies two distinct AV engines to scan every file and folder every time. This belt-and-braces architecture is pivotal to the products hitting high detection rates, with one engine picking up on viruses the other may have missed.
G Data's Head of Labs, Ralf Benzmüller, points out breaking news of Windows threats detected worldwide
These scanning engines are developed not in house, but bought in. Thus G Data was using the core detection engine from Kaspersky Lab and Avast! until a couple of years ago, when it exchanged the Kaspersky component for Bit Defender.
The given reason is quite telling: the AV engine that Kaspersky was offering does not support multi-threaded operation, essential for good performance now that modern processors have so many real or virtual cores to work with.
Yet Kaspersky does have a mult-threaded engine now; it simply chooses not to license it to other vendors. This gives away the fact that G Data is not necessarily employing the latest scanning engines from its partners, but maybe a generation or so behind.
Researchers at G Data's securiy labs analyze a Java-based Trojan that holds Windows PCs to ransom by blocking access to Windows Explorer and Task Manager until funds have been paid to the developers via a webpage that resembles a German police notice. Such research is carried out on Linux PCs, with Windows securely sandboxed inside VirtualBox VMs
But nevertheless, the test result remain very impressive: in last year’s round-up of competing AV software, G Data walked home with the PCWorld/PC Advisor award as Best Buy. And in last year’s AV Comparatives lab tests, G Data was awarded ADVANCED+ along with Gold gongs for its on-demand and proactive malware detection.
This year’s 2012 AV product was tested by AV-test.org in March this year, which reported a 99.74% detection rate from 145,528 malware samples; and no false postitives.
A N Droid
Like Windows, Android is becoming something of a malware magnet. Whether making use of unpatched security holes still existing in Google’s phone operating system, or taking advantage of social engineering to get people to install Trojan software that hoovers up the user’s passwords, browsing history, contacts book – Android needs help.
The G Data robot guards the reception area of the company's headquarters in Bochum, Germany
Several AV peddlers are now making Android apps to try to block some of these holes, including G Data. In fact, G Data was one of the first, launching its G Data MobileSecurity app at this year’s CeBIT show in February 2011.
Its MobileSecurity app also aims to improve exploits based on two-factor authentication online banking with Windows PCs. Here, an SMS on the phone adds another layer of security to personal finance exchanges with online banks. But this falls over if the phone is Android, and its been pwned by matching malware.
G Data’s MobileSecurity app seems to be based on signature-recognition only, though. So malware that comes in through the rootstrapping technique of automatically updating a ‘safe’ rogue app with new exploit code will still get though - until the AV vendor updates its definitions list anyway.
By which time, your Android phone may have already racked up a load of premium rate phone calls, SMS texts; or been liberated of all your most private address book and password data.
Perhaps in the future Android anti-virus software will add behavioural-based malware recognition, so that it can spot dodgy looking apps in flagrante delicto.
Chances are, the typical Google phone or tablet will also then be treacled by the CPU-hogging anti-virus program necessary to run that kind of AV engine, so expect to see another arms race in processor speed, just to keep up with these security apps.