[ISN] REVIEW: "Always Use Protection", Dan Appleman

From: InfoSec News (isn@private)
Date: Tue Dec 27 2005 - 00:23:32 PST


Forwarded from: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rMslade@private>

BKALUSPR.RVW   20050805

"Always Use Protection", Dan Appleman, 2004, 1-59059-326-X, U$17.99
%A   Dan Appleman www.alwaysuseprotection.com
%C   2560 Ninth Street, Suite 219, Berkeley, CA   94710
%D   2004
%G   1-59059-326-X
%I   Apress
%O   U$17.99 510-549-5930 fax 510-549-5939 info@private
%O  http://www.amazon.com/exec/obidos/ASIN/159059326X/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/159059326X/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/159059326X/robsladesin03-20
%O   Audience i+ Tech 2 Writing 2 (see revfaq.htm for explanation)
%P   266 p.
%T   "Always Use Protection: A Teen's Guide to Safe Computing"

In the introduction, the author is at pains to point out that this is
not another "don't talk to strangers in chat rooms" book.  He seems to
be primarily concerned with virus infections and other malware.

Part one is about protecting the computer.  Chapter one is a very
brief mention of the possibility of gremlins in your machine.  Some
sloppy definitions of malware and a warning about cyberterrorism are
in chapter two.  There is some good advice on avoiding virus
infections in chapter three.  Unfortunately, there is also a lot of
questionable or useless material that will not give the reader any
protection.  Chapter four's advice on antivirus scanners isn't
necessarily wrong, but it certainly isn't great.  It's marginally
better than just saying "get antiviral software," but not by much. 
"Firewalls" (chapter five) deals only with network address translation
and packet filtering types, and is not clear about their limitations. 
The details on configuring routers tend to be both too specific to a
particular model, and also not technical enough to provide real
assistance.  Windows Update does not work well with older versions of
Windows, and generally refuses to work with non-Internet Explorer
browsers, which chapter six fails to mention.  Chapter seven is a bit
of a grab bag: some good suggestions on securing the Outlook email
client, some good but incomplete material on services, and three basic
recommendations on wireless LANs which are good as far as they go. 
(Changing the SSID is fine, but if you keep broadcasting the
information it doesn't do much good, and Wired Equivalent Privacy
encryption will protect you against those who don't even know they are
logging on to your network, as well as those opportunists who only
want a free Internet connection, but it is hardly secure against even
the novices among your script kiddie friends.)  The advice on backups,
in chapter eight, is actually realistic.  Chapter nine is quite a
complex troubleshooting tool to use if you have been hit, and I really
don't know how useful it would be in that case.

Part two deals with privacy.  Chapter ten discusses identity theft,
but glosses over the most common form, simple impersonation.  Some
generic, but decent, advice on passwords is provided in chapter
eleven.  Chapter twelve has a good overview of the personal
information on your machine that you may not know about.  Various ways
that your data can be collected, and some things you can do to prevent
it, is in chapter thirteen, but in rather random and ragged fashion.

Part three examines some more direct attacks.  Chapter fourteen
suggests that chat rooms aren't all *that* dangerous, and has some
brief words of advice.  Some of the more common scams (mostly email)
are listed in chapter fifteen.

This book is better than nothing, quite a lot better.  (Thomas
Greene's "Computer Security for the Home and Small Office" [cf.
BKCMSCHO.RVW] is more complete and technically accurate, but few teens
will be interested enough to follow it all the way through.)  In fact,
I can think of quite a few adults who should read this book.  They
won't be completely protected, or even mostly protected, but they'll
have fewer problems.

copyright Robert M. Slade, 2005   BKALUSPR.RVW   20050805


======================  (quote inserted randomly by Pegasus Mailer)
rslade@private      slade@private      rslade@private
A realist is somebody who thinks the world is simple enough to be
understood.  It isn't.                             - Donald Westlake
http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade



_________________________________________
Earn your Master's degree in Information Security ONLINE
www.msia.norwich.edu/csi
Study IA management practices and the latest infosec issues.
Norwich University is an NSA Center of Excellence.



This archive was generated by hypermail 2.1.3 : Tue Dec 27 2005 - 01:21:27 PST