David Lindsay Prize and Linux Security: Giuseppe Raffa
As those who attended the recent (December 2020) online Hewlett Packard Colloquium event at Royal Holloway already know, I had the great privilege of being awarded the David Lindsay prize for my Information Security MSc thesis, which I completed at RHUL last summer. As I begin my PhD studies at the Royal Holloway CDT, I must confess that I am honoured and this prestigious award is undoubtedly a wonderful encouragement for the future. Before saying a little bit more about the motivation and the challenges of my project, I feel that I have once again to express my gratitude to Dr Daniele Sgandurra, who was my supervisor and constantly supported me with invaluable comments and suggestions.
My MSc thesis was focused on testing Linux-compatible anti-virus (AV) solutions available for desktop computers. This topic attracted my attention a long time ago when I realized that many Linux users consider AVs unnecessary, arguing that this operating system is “malware-free”. A more in-depth analysis though revealed that there are several documented cases of malware infections specific to Linux, such as the worm Ramen. In addition, differently from what some on-line resources seem to suggest, the number of anti-virus solutions was not as high as initially thought. As I found out during the first part of my project, in fact, many vendors have now turned their attention only to server systems, where the OS of interest is much more popular.
The results of the conducted tests were definitively surprising. In spite of the fact that the used malware samples had been available for two months when I started my evaluation, repeated tests performed over the course of three weeks with local AV installations and an on-line malware scanning service proved that very few fully updated anti-virus engines were capable of detecting an increasingly high number of malicious files. Furthermore, 13 products showed regression effects as well. Even more interestingly, evading AVs with malware samples created by using a well-known penetration testing framework turned out to be much easier than expected, with one of the assessed programs exhibiting a detection rate below 10%.
While the estimated market share of Linux desktop systems is currently only at 2%, it cannot be ruled out for a host of reasons that this percentage will increase in the near future. Consequently, as also emphasized during the David Lindsay prize ceremony, Linux security is undoubtedly an interesting and important research topic that I will certainly consider for my PhD thesis.
Comments
Post a Comment