[ISN] REVIEW: "Absolute PC Security and Privacy", Michael Miller

From: InfoSec News (isnat_private)
Date: Thu Jan 30 2003 - 22:34:52 PST

Forwarded from: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rsladeat_private>

BKAPCSPR.RVW   20021216

"Absolute PC Security and Privacy", Michael Miller, 2002,
0-7821-4127-7, U$34.99/C$55.95/UK#25.99
%A   Michael Miller
%C   1151 Marina Village Parkway, Alameda, CA   94501
%D   2002
%G   0-7821-4127-7
%I   Sybex Computer Books
%O   U$34.99/C$55.95/UK#25.99 800-227-2346 infoat_private
%O  http://www.amazon.com/exec/obidos/ASIN/0782141277/robsladesinterne
%P   530 p.
%T   "Absolute PC Security and Privacy: Defend Your Computer Against
      Outside Intruders"

Miller never knew much about viruses, or took them seriously, until a
friend got infected and it turned out to be more of a nuisance than he
thought.  So he decided to write a book about them.  And also about
spam, since he was annoyed by that, too.

Part one is about viruses, and other stuff.  There are so many errors
in the introduction, chapter one, that I don't know where to start. 
Since this book is obviously not written for professionals, is it
important that it was Fred Cohen, and not Len Adleman, who did the
first academic research on viruses?  No.  Is it important that the
book constantly contradicts itself (for example, promoting the idea
that virus writers are technically competent, and then pointing out
that virus creation kits require no expertise at all)?  Possibly not,
but it doesn't inspire any confidence.  Is it important that policies
to prevent 95% of current viruses are dismissed in a single paragraph,
buried in 150 pages of procedures (like the old "use only commercial
software" myth--and the book also notes that commercial software has
been distributed in an infected state) that might help protect you
from some of the remaining 5%?  Yeah, that could turn out to be
significant.  Chapter two talks about some high risk activities, but
the relevant points are hidden in a mass of relatively low peril
particulars.  Boot sector and file infectors are discussed in chapter
three, but aren't important to users any more.  Chapter four talks
about macro viruses, but the suggested actions, such as manually
deleting macros, are mostly ineffective.  The material on script
viruses, in chapter five, is quite confused: ActiveX is *not* a
scripting system, and it is pushing the facts to say that Internet
Explorer is a safe browser.  (The procedures for disabling Windows
Script Host could be useful.)  The definitions, and particularly
examples, of trojans, viruses, and worms are very confused in chapter
six.  Chapter seven examines email and IRC (Internet Relay Chat)
viruses, but concentrate on minor dangers and issues.  Chapter eight
warns against virus hoaxes, but does not tell how to identify them. 
The discussion of antiviral software in chapter nine deals *only* with
scanning, and does not properly advise on limitations and weaknesses
(such as the fact that real time, on-access, or firewall-based
scanning may be 20% less effective than manual scanning).  The other
forms of antiviral software are mentioned in chapter ten, but so
briefly as to be useless.  "Preventing Virus Attacks," in chapter
eleven, repeats earlier content.  The suggested responses to a virus
infestation, in chapter twelve, are seriously overblown.

Part two is concerned with Internet attacks.  Given the preceding
material, it is surprising that chapter thirteen provides reasonably
good background on intrusion.  But, given the tone and audience of the
book, the attacks described are not relevant to the readership: most
home users would not be able to do anything about the offensives
described.  The assaults listed in chapter fourteen are different, but
the mentions are too terse to provide any means of defence.  Chapter
fifteen suggests some good precautions, but does not explain the
implications of following them.  Chapter sixteen says that peer-to-
peer systems are dangerous, but is quite reserved given the level of
the threat and the scare tactics used elsewhere.  Network protection
systems are briefly listed in chapter seventeen.  "Choosing a
Firewall," in chapter eighteen, describes the various types too poorly
for the user to make an informed choice.  Chapter nineteen's advice on
dealing with an attack is too short to provide identification of a
real incident, and the response advice is unhelpful.

Part three supposedly deals with theft of privacy.  Chapter twenty's
overview of threats against privacy is not bad, although it does
confuse cookies, packet sniffing, and keystroke logging in the course
of a single paragraph.  A discussion of online fraud, in chapter
twenty one, is mostly about eBay, and mostly generic advice.  A
reasonable, if not extensive, set of explanations of harassment,
spyware, and cookies are given in chapters twenty two, twenty three,
and twenty four, respectively.  However, the background and
suggestions in regard to passwords and encryption, in chapter twenty
five, are weak.  The section finishes with anonymous surfing, in
chapter twenty six.

Part four covers spam.  Chapter twenty seven presents a good overview
of the basic concepts, but betrays a very weak technical understanding
of the subject.  The recommended actions for protection and prevention
are not very effective.  A more serious look at anti-spam activities
is in chapter twenty eight, but it boils down to a recommendation not
to tell anyone your email address: a suggestion that the book itself
admits is not completely effective since spammers regularly generate
random addresses to try.  In addition, the information about tracking
down and fighting against spammers is too brief to be of any use. 
Chapter twenty nine recommends against forwarding chain letters, but
probably should have more information about items such as the
technical impossibility of the messages that supposedly reward you for
the number of missives you forward, and the variations on "advance
fee" (aka "419" or "Nigerian scam") frauds.

It is unclear why "Web-Based Intrusions" could not have been covered
elsewhere without creating a part five.  Chapter thirty deals sensibly
with pop-up ads, although I am not sure why disabling JavaScript is
considered an extreme action, particularly in view of some of the
other recommendations in the book.  The advice about the use of the
hosts file, though, could be very helpful.  Inappropriate content and
filtering, in chapter thirty one, is handled rationally (if curtly),
but does not mention the hidden agendae that filtering software or
organizations may have.

Although some of the points in the book can be good, a great deal of
the material is either too short to be really useful, or questionable,
or wrong.  In terms of security guides for the average user, Crume's
"Inside Internet Security" (cf. BKININSC.RVW) is much better, and so
is "Access Denied" (cf. BKACCDEN.RVW) by Cronkhite and McCullough,
even though the latter is directed at managers.

copyright Robert M. Slade, 2002   BKAPCSPR.RVW   20021216

rsladeat_private  rsladeat_private  sladeat_private p1at_private
Find book info victoria.tc.ca/techrev/ or sun.soci.niu.edu/~rslade/
Upcoming (ISC)^2 CISSP CBK review seminars (+1-888-333-4458):
          March 31, 2003           Indianapolis, IN

ISN is currently hosted by Attrition.org

To unsubscribe email majordomoat_private with 'unsubscribe isn'
in the BODY of the mail.

This archive was generated by hypermail 2b30 : Fri Jan 31 2003 - 01:53:36 PST