[ISN] Book review: "Computer Security for the Home and Small Office" by Thomas C. Greene

From: InfoSec News (isn@private)
Date: Wed Jun 02 2004 - 02:12:38 PDT

  • Next message: brennan stewart: "Re: On the Other hand: Re: [ISN] Auditors warn of foreign risks to weapons software"

    http://www.powells.com/cgi-bin/partner?partner_id=28327&cgi=product&isbn=1-59059-316-2
    
    Computer Security for the Home and Small Office
    Thomas C. Greene
    Paperback - 405 pages (2004)
    $39.99 - Apress ISBN: 1-59059-316-2
    
    [Full Disclosure: I have been quoted by Greene for past articles in a 
    friendly/professional capacity. He has also written articles that were 
    accusatory to me and attrition.org in the past. Translated: I owe him 
    nothing.]
    
    The first and most obvious question that will come to some people is 
    where an alleged hack from The Register [1] gets off writing a book on 
    computer security. After reading the entire book, you'll understand 
    that his last five years covering computer security and playing 
    Windows solitaire has paid off. Just as he writes his news material in 
    an "irreverent editorial style", so shall I in this quippy review.
    
    Computer security isn't just for hackers or professionals, it's 
    something every computer owner and operator should be aware of. When 
    we read about the worm-of-the-week, it is infecting and compromising 
    tens of thousands of machines, often owned by you, the end user. How 
    are the average computer users expected to protect their home systems 
    when security is a discipline and career? In the past, they were 
    expected to read web sites, trust Microsoft and possibly struggle 
    through an overly technical book detailing the ins and outs of 
    firewalls or other security technology. Some books came out to address 
    this issue but ended up being dull, covering the absolute basics while 
    ignoring serious issues, or contained more errors than facts. After 
    all this time, one book seems to be ideal for the everyday user, and 
    read to educate them on more than configuring a Windows machine or 
    personal router.
    
    Overall, the book favors the end Windows user in time spent explaining 
    the gritty details of basic security. However, neophyte Linux users 
    will be able to learn some of the basics as applies to them, as Greene 
    considers both platforms when dealing out information. Using plain 
    wording unencumbered by superflous jargon, the lessons you need are 
    easy to understand, well organized and well written. Fortunately for 
    you, the book was technically reviewed by Robert Slade [2] before 
    hitting the shelves, and it shows. It's a pleasant change of pace 
    reading a book without sighing in disgust every few pages when the 
    author typically proves they are better off working at McDonalds. The 
    Greene/Slade combination is definitely worthy of Subway.
    
    The last third of the book moves beyond configuring your computer and 
    delves into the single most aspect of computer security: Common Sense 
    and Awareness. Rather than continue on with tech tips, Greene opts to 
    educate the end user about the security industry, which is a blessing 
    in disguise. Later chapters warn you on FUD (Fear, Unscertainty and 
    Doubt), how to avoid industry charlatans, and how to apply common 
    sense toward keeping unwanted people out of your system.
    
    Greene also delves into some of the great debates of our time, like 
    open vs closed operating systems (Windows vs Linux). His journalistic 
    experience shines through here and Greene delivers perhaps the single 
    best summary of why Linux may be a better option for you than Windows. 
    He dispels the myth that it is too complex, that it doesn't run the 
    programs you want, and the shortcomings of Windows. 
    
    The last section covers a wide variety of topics that move beyond the 
    personal computer and into daily life, as computers may affect you. 
    This is a nice touch as a large part of the population doesn't follow 
    technology news despite the drastic effects it can have on your life. 
    By understanding what is looming around the corner, you can better 
    prepare for changes that affect the Internet, your computer, and your 
    security.
    
    No review is complete without a little criticism! The biggest 
    complaint I can direct at this book is the practice of lengthy and 
    largely worthless Appendix. Starting on page 297 (Appendix B) and 
    ending on page 392 (Appendix C), about half of the material would have 
    been better left on Greene's new website [3]. Giving us long lists of 
    trojan port numbers for example, isn't the most helpful thing you 
    could have filled those pages with.
    
    All in all, if you are an average Joe when it comes to computers and 
    security, grab a copy of this book. It *will* help you learn what you 
    need to know, and it will make you realize that security is more than 
    tweaking options on a computer configuration screen. That lesson is 
    still hard to teach to some so-called security professionals, but one 
    you will learn rapidly with this book.
    
    [1] http://www.theregister.com/
    
    [2] http://victoria.tc.ca/int-grps/books/techrev/mnbk.htm
    
    [3] http://www.basicsec.org/
    
    
    
    
    _________________________________________
    ISN mailing list
    Sponsored by: OSVDB.org
    



    This archive was generated by hypermail 2b30 : Wed Jun 02 2004 - 04:46:18 PDT