Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Malware: Fighting Malicious Code", Ed Skoudis

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKMLWFMC.RVW 20031202 Malware: Fighting Malicious Code , Ed Skoudis, 2004, 0-13-101405-6, U$44.99/C$67.99 %A Ed Skoudis %C One Lake St., Upper Saddle
    Message 1 of 1 , Feb 19, 2004
      BKMLWFMC.RVW 20031202

      "Malware: Fighting Malicious Code", Ed Skoudis, 2004, 0-13-101405-6,
      %A Ed Skoudis
      %C One Lake St., Upper Saddle River, NJ 07458
      %D 2004
      %G 0-13-101405-6
      %I Prentice Hall
      %O U$44.99/C$67.99 +1-201-236-7139 fax: +1-201-236-7131
      %O http://www.amazon.com/exec/obidos/ASIN/0131014056/robsladesinterne
      %O http://www.amazon.ca/exec/obidos/ASIN/0131014056/robsladesin03-20
      %P 647 p.
      %T "Malware: Fighting Malicious Code"

      Chapter one introduces, but also mixes up, all kinds of malware,
      attack tools, and attacks. It does eventually provide a table of
      types of malware, but the definitions are not very clear or explicit.
      Chapter two has wide ranging, but careless, information about viruses.
      The strictly Cohenesque definition eliminates boot sector infectors
      from consideration, which is rather ironic given the prominence that
      they are given in the chapter. There is a confused outline of
      infection mechanisms. Many of the assertions made are based on
      questionable analysis: Strange Brew is stated to be potentially
      dangerous because of platform independence, but there is no mention of
      the fact that it fails as an applet, which is the most mobile form of
      Java code. Random thoughts on worms are in chapter three, with
      defence measures seemingly a vague afterthought. Malicious mobile
      code is limited to active content for Web pages in chapter four.
      Chapter five confuses maintenance hooks and rootkits, but mostly
      describes remote access trojans. Trojans, or trojan horse programs,
      are the broadest class of malicious software, so it is not surprising
      that chapter six is an unfocused grab bag: what is odd is that there
      is so much content that is a repeat of earlier material. Chapter
      seven deals with "user-mode" rootkits, providing lengthy examples
      which are nonetheless vague on concepts. "Kernel-mode" rootkits, in
      chapter eight, goes into excruciating operating system internals
      detail about how such software can be inserted into the system. Both
      chapters concentrate heavily on UNIX, with only limited mention of
      Windows, and both are primarily concerned about how to attack, with
      little attention paid to defence. ("Harden systems and apply
      patches.") Chapter nine theorizes about BIOS (Basic Input/Output
      System) and microcode malware, managing to confuse not only the two
      concepts with each other, but also with standard rootkits. A number
      of fictional attacks are outlined in chapter ten, although the
      "mistakes" pointed out do suggest some protective measures that might
      be of use. Chapter eleven lists hardware and software for building a
      setup to analyze malware. The book concludes with some opining in
      chapter twelve.

      The text is much more verbose than it really needs to be, and
      sensational rather than precise. There is a lot of specific detail in
      some areas, particularly for those interested in UNIX system
      internals, but the material on malware itself tends to be careless,
      and the author is obviously much keener on attacking than defending.
      This work does not offer much help to those who want to fight
      malicious code.

      copyright Robert M. Slade, 2003 BKMLWFMC.RVW 20031202

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      Keep away from people who try to belittle your ambitions. Small
      people always do that, but the really great make you feel that
      you, too, can become great. - Mark Twain
      http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.