Microsoft Defender is lacking in offline detection capabilities, says AV-Comparatives
Windows' built-in antivirus shines when using the cloud, doesn't without itBy Alfonso Maruccia 16 comments
In context: Microsoft Defender made its debut as a downloadable free anti-spyware program in the Windows XP days. Eventually, Microsoft turned into a proper antivirus solution (it's gone through a few different names and iterations) integrating the software in the operating system. After many years, however, Defender still has a hard time detecting malware when the PC is offline.
AV-Comparatives, a leading organization in security software testing, recently released its latest Malware Protection Test for consumer antivirus software. The test compared major antivirus products with a defined set of malware samples, collecting logs and results about the software capabilities to detect and protect users against infection.
The list of tested products in the Malware Protection Test for September 2022 included well known names in the security business like Avira, AVG, Avast (which are now all part of the Norton LifeLock product family), Bitdefender, Kaspersky and many more. Microsoft Defender, the Windows' built-in security system was included as well, even though final results weren't so brilliant compared to some of the best third-party antivirus on the market.
According to AV-Comparatives, Microsoft Defender got the third lowest score for offline detection capabilities (69.8%) just before Panda (52.8%) and Trend Micro (41.1%).
Conversely, Defender's detection and protection capabilities were in line with some of the best antivirus software for Windows (98.1%, 99.99%) when using online, cloud-based features.
AV-Comparatives recently changed its testing methodology by focusing on protection rather than on detection capabilities alone. In brief, the tests are now checking whether antivirus software can prevent a malicious program to make any actual changes to the system even after it has already arrived on the targeted machine in its inactive state.
While facing the 10,019 malware samples used for the tests, Microsoft Defender was able to block almost all of them except 1 – but only when the antivirus could access Redmond's cloud servers. Avast, AVG, G Data and McAfee scored a perfect, 100% protection rate, while Trend Micro was dead last with 259 successful infections.
AV-Comparatives gathered all the tested antivirus products in four different groups, assigning a different award to each group proportionally to the number of false positives detected by each antivirus.
Microsoft Defender detected "Many" false positives even with its online capabilities on (19), therefore Windows native antivirus protection could only score an "Advanced" protection award even though it got the best one (Advanced+) in previous tests.