home *** CD-ROM | disk | FTP | other *** search
- Sender: virus-l@lehigh.edu
- From: VIRUS-L Moderator <virus-l@assist.ims.disa.mil>
- Subject: VIRUS-L Digest V7 #31
- Date: Tue, 10 May 1994 08:57:30 EDT
-
- Today's Topics:
- Book Review
- ----------------------------------------------------------------------
- Date: Mon, 18 Apr 94 12:51:02 -0400
- From: jaf@jaflrn.morse.net (Jon Freivald)
- Subject: Book Review
-
- A Short Course on Computer Viruses, 2nd Ed (a book review) by Jon Freivald
- - ------------------------------------------
-
- Dr. Fredrick B Cohen offers a one day course for those companies and
- individuals who recognize the need to understand viruses before
- effective measures can be taken against them. He has just released
- the second edition of his book which is based on the contents of this
- course, titled "A Short Course on Computer Viruses, Second Edition"
- (John Wiley & Sons, Inc.; ISBN 0-471-00769-2 [book/disk],
- 0-471-00768-4 [book], and 0-471-00770-6 [disk]).
-
- Dr. Cohen targets this book at anyone who uses computers on a
- day-to-day basis, especially those who are responsible for their
- proper operation. While there is some math that I had to wrestle with
- to follow Dr. Cohen's thoughts (due to my lack of any mathematics
- background beyond high school algebra), most of the book is very easy
- to read, non-technical English, with clear and easy to follow
- examples. Dr. Cohen has a subtle, wry sense of humor that makes the
- book much more enjoyable reading than a typical technical or
- scientific text.
-
- The topics covered range from the basics, such as "what is a virus",
- through both technical and non-technical defenses, strategy and
- tactics, and even the specific results of tests done on network
- security settings. Methods of determining the actual cost of
- technical defenses are also presented.
-
- He also contrasts such items as secrecy versus integrity and
- contamination versus exposure. Numerous scenarios are explored and
- explained, showing both strengths and weaknesses.
-
- Some of the mathematics and mathematical "English" (user U-sub-1 runs
- program P-sub-1 that is infected with virus V-sub-1 at time T-sub-1)
- will give many readers trouble, and indeed, the book opens with an 11
- line mathematical definition of a virus. The sections on exposure and
- cost analysis are also heavily mathematical. This does not, however,
- detract from the value of the rest of the book, which is extreamly
- readable.
-
- Many of the clear, real-world examples are ideal for use as answers
- when my users ask "Why?" The section on inadvertent compromise
- between peer networks was definitely an eye opener!
-
- While I thought myself much more knowledgeable about viruses than the
- "average" system administrator (yet by no means an expert), I found
- this book extreamly helpful and fascinating reading. It presented the
- issues in practical ways that I had not considered and has broadened
- my understanding of what we are up against (and it scares me...).
-
- "A Short Course on Computer Viruses" should be MUST reading for
- everyone from information security managers, auditors, network
- administrators, all the way to end users and home computer users.
- I am making it required reading in my shop!
-
- Dr. Cohen's book is 250 pages, including appendices, a "Good Joke",
- and an excellent annotated bibliography. The optional disk is a
- subset of Dr. Cohen's Integrity Toolkit and a number of cost analysis
- tools (a coupon is included in the book to order it separately). I
- have already found the disk quite helpful in dealing with our "bean
- counters." A Short Course on Computer Viruses is available from fine
- bookstores everywhere, or directly from:
-
- John Wiley & Sons, Inc.
- 605 Third Avenue
- New York, NY 10158
- 1-800-CALL-WILEY
-
- The price is $34.95 for the book, $44.95 for the book/disk set (they
- pay postage and handling on check and credit card orders). Quantity
- discounts are available.
-
