TR Forums

It's puzzling how the size of Microsoft's Defender full definition db doesn't grow continuously, considering the number of virus signatures grows should grow over time. There's a limit to what can be gained from improved compression or definition formats.

Recently there was a strange big drop:

2018/09 database: 200 MB
2018/12 (I think it was): 160 MB
2019/03: 80 MB
2019/04: 120 MB

If they regularly prune older viruses, doesn't that defeat the idea?

I would hope they would patch some vulnerabilities, so the need to scan for that particular virus goes away... or they just EOL any remaining vulnerable systems (sorry, DOS 6.22).

Viruses need to be detected even if a vulnerability they relied on was fixed.
I don't think the 60% decrease in size was due to dropping DOS viruses.

That is really strange. I'd love to read an explanation of this.

FWIW, I tested it with 36 DOS viruses, including in .COM files. It failed to detect only 1.
Two were deemed Win32 for some reason, the rest as expected.

Trivia: The one it missed was also undetected by AVG, Avast, Kaspersky, but was recognized by ESET, McAfee, and Symantec.

Defender must be able to support that thumb drive with a bootable DOS 6.22 image on it... no wonder the virus file is so large.

My guess would be the db grows incrementally with new definitions then every once and a while they incorporate them into a core database.

Also the core db decreases in size.

Anyway, still curious.

2019/6/1 150MB

2019/8/20 114MB