Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Zero Day", Mark Russinovich

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Han
    BKZERDAY.RVW 20111109 Zero Day , Mark Russinovich, 2011, 978-0-312-61246-7, U$24.99/C$28.99 %A Mark Russinovich www.zerodaythebook.com
    Message 1 of 1 , Jan 4, 2012
    • 0 Attachment
      BKZERDAY.RVW 20111109

      "Zero Day", Mark Russinovich, 2011, 978-0-312-61246-7, U$24.99/C$28.99
      %A Mark Russinovich www.zerodaythebook.com markrussinovich@...
      %C 175 Fifth Ave., New York, NY 10010
      %D 2011
      %G 978-0-312-61246-7 0-312-61246-X
      %I St. Martin's Press/Thomas Dunne Books
      %O U$24.99/C$28.99 212-674-5151 fax 800-288-2131
      %O josephrinaldi@... christopherahearn@...
      %O http://www.amazon.com/exec/obidos/ASIN/031261246X/robsladesinterne
      http://www.amazon.co.uk/exec/obidos/ASIN/031261246X/robsladesinte-21
      %O http://www.amazon.ca/exec/obidos/ASIN/031261246X/robsladesin03-20
      http://www.amazon.com/gp/mpd/permalink/m3CQBX46DOK0AK/ref=ent_fb_link
      %O Audience n Tech 1 Writing 1 (see revfaq.htm for explanation)
      %P 328 p.
      %T "Zero Day"

      Mark Russinovich has definitely made his name, in technical terms,
      with Winternals and Sysinternals. There is no question that he knows
      the insides of computers.

      What is less certain is whether he knows how to write about it within
      the strictures of a work of fiction. The descriptions of digital
      forensics and computer operation in this work are just as confusing,
      to the technically knowledgeable, as those we regularly deride from
      technopeasant authors. "[T]he first thing Jeff noted was that he
      couldn't detect *any* data on the hard disk." (Emphasis in the book.)
      Jeff then goes on to find some, and notes that there are "bits and
      pieces of the original operating system." Now there is a considerable
      difference between not finding *any* data, and having a damaged
      filesystem, and Russinovich knows this perfectly well. Our man Jeff
      is a digital forensics hacker of the first water, and wouldn't give a
      fig if he couldn't see "the standard C: drive icon."

      Generally, you would think that the reason a technically competent
      person would write a novel about cyberwar would be in order to inject
      a little reality into things. Well, reality seems to be in short
      supply in this book.

      First of all, this is the classic geek daydream of being the ultimate
      'leet hacker in the world. The Lone Hacker. Hiyo SysInfo, away! He
      has all the tools, and all that smarts, about all aspects of
      technology. Sorry, just not possible any more. This lone hacker
      image is unrealistic, and the more so because it is not necessary.
      There are established groups in the malware community (among others),
      and these would be working together on a problem of this magnitude.
      (Interestingly, these are generally informal groups, not the
      government/industry structures which the book both derides and relies
      upon.)

      Next, all the female geeks (and there are a lot) are "hot." 'Nuff
      said.

      The "big, bad, new" virus is another staple of the fictional realms
      which does not exist in reality. Viruses can be built to reproduce
      rapidly. In that case, they get noticed quickly. Or, they may be
      created to spread slowly and carefully, in which case they can take a
      while to be detected, but they also take a long time to get into
      place.

      Anti-malware companies don't necessarily rely on honeypots (which are
      usually there to collect information on actual intruders), but they do
      have bait machines that sit and wait to be infected (by worms) or
      emulate the activity of users who are willing to click on any link or
      open any file (for viruses). Malware can be designed to fail to
      operate (or even delete itself) under certain conditions, and those
      conditions could include certain indications of a test environment.
      However, the ability to actively avoid machines that might be
      collecting malware samples would be akin to a form of digital mental
      telepathy.

      Rootkits, as described in the novel, are no different than the stealth
      technology that viruses have been using for decades. There are always
      ways of detecting stealth, and rootkits, and, generally speaking, as
      soon as you suspect that one might be in operation you start to have
      ideas about how to find it.

      A backup is a copy of data. When it is restored, it is copied back
      onto the computer, but there is no need for the backup copy to be
      destroyed by that process. Therefore, if a system-restored-from-
      backup crashes, nothing is lost but time. You still have the backup,
      and can try again (this time with more care). In fact, the first time
      you have any indication that the system might be corrupted enough to
      crash, you would probably try to recover the files with an alternate
      operating system. (But, yes, I can see how that might not occur to
      someone who works for Microsoft.) After all, the most important thing
      you've got on your system is the data, and the data can usually be
      read on any system, and with a wide variety of programs. (Data files
      from a SQL Server database could be retrieved not only with other SQL
      programs, but with pretty much any relational database.)

      Some aspects are realistic. The precautions taken in communications,
      with throwaway email addresses and out-of-band messaging, are the type
      that would be used in those situations. There is a lot of real
      technology described in the book. (Although I was slightly bemused by
      the preference for CDs for data and file storage: that seems a bit
      quaint now that everyone is using USB drives.) The need, in this type
      of work, for a level of focus that precludes all other distractions,
      and the boredom of trying step after step and possibility after
      possibility are real. The neglect of security and the attendant false
      confidence that one is immune to attack are all too real. But in a
      number of the technical areas the descriptions are careless enough to
      be completely misleading to those not intimately familiar with the
      technology and the information security field. Which is just as bad
      as not knowing what you are talking about in the first place.

      Other forms of technology should have had a little research. Yes,
      flying an airliner across an ocean is boring. That's why the software
      designers behind the interface on said airliners have the computer
      keep asking the pilots to check things: keeps the pilots from zoning
      out. I don't know how quickly you can "reboot" the full control
      system in an airplane, but the last one I was on that did it took
      about fifteen minutes to even get the lights back on. I doubt that
      would be fast enough to do (twice) in order to pull a plane out of a
      dive. And if you are in a high-G curve to try and keep the plane out
      of the water, a sudden cessation of G-forces would mean that a) the
      plane had stalled (again) (very unlikely), or b) the wings had come
      off. Neither of which would be a good thing. (And, yes, the Spanair
      computer that was tracking technical problems at the time was infected
      with a virus, but, no, that had nothing to do with the crash.)

      Russinovich's writing is much the same as that of many mid-level
      thriller writers. His plotting is OK, although the attempt to
      heighten tension, towards the end, by having "one darn thing after
      another" happen is a style that is overused, and isn't very compelling
      in this instance. On the down side, his characters are all pretty
      much the same, and through much of the book the narrative flow is
      extremely disjointed.

      Overall, this is a reasonable, though unexceptional, thriller. He was
      fortunate in being able to get Bill Gates and Howard Schmidt to write
      blurbs for it, but that still doesn't make it any more realistic than
      the mass of cyberthrillers now coming on the market.

      copyright, Robert M. Slade 2011 BKZERDAY.RVW 20111109


      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      Prince Edward: You're not singing.
      Giselle: Oh. Oh, no I'm not. Well, I was just thinking.
      Prince Edward: [perplexed] Think-ing...? - Enchanted
      victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
      http://blogs.securiteam.com/index.php/archives/author/p1/
      http://twitter.com/rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.