David Lindsay Prize and Linux Security: Giuseppe Raffa

 As those who attended the recent (December 2020) online Hewlett Packard Colloquium event at Royal Holloway already know, I had the great privilege of being awarded the David Lindsay prize for my Information Security MSc thesis, which I completed at RHUL last summer. As I begin my PhD studies at the Royal Holloway CDT, I must confess that I am honoured and this prestigious award is undoubtedly a wonderful encouragement for the future. Before saying a little bit more about the motivation and the challenges of my project, I feel that I have once again to express my gratitude to Dr Daniele Sgandurra, who was my supervisor and constantly supported me with invaluable comments and suggestions.

My MSc thesis was focused on testing Linux-compatible anti-virus (AV) solutions available for desktop computers. This topic attracted my attention a long time ago when I realized that many Linux users consider AVs unnecessary, arguing that this operating system is “malware-free”. A more in-depth analysis though revealed that there are several documented cases of malware infections specific to Linux, such as the worm Ramen. In addition, differently from what some on-line resources seem to suggest, the number of anti-virus solutions was not as high as initially thought. As I found out during the first part of my project, in fact, many vendors have now turned their attention only to server systems, where the OS of interest is much more popular.

The results of the conducted tests were definitively surprising. In spite of the fact that the used malware samples had been available for two months when I started my evaluation, repeated tests performed over the course of three weeks with local AV installations and an on-line malware scanning service proved that very few fully updated anti-virus engines were capable of detecting an increasingly high number of malicious files. Furthermore, 13 products showed regression effects as well. Even more interestingly, evading AVs with malware samples created by using a well-known penetration testing framework turned out to be much easier than expected, with one of the assessed programs exhibiting a detection rate below 10%.

While the estimated market share of Linux desktop systems is currently only at 2%, it cannot be ruled out for a host of reasons that this percentage will increase in the near future. Consequently, as also emphasized during the David Lindsay prize ceremony, Linux security is undoubtedly an interesting and important research topic that I will certainly consider for my PhD thesis.

Comments

Post a Comment

Popular posts from this blog

Post-PhD thoughts on the Cyber Security field: Amy Ertan, 2017 CDT Cohort, now Cyber and Hybrid Policy Officer at NATO HQ in Brussels.

It has been just over a year since I successfully completed my viva – a milestone that initially felt both terrifying and insurmountable when I first joined the CDT. Now, I have the privilege of reflecting on my PhD journey and how its opportunities have shaped my present. I also wish to inspire curious students to embrace the full potential of the CDT and similar programs.   When I first came across the CDT application form, I initially envisioned transforming from a disillusioned city worker into a technical cyber security wizard, focusing on governance or incident response – as those were the only cyber security functions I was familiar with at the time. Very quickly, the CDT taught me that cyber security encompasses a vast and comprehensive range of approaches, offering me a holistic perspective on the field. Supported by the CDT, I engaged with exciting research and practitioner communities to learn about security governance, feminist and critical approaches, geography, the philos
Read more

Remote working and Cyber Security: Georgia Crossland and Amy Ertan

Image
Introducing the project The shift to remote working represents a huge shift for employees and organisations alike, introducing significant implications for cyber security. Amy Ertan and Georgia Crossland are currently working on a research project, in collaboration with the Research Institute for Sociotechnical Cyber Security (RISCS) and funded by the UK National Cyber Security Centre (NCSC), on the impact of remote working on cyber security and wellbeing. This blog post will give an overview of a section of this project, how remote working impacts cyber security. In response to COVID-19, in March 2020, organisations across the world made the rapid shift away from physical office working to remote working, wherever possible. This shift has had a significant impact across many aspects of organisations. This blog post will offer a high-level overview of how the cyber threat landscape was impacted for many organisations and may further change organisational cyber resilience. Remote workin
Read more

New Publication: Remote Working and (In)Security?: Amy Ertan

Image
A recent research report by CDT researchers Amy Ertan and Georgia Crossland has been published with the Research Institute for Sociotechnical Cyber Security (RISCS). The report examines ‘The Impact of Pandemic-Driven Remote Working on Employee Wellbeing, the Psychological Contract and Cyber Security’, with research carried out through a series of interviews with senior cyber security colleagues between January and April 2021. The full report can be found on the RISCS website: New publication: Remote Working and (In)Security | RISCS. Context In the UK and around the world, the impact of COVID-19 represented a total shift away from what was considered ‘normal living’. One aspect of this change was the rapid transition to remote working as people were encouraged to work from home and limit contact with others as far as possible through repeated lockdown conditions. Fellow CDT colleague Georgia Crossland and I were curious to explore how remote working has impacted the experiences - and se
Read more