Abstract

In January 2025 Tolly evaluated Crytica Rapid Detection & Alert (RDA) against Microsoft Defender on Windows 11 and Red Hat Enterprise Linux 9, focusing on detection accuracy, reaction speed, and host resource usage .

Across 215 Windows and 18 Linux known-malware samples, RDA identified every threat, while Defender missed roughly 5 % (94.88 % on Windows, 94.44 % on Linux)  . RDA flagged malware within seconds and ran continuously with an ~2 MB memory footprint and 0–12 % CPU load, whereas Defender consumed ~200 MB when idle, exceeded 350 MB and >90 % CPU during on-demand scans, and could take minutes to react.

Tolly also simulated six zero-day attacks by delivering encrypted, previously unseen malware plus a decrypting dropper. RDA detected all six droppers within 15 seconds, but Defender noticed none until the malware was decrypted—catching only two or three, depending on platform. RDA’s edge comes from its lightweight probe that rescans every ten seconds and alerts on any unauthorized change to a device’s instruction set rather than relying on signature databases, making it well-suited for resource-constrained IoT/OT endpoints where rapid, low-overhead protection is critical.