Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Bigelow's Virus Troubleshooting Pocket Reference", Ken

Expand Messages
  • Rob Slade, doting grandpa of Ryan and Tr
    BKBVRTPR.RVW 20000822 Bigelow s Virus Troubleshooting Pocket Reference , Ken Dunham, 2000, 0-07-212627-2, U$19.99/C$31.95 %A Ken Dunham
    Message 1 of 1 , Nov 13 11:35 AM
      BKBVRTPR.RVW 20000822

      "Bigelow's Virus Troubleshooting Pocket Reference", Ken Dunham, 2000,
      0-07-212627-2, U$19.99/C$31.95
      %A Ken Dunham antivirus.guide@...
      %C 300 Water Street, Whitby, Ontario L1N 9B6
      %D 2000
      %G 0-07-212627-2
      %I McGraw-Hill Ryerson/Osborne
      %O U$19.99/C$31.95 510-548-2805 800-227-0900
      %P 267 p.
      %T "Bigelow's Virus Troubleshooting Pocket Reference"

      Apparently somewhat before Dunham started work on this volume, he also
      started a mailing list of virus information. This mailing list names
      a number of viruses, but provides no details, protective strategies,
      or understanding of the basic antiviral concepts. Much the same is
      true of the book. In the very first paragraph of the book proper, we
      are told that computer viruses were explored by many people in the
      1960s and 1970s (although many such claims are made, I've never, in
      thirteen years of research, found documented evidence of any such
      research), and that Fred Cohen formally defined viruses in a security
      experiment in 1983 (so trivial a mention of his pioneering work being
      almost insulting). Subsequent sentences have unsupported dates,
      idiosyncratic definitions, and claims and opinion presented as fact.

      Ironically, the most accurate part of the whole work might be the
      disclaimer, warning you that nobody is going to take any
      responsibility for the mistakes in the book. (Although what "ac and
      high voltage power sources" have to do with computer viruses is a
      mystery to me.) The preface claims that the book is comprehensive,
      which it certainly isn't, and concise, which is questionable as well.

      Chapter one looks at something of the history of viruses. Where
      Dunham has been given competing or contradictory versions of a story
      or fact he simply puts down everything, without evidence of any
      analysis to find out the truth. Assertions are laid down in some
      vaguely chronological order, without any relation to each other
      (Q. What do the inclusion of an antivirus with DOS, the emergence of
      the WildList, and the fact that SatanBug was written by someone below
      the legal drinking age have to do with each other? A. Nothing.), and
      without any explanation of the implications of developments or trends.
      (I take it back: the book states that the invention of System 7 for
      the Macintosh eliminated compatibility with previous viruses, which
      isn't always true.)

      Although entitled "Malware," chapter two has little material on
      malicious software other than viruses. It is a grab bag of random
      content, looking briefly at many topics without staying long enough to
      effectively cover anything. There are many lists in the work, but the
      substance is not always reliable. Table 2.2, for example, on virus
      characteristics lists Whale as an example of an armored virus (Whale
      is usually considered an example of limited polymorphism, and
      "armored" does not have a commonly agreed technical meaning in virus
      research), doesn't mention prepending or appending of file infectors,
      describes Lehigh as a "cavity" virus (possibly technically correct,
      but only because of the odd file format of COMMAND.COM), and tells us
      that a multipartite virus "is often very successful In the Wild but is
      rare In the Wild."

      There has to be some irony in the number of errors in a chapter called
      "Myths and Hoaxes." For instance, the simple statement that the
      Scores virus was only released to a company intranet and therefore was
      not an issue in the wild ignores the fact that Scores was developed
      before there were intranets and that Scores *did* make it into the
      wild, as attested by the fact that one of its aliases (noted in the
      previous chapter) celebrates a government institution it infected:
      NASA. The first item on the list of ways to detect a virus hoax says
      that the source of the email is unknown to the user: most hoaxes get
      passed around from friend to friend. (The list of classic virus hoax
      messages also contains the Gullibility Virus, which is a satire on the
      phenomenon. There is a brief mention that it is a joke, but that fact
      is certainly not clear from the inclusion.)

