Microsoft Defender is lacking in offline detection capabilities, says AV-Comparatives

Alfonso Maruccia

Posts: 971   +294
Staff
In context: Microsoft Defender made its debut as a downloadable free anti-spyware program in the Windows XP days. Eventually, Microsoft turned into a proper antivirus solution (it's gone through a few different names and iterations) integrating the software in the operating system. After many years, however, Defender still has a hard time detecting malware when the PC is offline.

AV-Comparatives, a leading organization in security software testing, recently released its latest Malware Protection Test for consumer antivirus software. The test compared major antivirus products with a defined set of malware samples, collecting logs and results about the software capabilities to detect and protect users against infection.

The list of tested products in the Malware Protection Test for September 2022 included well known names in the security business like Avira, AVG, Avast (which are now all part of the Norton LifeLock product family), Bitdefender, Kaspersky and many more. Microsoft Defender, the Windows' built-in security system was included as well, even though final results weren't so brilliant compared to some of the best third-party antivirus on the market.

According to AV-Comparatives, Microsoft Defender got the third lowest score for offline detection capabilities (69.8%) just before Panda (52.8%) and Trend Micro (41.1%).

Conversely, Defender's detection and protection capabilities were in line with some of the best antivirus software for Windows (98.1%, 99.99%) when using online, cloud-based features.

AV-Comparatives recently changed its testing methodology by focusing on protection rather than on detection capabilities alone. In brief, the tests are now checking whether antivirus software can prevent a malicious program to make any actual changes to the system even after it has already arrived on the targeted machine in its inactive state.

While facing the 10,019 malware samples used for the tests, Microsoft Defender was able to block almost all of them except 1 – but only when the antivirus could access Redmond's cloud servers. Avast, AVG, G Data and McAfee scored a perfect, 100% protection rate, while Trend Micro was dead last with 259 successful infections.

AV-Comparatives gathered all the tested antivirus products in four different groups, assigning a different award to each group proportionally to the number of false positives detected by each antivirus.

Microsoft Defender detected "Many" false positives even with its online capabilities on (19), therefore Windows native antivirus protection could only score an "Advanced" protection award even though it got the best one (Advanced+) in previous tests.

Permalink to story.

 
AVG and Avast are the same or almost the same.
https://blog.avast.com/avast-and-avg-become-one
More, Avast is one of the most invasive privacy company. They were caught spying users through their so called antivirus and also through their CCleaner app which was popular in the past, until they were caught selling users data, emails.
https://www.pcworld.com/article/398...l-info-via-their-free-antivirus-programs.html
https://www.bleepingcomputer.com/ne...lled-due-to-anger-over-usage-data-collection/
I never trust my computer security to a company which steals user data and sells it to others or invades users privacy. It's like hiring a wolf to protect the sheeps.
This is also rising valid questions about AV-Comparatives low standards in evaluating antivirus and protection programs.
Better to call a spade a spade, this study is garbage malware.
P.S. My advice is, if you want your computer being protected and safe from malwares, to keep a healthy, safe distance of any Avast "apps" :).
 
Last edited:
Riddle me this....if a PC is "offline" what is the chance of it getting a virus in the first place?
Riddle me this....if My Windows XP machine has been online for 8 solid years, running in a full admin account, without any Microsoft security updates and an antivirus that expired 7 years ago......

How many viruses, trojans, rootkits and ransomware infections will have a negative affect on the operation of that computer if I use it to study malware while ONLINE in a native boot configuration?

ZERO!

The correct answer is ZERO!

Malware has no affect if you are a real security expert
 
Last edited:
Defender's detection and protection capabilities were in line with some of the best antivirus software for Windows (98.1%, 99.99%) when using online, cloud-based features

I would think MicroSludge would understand that many users can't always access the cloud, but still need the ability to have protection. There is simply no reason they can't make Defender self-standing with the ability to auto-update files once internet access is regained. Once again MicroSludge is way behind the times and fails to anticipate customer needs ...... par for the course.
 
It got a similar offline result at least a couple years ago. It could definitely be improved, but unless you're a shady or ignorant user, you should be okay.
 
This is a little like a report saying Toyota ranks last in garage-only performance. How many people is that relevant to?

Well, except you don't drive your PC and Internet servers are disappearing like flies on a daily basis. And you can still do a ginormous amount of stuff with an Internet-deprived PC, even Steam has an off-line mode (which I use regularly to play Elden Ring with no bothers from anyone) and this should be the end of it :-D
 
Well, except you don't drive your PC and Internet servers are disappearing like flies on a daily basis. And you can still do a ginormous amount of stuff with an Internet-deprived PC, even Steam has an off-line mode (which I use regularly to play Elden Ring with no bothers from anyone) and this should be the end of it :-D
Yes all very true but for most users, when you are offline, you are not receiving any new data and therefore do not need any new security scanning.

