Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "The Myths of Security", John Viega

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Han
    BKMTHSEC.RVW 20091221 The Myths of Security , John Viega, 2009, 978-0-596-52302-2, U$29.99/C$37.99 %A John Viega viega@list.org %C 103 Morris Street,
    Message 1 of 1 , Jul 29, 2010
      BKMTHSEC.RVW 20091221

      "The Myths of Security", John Viega, 2009, 978-0-596-52302-2,
      %A John Viega viega@...
      %C 103 Morris Street, Suite A, Sebastopol, CA 95472
      %D 2009
      %G 978-0-596-52302-2 0-596-52302-5
      %I O'Reilly & Associates, Inc.
      %O U$29.99/C$37.99 800-998-9938 fax: 707-829-0104 nuts@...
      %O http://www.amazon.com/exec/obidos/ASIN/0596523025/robsladesinterne
      %O http://www.amazon.ca/exec/obidos/ASIN/0596523025/robsladesin03-20
      %O Audience i Tech 1 Writing 1 (see revfaq.htm for explanation)
      %P 238 p.
      %T "The Myths of Security"

      The foreword states that McAfee does a much, much better job of
      security than other companies. The preface states that computer
      security is difficult, that people, particularly computer users, are
      uninformed about computer security, and that McAfee does a much better
      job of security than other companies. The author also notes that it
      is much more fun to write a book that is simply a collection of your
      opinions than one which requires work and technical accuracy.

      The are forty-eight "chapters" in the book, most only two or three
      pages long. As you read through them, you will start to notice that
      they are not about information security in general, but concentrate
      very heavily on the antivirus (AV) field.

      After an initial point that most technology has a poor user interface,
      a few more essays list some online dangers. Viega goes on to note a
      number of security tools which he does not use, himself. He then
      argues unconvincingly that free antivirus software is not a good
      thing, unclearly that Google is evil, and incompletely that AV
      software doesn't work. (I've been working in the antivirus research
      field for a lot longer than the author, and I'm certainly very aware
      that there are problems with all forms of AV: but there are more forms
      of AV in heaven and earth than are dreamt of in his philosophy. By
      the way, John, Fred Cohen listed all the major forms of AV technology
      more than twenty-*five* years ago.) The author subsequently jumps
      from this careless technical assessment to a very deeply technical
      discussion of the type of hashing or searching algorithms that AV
      companies should be using. And thence to semi-technical (but highly
      opinionated) pieces on how disclosure, or HTTPS, or CAPTCHA, or VPNs
      have potential problems and therefore should be destroyed. Eventually
      all pretence at analysis runs out, and some of the items dwindle down
      to three or four paragraphs of feelings.

      For those with extensive backgrounds in the security field, this work
      might have value. Not that you'll learn anything, but that the biases
      presented may run counter to your own, and provide a foil to test your
      own positions. However, those who are not professionals in the field
      might be well to avoid it, lest they become mythinformed.

      copyright Robert M. Slade, 2009 BKMTHSEC.RVW 20091221

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      Computers are useless. They can only give you answers.
      - Pablo Picasso
      victoria.tc.ca/techrev/rms.htm blog.isc2.org/isc2_blog/slade/index.html
      http://www.infosecbc.org/links http://twitter.com/rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.