REVIEW: "Rootkits for Dummies", Larry Stevenson/Nancy Altholz
- BKRTKTDM.RVW 20070228
"Rootkits for Dummies", Larry Stevenson/Nancy Altholz, 2007,
%A Larry Stevenson @...
%A Nancy Altholz @...
%C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8
%I John Wiley & Sons, Inc.
%O U$29.99/C$35.99/UK#19.99 416-236-4433 fax: 416-236-4448
%O Audience s- Tech 2 Writing 1 (see revfaq.htm for explanation)
%P 380 p.
%T "Rootkits for Dummies"
Part one outlines the basics of rootkits. Chapter one defines malware
and rootkits, although many of the definitions are rather careless.
For example, rootkits are defined, properly, in terms of software for
hiding processes or other evidence of intrusions on the computer, but
various passages in the chapter imply that rootkits are viruses or
other similar malware, or that rootkits are simply any stealthy
program. Resistance, recognition, and recovery are given, in chapter
two, as the keys to having a resilient system. These themes are
expanded in parts two to four, but the content provided in chapter two
is not terribly helpful.
Part two turns to resistance. Chapter three reviews intermediate
level computer maintenance: many of the suggestions are beyond the
capabilities of the average user. Similarly, chapter four's
recommendations are good, but much of the advice would be difficult
for a non-specialist to perform, and the explanations for items such
as limited user accounts would not be sufficient to get them through
the full process. It is always good to suggest users keep up to date
with patches, but chapter five does not provide any of the
alternatives to the Windows Update site. Miscellaneous measures are
listed in a disorganized fashion in chapter six. Some of the material
duplicates that given in chapter four, but there still isn't enough
detail for the instructions to be useful for most readers.
Recognition makes up part three. Chapter seven looks at various
interesting means rootkits use to hide, but there is also a lot of
uninformative verbiage taking up space, here. Detection, in chapter
eight, is mostly restricted to advanced activities and limited
information is provided to the reader. Chapter nine describes both
general system tools and also software specific to rootkit detection.
Although part four is supposed to be about recovery, the material is
scant. An assortment of utilities, some for recovery, but a number
for forensics, are described in chapter ten. Eleven covers the
process of erasing the hard disk and re-installing Windows.
Part five lists ten rootkits, in chapter twelve, and twelve security
sites in thirteen.
There is no indication as to the intended audience for this book. The
material is, in most sections, far beyond the capabilities of the
average computer user, and a great deal is even beyond the normal
level of the average help desk worker or system administrator. At the
same time, the specialist or researcher will find much of the text to
be useless or superfluous, and even some of the professional class
content is poorly explained for those who are not thoroughly familiar
with certain utilities. The work will have some value, particularly
for those in rarified fields of research, but the lack of consistency
will limit that value.
copyright Robert M. Slade, 2007 BKRTKTDM.RVW 20070228
====================== (quote inserted randomly by Pegasus Mailer)
rslade@... slade@... rslade@...
You can't wait for inspiration. You have to go after it with a
club. - Jack London
Dictionary of Information Security www.syngress.com/catalog/?pid=4150