Yes, USBs, optical discs, floppy disks all technically still exist in the world, but a) they are increasingly uncommon and b) for the decreasing scenarios where they still make sense the proper point of validation / scanning for the external storage would be before it reaches the secure / offline PC.
 
Riddle me this....if My Windows XP machine has been online for 8 solid years, running in a full admin account, without any Microsoft security updates and an antivirus that expired 7 years ago......

How many viruses, trojans, rootkits and ransomware infections will have a negative affect on the operation of that computer if I use it to study malware while ONLINE in a native boot configuration?

ZERO!

The correct answer is ZERO!

Malware has no affect if you are a real security expert

The only reason why your Windows XP machine was'nt hacked till pieces was 99.9% due to your internal router at home.

Let me put it like this: put the same Windows XP machine straight onto the internet, just a direct link and no router or switch in between. Now take a timer and start noting the first weird event.

Running a unpatched windows XP machine straight onto the internet (Dialup era) was asking for (huge) problems. Believe me. Your system would not run for 1 minute because it would be exploited as you sip on your coffee.

Anyway: offline detection might be usefull if you downloaded a Zip file from a unknown source. And you happened to be in the train and unpack that zip file.

I used trend micro for years. Fantastic program. Not evasive. Does what it does with a extreme good detection.
 
The only reason why your Windows XP machine was'nt hacked till pieces was 99.9% due to your internal router at home.

Let me put it like this: put the same Windows XP machine straight onto the internet, just a direct link and no router or switch in between. Now take a timer and start noting the first weird event.

Running a unpatched windows XP machine straight onto the internet (Dialup era) was asking for (huge) problems. Believe me. Your system would not run for 1 minute because it would be exploited as you sip on your coffee.
Believe You?
Yeah....NO, that ain't gonna happen

Maybe you missed all my posts @ Maximum PC before they shut down, or my posts @ Bleeping Computer before I was banned, or @ Anandtech (also banned)

I have spent years explaining how to secure XP and get banned for the trouble

You seem to be a bit of a noob here and never read my past posts, but I can put XP online with a direct connection for YEARS without a single problem WHILE studying what the malware threats do to my machine

A simple reboot returns the OS back to a pristine state when I'm finished as it is a read only installation of XP

I was banned from several security sites for being a jerk, but never for being dishonest
I held open contests begging North Korea, Iran, Russia and the Chinese Military to WRECK MY BOX

That was many years ago and the contest is still open

There is yet to be a single piece of malware that can force me to restore a clean backup by causing permanent problems on this machine even using a direct connection

All of the custom mitigations are mine, not Microsofts
All COMMON avenues for exploit have been blocked already

I would never use it for passwords or banking and it can indeed be blocked by denial of service (as can any machine)
But there is no malware known that has taken this box down in the past 8 years

If you know of any such malware, I would LOVE to see it as I'm waiting for that one perfect zero day worth keeping

and remember.......
The Contest is still OPEN!
WRECK MY BOX!
 
Last edited:
TBH, with time, I find studying results much less relevant to let's say harassment a lot of AVs are inflicting upon users and admins.
The amount of crap I had to deal with machines having AVG, Avast, Defender and few other is ... time-consuming. Whoever did the UI for AVG and Avast should be slapped in a face ... with a metal RGB keyboard.
 
I only just realized that Avast and AVG are now part of Norton. I've not used them for over a decade. I mean back in 2004 or 2005 I got my first laptop equipped with 6-months norton trial. when the time's up I tried avira, avg, avast but finally stick with avast for the boot scan feature. I'm glad I don't have to stay with the crappy norton.

microsoft security essential came out in 2009 but back then it was laughed by every other company. about a year later when Windows 7 SP1 came out, it proved itself to be on-par with the free AVs so I ditched avast permanently. but I also have free version of malwarebytes as per the recommendation from this very site board.

back then the forums were different... they were alive. no politics just purely tech talks.
 
Let me put it like this: put the same Windows XP machine straight onto the internet, just a direct link and no router or switch in between. Now take a timer and start noting the first weird event.
You are woefully misinformed. Older Operating Systems don't magically burst into flames the moment you connect them to the internet, especially if the user takes proper precautions. Stop with the fear-mongering. You're embarrassing yourself.

Whoever did the UI for AVG and Avast should be slapped in a face ... with a metal RGB keyboard.
Pimp-slapped to the stone age is my vote..

it proved itself to be on-par with the free AVs
Not it didn't. It was annoying garbage then and still is even with the new lipstick on the same pig..
 
Last edited:
Back