Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Absolute PC Security and Privacy", Michael Miller

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKAPCSPR.RVW 20021216 Absolute PC Security and Privacy , Michael Miller, 2002, 0-7821-4127-7, U$34.99/C$55.95/UK#25.99 %A Michael Miller %C 1151 Marina
    Message 1 of 1 , Jan 30, 2003
    • 0 Attachment
      BKAPCSPR.RVW 20021216

      "Absolute PC Security and Privacy", Michael Miller, 2002,
      0-7821-4127-7, U$34.99/C$55.95/UK#25.99
      %A Michael Miller
      %C 1151 Marina Village Parkway, Alameda, CA 94501
      %D 2002
      %G 0-7821-4127-7
      %I Sybex Computer Books
      %O U$34.99/C$55.95/UK#25.99 800-227-2346 info@...
      %O http://www.amazon.com/exec/obidos/ASIN/0782141277/robsladesinterne
      %P 530 p.
      %T "Absolute PC Security and Privacy: Defend Your Computer Against
      Outside Intruders"

      Miller never knew much about viruses, or took them seriously, until a
      friend got infected and it turned out to be more of a nuisance than he
      thought. So he decided to write a book about them. And also about
      spam, since he was annoyed by that, too.

      Part one is about viruses, and other stuff. There are so many errors
      in the introduction, chapter one, that I don't know where to start.
      Since this book is obviously not written for professionals, is it
      important that it was Fred Cohen, and not Len Adleman, who did the
      first academic research on viruses? No. Is it important that the
      book constantly contradicts itself (for example, promoting the idea
      that virus writers are technically competent, and then pointing out
      that virus creation kits require no expertise at all)? Possibly not,
      but it doesn't inspire any confidence. Is it important that policies
      to prevent 95% of current viruses are dismissed in a single paragraph,
      buried in 150 pages of procedures (like the old "use only commercial
      software" myth--and the book also notes that commercial software has
      been distributed in an infected state) that might help protect you
      from some of the remaining 5%? Yeah, that could turn out to be
      significant. Chapter two talks about some high risk activities, but
      the relevant points are hidden in a mass of relatively low peril
      particulars. Boot sector and file infectors are discussed in chapter
      three, but aren't important to users any more. Chapter four talks
      about macro viruses, but the suggested actions, such as manually
      deleting macros, are mostly ineffective. The material on script
      viruses, in chapter five, is quite confused: ActiveX is *not* a
      scripting system, and it is pushing the facts to say that Internet
      Explorer is a safe browser. (The procedures for disabling Windows
      Script Host could be useful.) The definitions, and particularly
      examples, of trojans, viruses, and worms are very confused in chapter
      six. Chapter seven examines email and IRC (Internet Relay Chat)
      viruses, but concentrate on minor dangers and issues. Chapter eight
      warns against virus hoaxes, but does not tell how to identify them.
      The discussion of antiviral software in chapter nine deals *only* with
      scanning, and does not properly advise on limitations and weaknesses
      (such as the fact that real time, on-access, or firewall-based
      scanning may be 20% less effective than manual scanning). The other
      forms of antiviral software are mentioned in chapter ten, but so
      briefly as to be useless. "Preventing Virus Attacks," in chapter
      eleven, repeats earlier content. The suggested responses to a virus
      infestation, in chapter twelve, are seriously overblown.

      Part two is concerned with Internet attacks. Given the preceding
      material, it is surprising that chapter thirteen provides reasonably
      good background on intrusion. But, given the tone and audience of the
      book, the attacks described are not relevant to the readership: most
      home users would not be able to do anything about the offensives
      described. The assaults listed in chapter fourteen are different, but
      the mentions are too terse to provide any means of defence. Chapter
      fifteen suggests some good precautions, but does not explain the
      implications of following them. Chapter sixteen says that peer-to-
      peer systems are dangerous, but is quite reserved given the level of
      the threat and the scare tactics used elsewhere. Network protection
      systems are briefly listed in chapter seventeen. "Choosing a
      Firewall," in chapter eighteen, describes the various types too poorly
      for the user to make an informed choice. Chapter nineteen's advice on
      dealing with an attack is too short to provide identification of a
      real incident, and the response advice is unhelpful.

      Part three supposedly deals with theft of privacy. Chapter twenty's
      overview of threats against privacy is not bad, although it does
      confuse cookies, packet sniffing, and keystroke logging in the course
      of a single paragraph. A discussion of online fraud, in chapter
      twenty one, is mostly about eBay, and mostly generic advice. A
      reasonable, if not extensive, set of explanations of harassment,
      spyware, and cookies are given in chapters twenty two, twenty three,
      and twenty four, respectively. However, the background and
      suggestions in regard to passwords and encryption, in chapter twenty
      five, are weak. The section finishes with anonymous surfing, in
      chapter twenty six.

      Part four covers spam. Chapter twenty seven presents a good overview
      of the basic concepts, but betrays a very weak technical understanding
      of the subject. The recommended actions for protection and prevention
      are not very effective. A more serious look at anti-spam activities
      is in chapter twenty eight, but it boils down to a recommendation not
      to tell anyone your email address: a suggestion that the book itself
      admits is not completely effective since spammers regularly generate
      random addresses to try. In addition, the information about tracking
      down and fighting against spammers is too brief to be of any use.
      Chapter twenty nine recommends against forwarding chain letters, but
      probably should have more information about items such as the
      technical impossibility of the messages that supposedly reward you for
      the number of missives you forward, and the variations on "advance
      fee" (aka "419" or "Nigerian scam") frauds.

      It is unclear why "Web-Based Intrusions" could not have been covered
      elsewhere without creating a part five. Chapter thirty deals sensibly
      with pop-up ads, although I am not sure why disabling JavaScript is
      considered an extreme action, particularly in view of some of the
      other recommendations in the book. The advice about the use of the
      hosts file, though, could be very helpful. Inappropriate content and
      filtering, in chapter thirty one, is handled rationally (if curtly),
      but does not mention the hidden agendae that filtering software or
      organizations may have.

      Although some of the points in the book can be good, a great deal of
      the material is either too short to be really useful, or questionable,
      or wrong. In terms of security guides for the average user, Crume's
      "Inside Internet Security" (cf. BKININSC.RVW) is much better, and so
      is "Access Denied" (cf. BKACCDEN.RVW) by Cronkhite and McCullough,
      even though the latter is directed at managers.

      copyright Robert M. Slade, 2002 BKAPCSPR.RVW 20021216

      rslade@... rslade@... slade@... p1@...
      Find book info victoria.tc.ca/techrev/ or sun.soci.niu.edu/~rslade/
      Upcoming (ISC)^2 CISSP CBK review seminars (+1-888-333-4458):
      March 31, 2003 Indianapolis, IN
    Your message has been successfully submitted and would be delivered to recipients shortly.