Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Desktop Witness", Michael A. Caloyannides

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKDSKWTN.RVW 20030819 Desktop Witness , Michael A. Caloyannides, 2002, 0-471-48657-4 %A Michael A. Caloyannides %C 5353 Dundas Street West, 4th Floor,
    Message 1 of 1 , Sep 9, 2003
    • 0 Attachment
      BKDSKWTN.RVW 20030819

      "Desktop Witness", Michael A. Caloyannides, 2002, 0-471-48657-4
      %A Michael A. Caloyannides
      %C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8
      %D 2002
      %G 0-471-48657-4
      %I John Wiley & Sons, Inc.
      %O 416-236-4433 fax: 416-236-4448
      %P 366 p.
      %T "Desktop Witness: The Do's and Don'ts of Personal Computer
      Security"

      The title and the subtitle of this book are somewhat at odds. Is this
      text about the evidence that can be extracted from desktop machines?
      Or is it about protecting yourself and your personal computer or
      information? Caloyannides would seem to be making the point that the
      answer is both: that there is an overwhelming need to ensure that your
      computer isn't finking on you, and that you must make every effort to
      ensure that the government cannot obtain the information on your
      desktop. While he is clearly on the personal side of the privacy
      versus national security debate, even those who agree with him may
      find the arguments shrill and extreme.

      The subtitle of chapter one; indicating that the material is the
      author's opinion; should warn the reader that the discussion is
      editorial rather than closely reasoned. Caloyannides may, however,
      have hurt his own case by taking an anarchistic and almost paranoid
      position in stating the need for privacy against government
      encroachment. He does make a number of valid points, but misses other
      grounds that might have been convincing to a much wider audience, such
      as the point that the responsibility of protecting your own
      information is recognized in such legal areas as the difference
      between patent and trade secret. (A patent offers control over a
      device for a limited time as long as the technology is disclosed,
      whereas a trade secret offers protection for unlimited time as long as
      reasonable efforts are made to protect the information from
      disclosure.) The major point of chapter two appears to be that the
      use of encryption could, in and of itself, land you in trouble, and
      you should prepare to either hide the fact that encryption is taking
      place, or have a diversionary explanation ready for the authorities.
      (The recommended use of one-time-pad technology and variant keys is
      technically interesting, but is unlikely to survive beyond a first
      use. Ironically, it seems to support a point that the author made
      earlier: "clever" tricks that rely on obscurity provide very poor
      protection.) The types of information that might be available from
      your computer, or Internet connection, are discussed in chapter three.
      The material ranges over a number of topics and has a difficult
      structure: some points are raised more than once and there are a
      number of related issues that are not mentioned at all. Means of
      recovering some of the data, and of getting rid of it, are reported,
      but not consistently.

      Chapter four lists a vast array of protective measures. Most are very
      useful. Depending upon your situation, many will be considered
      overkill. Some are questionable: Caloyannides makes a blanket
      recommendation to install all operating system patches, but notes that
      doing so for some versions of Windows requires you to give away a lot
      of information. He does not, though, detail the times that official
      patches have made the situation worse rather than better, nor the
      complexity of some patches: by mid-2002 one expert noted that an
      effective installation of the Windows NT operating system required
      twenty nine steps, including no less then three separate installations
      of the latest service pack at different points. Oddly, while this
      section is supposed to review measures for computers not connected to
      networks, some of the points relate to activities on the Internet.
      Protection for connected machines is discussed in chapter five, with a
      heavy emphasis on the usage of the PGP encryption system. There is
      also an interesting insistence that steganography *is* an effective
      means of hiding communications: while Caloyannides points out a number
      of pitfalls in the use of the technology he does not mention detection
      measures, such as the ease of determining excessive entropy in the
      low-order bits of graphic images used to hide files. Secure telephony
      is discussed in chapter six. The legal issues reviewed in chapter
      seven are mostly related to recent legislation providing for
      additional search authority. The author does include material and
      actions from outside the United States. The editorial finish in
      chapter eight warns against a society where everything must be
      homogenized in order to be safe.

      In many places the book suffers from very poor copy editing. There
      are a great many instances of improper punctuation, sentence
      fragments, and words or phrases dropped into apparently unrelated
      text. Generally speaking one can discern the meaning, but deciphering
      the organization and intention of a section can be difficult. (Given
      the thrust of the book, is the author embedding hidden messages?)

      While there are issues of general security in the book, it is, first
      and last, about privacy, and primarily personal privacy. The material
      could have been structured more usefully, and written less stridently,
      but a great deal of helpful content is included. Those interested in
      privacy will find it interesting, and computer forensic specialists
      may also find it to be a handy reference.

      copyright Robert M. Slade, 2002 BKDSKWTN.RVW 20030819


      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      If you like laws and sausage, you should never watch either being
      made. - Otto von Bismarck
      http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.