      "Detecting Malware," in chapter four, starts off with the usual list
      of virus symptoms, most of which appear in all sloppy virus books, and
      none of which are any kind of dependable indication that you have an
      infection. The look at antiviral software concentrates, of course,
      almost exclusively on scanning. Dunham does mention change detection,
      although not in any comprehensive way, and also mentions "behavioral
      analysis," which is described as a "bold and progressive approach" by
      a new company. Otherwise known as activity monitoring, this is, in
      fact, the approach used by the oldest antivirus program, Flu-Shot.
      The chapter ends with procedures for capturing viruses that would only
      work by accident, and wouldn't work at all against the most common
      current email viruses, as listed by the book's own prevalence chart.

      Chapter five, on preventative measures, is a real mixed bag. Some
      points are good, such as the recommendations about verification of
      installation, the risk of a lack of security policy, a parent-child
      contract for computer use, and the warning against the use of FDISK as
      a disinfectant. Most of the rest of the chapter, however, is
      incomplete, contestable, or misleading. "Black market software" has
      very little connection with viruses. Incomplete removal of software
      is a danger, but how is the naive user to determine that disinfection
      is concluded? Screen saver passwords have nothing to do with viruses,
      and are weak, in any case. Microsoft Office protections against macro
      viruses are, as the book notes, not failproof, but the point is not
      made with adequate emphasis. Boot disks cannot be made for Windows 9x
      or NT systems (at least not as suggested) and are of little use with
      FAT32 and NTFS file systems. Changing file associations is more
      complex than the text suggests. (And the section on F-Prot makes
      almost no sense at all.) This is definitely a case where if you can
      tell good advice from bad advice you don't need any advice: non-
      specialists simply cannot be sure about the counsel they are getting
      from this volume.

      It is rather odd that there is a separate chapter for antivirus
      software, since both preceding chapters have extensive (if not very
      credible) software sections. However, the intent seems to be to
      concentrate on evaluation of an antivirus. Unfortunately, the
      material is fragmentary and inconsistent. The section on
      certification and reviews fails to point out that all the
      certification sites mentioned only do "zoo" tests (measures of how
      many viruses are identified from a given set), that some charge
      companies for submitting software for testing, and that the VTC (Virus
      Test Center) is the only site with its full protocol available online
      and a zoo that even approximates the tens of thousands of viruses that
      exist. Mini-reviews are given, but only for Mac software. There is
      an evaluation form, but only a very few specialists would be able to
      fill it out in its entirety. (Microsoft is also listed as an
      antivirus software update site.)

      Chapter seven, on removing malware, is very short, and half of it is
      dedicated to telling you why you might not be able to disinfect your
      system. Still, some of the points are worthwhile, and, if you are
      infected by an old boot sector or file infector, nothing in this
      chapter should do you any harm. (The discussion is not relevant to
      more current macro or email infections.)

      Other than a reprint of the Good Times Virus Hoax FAQ the appendices
      are not particularly useful.

      Overall, the text is a mass of trivia, interspersing fact,
      speculation, and inaccuracy in an unreliable and misleading mix. The
      content, as presented, betrays almost no knowledge of the fundamental
      technologies, either on the virus or the antivirus side. When details
      are provided, they are thrown at the reader in an undifferentiated and
      unanalyzed lump, which will annoy the specialist, and confuse the
      average computer user. The book is small, but hardly pocket sized,
      and the internal structure is nowhere near being organized enough to
      lay claim to the appellation of reference.

      As with Schmauder's "Virus Proof" (cf. BKVRSPRF.RVW), this latest
      attempt to fill the long gap in virus literature has almost nothing to
      contribute to the field.

      copyright Robert M. Slade, 2000 BKBVRTPR.RVW 20000822

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... rslade@... slade@... p1@...
      Yes, but every time I try to see things your way, I get a headache.
      http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.