REVIEW: "Securing the Network from Malicious Code", Douglas Schweitzer
- BKSTNFMC.RVW 20030727
"Securing the Network from Malicious Code", Douglas Schweitzer, 2002,
%A Douglas Schweitzer
%C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8
%I John Wiley & Sons, Inc.
%O U$40.00/C$60.99/UK#29.95 416-236-4433 fax: 416-236-4448
%P 338 p.
%T "Securing the Network from Malicious Code"
While there is some basic information about viruses and trojans in
this work, it isn't clear, good, particularly helpful, or easy to
extract from the surrounding verbiage. What content is related to
networks has very little to do with securing or protecting them from
Part one looks at threat analysis. Chapter one lists various types of
problems that might possibly arise from the presence of malware.
Generic statements about virus writers, with little judgment or
backing, are made in chapter two. Programs related to malware are
described in chapter three, although the examples and explanation are
limited. Chapter four is a poorly structured and disorganized list of
viruses, rife with artificial distinctions. (Two of the
classifications are said to be "UNIX viruses" and "Linux viruses").
There are some examples, but with poor analysis and interpretation.
Part two talks about defence. "Fundamentals Needed for Digital
Security," as chapter five is entitled, contains a random assortment
of semi-technical topics which does not have enough detail or
definition to be of much use in establishing protection. Haphazard
net topics are reviewed in chapter six. Chapter seven lists various
network applications, threats (such as stalking) that are not related
to malware, and a list of ports used by trojans--but the directions on
how to determine whether those ports are in use on your machine do not
appear until the following chapter, along with some generic advice on
policies and awareness training. Firewalls, antivirus software, and
backups are outlined in chapter nine, but with terse and poor
explanations. Server and application vulnerabilities are briefly
discussed in chapter ten.
Part three is supposed to look ahead. Chapter eleven has an
unfocussed and sensationalist commentary on cyberterrorism. A grab
bag of security topics is in chapter twelve.
The text has numerous errors, but they are neither excessively
abundant (in comparison to some of the other horrible examples extent)
nor especially egregious. Saying that this work is "less bad" than
the worst, though, is hardly a recommendation. The book is
indifferent and slipshod (many of the entries in the glossary are very
careless) and does not contribute to the body of malware literature.
copyright Robert M. Slade, 2003 BKSTNFMC.RVW 20030727
====================== (quote inserted randomly by Pegasus Mailer)
rslade@... slade@... rslade@...
Nobody is talking about you behind your back. In fact, we are
pretty much all agreed that you are starting to obsess about it.
http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade