Review: Absolute PC Security and Privacy
Review: Absolute PC Security and Privacy
Miller never knew much about viruses, or took them seriously, until a friend got infected and it turned out to be more of a nuisance than he thought. So he decided to write a book about them. And also about spam, since he was annoyed by that, too.
|Title||Absolute PC Security and Privacy|
|Publisher||Sybex Computer Books|
Summary and Opinions:
Part one is about viruses, and other stuff. There are so many errors in the introduction, chapter one, that I don't know where to start. Since this book is obviously not written for professionals, is it important that it was Fred Cohen, and not Len Adleman, who did the first academic research on viruses? No. Is it important that the book constantly contradicts itself (for example, promoting the idea that virus writers are technically competent, and then pointing out that virus creation kits require no expertise at all)? Possibly not, but it doesn't inspire any confidence. Is it important that policies to prevent 95% of current viruses are dismissed in a single paragraph, buried in 150 pages of procedures (like the old "use only commercial software" myth--and the book also notes that commercial software has been distributed in an infected state) that might help protect you from some of the remaining 5%? Yeah, that could turn out to be significant. Chapter two talks about some high risk activities, but the relevant points are hidden in a mass of relatively low peril particulars. Boot sector and file infectors are discussed in chapter three, but aren't important to users any more. Chapter four talks about macro viruses, but the suggested actions, such as manually deleting macros, are mostly ineffective. The material on script viruses, in chapter five, is quite confused: ActiveX is *not* a scripting system, and it is pushing the facts to say that Internet Explorer is a safe browser. (The procedures for disabling Windows Script Host could be useful.) The definitions, and particularly examples, of trojans, viruses, and worms are very confused in chapter six. Chapter seven examines email and IRC (Internet Relay Chat) viruses, but concentrate on minor dangers and issues. Chapter eight warns against virus hoaxes, but does not tell how to identify them. The discussion of antiviral software in chapter nine deals *only* with scanning, and does not properly advise on limitations and weaknesses (such as the fact that real time, on-access, or firewall-based scanning may be 20% less effective than manual scanning). The other forms of antiviral software are mentioned in chapter ten, but so briefly as to be useless. "Preventing Virus Attacks," in chapter eleven, repeats earlier content. The suggested responses to a virus infestation, in chapter twelve, are seriously overblown.
Part two is concerned with Internet attacks. Given the preceding material, it is surprising that chapter thirteen provides reasonably good background on intrusion. But, given the tone and audience of the book, the attacks described are not relevant to the readership: most home users would not be able to do anything about the offensives described. The assaults listed in chapter fourteen are different, but the mentions are too terse to provide any means of defence. Chapter fifteen suggests some good precautions, but does not explain the implications of following them. Chapter sixteen says that peer-to- peer systems are dangerous, but is quite reserved given the level of the threat and the scare tactics used elsewhere. Network protection systems are briefly listed in chapter seventeen. "Choosing a Firewall," in chapter eighteen, describes the various types too poorly for the user to make an informed choice. Chapter nineteen's advice on dealing with an attack is too short to provide identification of a real incident, and the response advice is unhelpful.
Part four covers spam. Chapter twenty seven presents a good overview of the basic concepts, but betrays a very weak technical understanding of the subject. The recommended actions for protection and prevention are not very effective. A more serious look at anti-spam activities is in chapter twenty eight, but it boils down to a recommendation not to tell anyone your email address: a suggestion that the book itself admits is not completely effective since spammers regularly generate random addresses to try. In addition, the information about tracking down and fighting against spammers is too brief to be of any use. Chapter twenty nine recommends against forwarding chain letters, but probably should have more information about items such as the technical impossibility of the messages that supposedly reward you for the number of missives you forward, and the variations on "advance fee" (aka "419" or "Nigerian scam") frauds.
Although some of the points in the book can be good, a great deal of the material is either too short to be really useful, or questionable, or wrong. In terms of security guides for the average user, Crume's "Inside Internet Security" (cf. BKININSC.RVW) is much better, and so is "Access Denied" (cf. BKACCDEN.RVW) by Cronkhite and McCullough, even though the latter is directed at managers.
Rob Slade is a data communications and security specialist from North Vancouver, British Columbia, Canada. His first love is teaching, and he got into computers because of an interest in what they could do in improving the education process in the public school system. He still has links with the education system in BC with both grade school and the college system, and writes and speaks for the computer educators in the province. He has a B.Sc. from the University of BC, an M.S. (in Computer and Information Science Education, which no one can ever remember) from the University of Oregon, and a Diploma of Christian Studies from Regent College. He is the founder of the DECUS Canada Education and Training SIG.