Interview: Chris Boyd, aka @paperghost

Written by

Chris Boyd is a malware intelligence anaylst at Malwarebytes. You might know him better by his previous roles at FaceTime, GFI, ThreatTrack or as @paperghost.

Despite his deeply technical knowledge, Boyd is a brilliant communicator, and is able to talk about incredibly technical things in a relatively simple way. This makes him my kind of interviewee.

Boyd joined Malwarebytes in November 2013, attracted to the company’s passion for “beating the bad guys” and its philosophy that “clean-up software should be free, because you don’t pay to get infected.” His appreciation for the company’s mantra was such that Boyd had diligently waited for a position to open at Malwarebytes. “I knew the staff and researchers through the forums and I’d been waiting for them to hire in the UK”, he said.

The hire policy at Malwarebytes, explained Boyd, is fairly unique. “They hire people who really care about killing criminal software and have a passion for beating cybercrime.”

There is an enterprise edition of the software, but the grass roots were a free consumer product; software designed to protect against malicious threats that escape detection by other anti-virus solutions.

Trends in this space, according to Boyd, remain fairly static. “All consumer scams are pretty much the same thing”. Facebook scams and fake videos continue to be popular methods, he said.

On further reflection, Boyd corrected his use of the phrase ‘consumer scams’. “Enterprise threats are pretty much the same as consumer threats”, he said. “It’s same old. The threats aren’t as bad as we sometimes think. There’s still a lot of human interaction required to infect a machine, and there are solutions in place. There are options”, he said, optimistically.

Same Old Threats

The disadvantage of being subject to “the same old threats”, Boyd told me, is that it makes it harder to educate people and capture their interest. More often than not, he explained, the only thing that will change is the code at the end of a URL. “How can you make it interesting when telling them about the same old things?”, he asked rhetorically.

Very occasionally, he added, “I’ll witness a clever evolution of scam”. He gave the example of a Red Cross phishing scam using a genuine Red Cross email address with a copied email address.

Boyd suggested that free lunch education sessions are an effective way to educate people. “Don’t bury education in a long policy. Security should not be an after-thought, it is ultimately the responsibility of the company itself”, he said.


Discussing the recent discontinuation of Microsoft support for XP systems, Boyd expressed concern about what this means for legacy XP systems. “There are so many businesses stuck on XP”. Critical hospital systems, he gave as an example, will house “zero-day threats until the machines become pretty much unusable.”

“It’s hard to convince people to leave an operating system they’re locked into”, Boyd conceded. “Microsoft gave enough warning, they couldn’t have done any more”, he said. “It’s down to the users now”.

This last comment concludes our chat nicely, given that it’s the education of users which Boyd has focussed so heavily on in our discussion. It occurs to me that Boyd’s philosophy matches his employer’s perfectly. A match made in infosec heaven.

To find out more about Malwarebytes, visit

What’s hot on Infosecurity Magazine?