REVIEW: "The Myths of Security", John Viega
- BKMTHSEC.RVW 20091221
"The Myths of Security", John Viega, 2009, 978-0-596-52302-2,
%A John Viega viega@...
%C 103 Morris Street, Suite A, Sebastopol, CA 95472
%G 978-0-596-52302-2 0-596-52302-5
%I O'Reilly & Associates, Inc.
%O U$29.99/C$37.99 800-998-9938 fax: 707-829-0104 nuts@...
%O Audience i Tech 1 Writing 1 (see revfaq.htm for explanation)
%P 238 p.
%T "The Myths of Security"
The foreword states that McAfee does a much, much better job of
security than other companies. The preface states that computer
security is difficult, that people, particularly computer users, are
uninformed about computer security, and that McAfee does a much better
job of security than other companies. The author also notes that it
is much more fun to write a book that is simply a collection of your
opinions than one which requires work and technical accuracy.
The are forty-eight "chapters" in the book, most only two or three
pages long. As you read through them, you will start to notice that
they are not about information security in general, but concentrate
very heavily on the antivirus (AV) field.
After an initial point that most technology has a poor user interface,
a few more essays list some online dangers. Viega goes on to note a
number of security tools which he does not use, himself. He then
argues unconvincingly that free antivirus software is not a good
thing, unclearly that Google is evil, and incompletely that AV
software doesn't work. (I've been working in the antivirus research
field for a lot longer than the author, and I'm certainly very aware
that there are problems with all forms of AV: but there are more forms
of AV in heaven and earth than are dreamt of in his philosophy. By
the way, John, Fred Cohen listed all the major forms of AV technology
more than twenty-*five* years ago.) The author subsequently jumps
from this careless technical assessment to a very deeply technical
discussion of the type of hashing or searching algorithms that AV
companies should be using. And thence to semi-technical (but highly
opinionated) pieces on how disclosure, or HTTPS, or CAPTCHA, or VPNs
have potential problems and therefore should be destroyed. Eventually
all pretence at analysis runs out, and some of the items dwindle down
to three or four paragraphs of feelings.
For those with extensive backgrounds in the security field, this work
might have value. Not that you'll learn anything, but that the biases
presented may run counter to your own, and provide a foil to test your
own positions. However, those who are not professionals in the field
might be well to avoid it, lest they become mythinformed.
copyright Robert M. Slade, 2009 BKMTHSEC.RVW 20091221
====================== (quote inserted randomly by Pegasus Mailer)
rslade@... slade@... rslade@...
Computers are useless. They can only give you answers.
- Pablo Picasso