Telecom

home *** CD-ROM | disk | FTP | other *** search

/ Telecom / 1996-04-telecom-walnutcreek.iso / book.reviews / virus.short.course-cohen < prev next >

Wrap

Text File | 1995-01-05 | 4KB | 83 lines

Sender: virus-l@lehigh.edu From: VIRUS-L Moderator <virus-l@assist.ims.disa.mil> Subject: VIRUS-L Digest V7 #31 Date: Tue, 10 May 1994 08:57:30 EDT Today's Topics: Book Review ---------------------------------------------------------------------- Date: Mon, 18 Apr 94 12:51:02 -0400 From: jaf@jaflrn.morse.net (Jon Freivald) Subject: Book Review A Short Course on Computer Viruses, 2nd Ed (a book review) by Jon Freivald - ------------------------------------------ Dr. Fredrick B Cohen offers a one day course for those companies and individuals who recognize the need to understand viruses before effective measures can be taken against them. He has just released the second edition of his book which is based on the contents of this course, titled "A Short Course on Computer Viruses, Second Edition" (John Wiley & Sons, Inc.; ISBN 0-471-00769-2 [book/disk], 0-471-00768-4 [book], and 0-471-00770-6 [disk]). Dr. Cohen targets this book at anyone who uses computers on a day-to-day basis, especially those who are responsible for their proper operation. While there is some math that I had to wrestle with to follow Dr. Cohen's thoughts (due to my lack of any mathematics background beyond high school algebra), most of the book is very easy to read, non-technical English, with clear and easy to follow examples. Dr. Cohen has a subtle, wry sense of humor that makes the book much more enjoyable reading than a typical technical or scientific text. The topics covered range from the basics, such as "what is a virus", through both technical and non-technical defenses, strategy and tactics, and even the specific results of tests done on network security settings. Methods of determining the actual cost of technical defenses are also presented. He also contrasts such items as secrecy versus integrity and contamination versus exposure. Numerous scenarios are explored and explained, showing both strengths and weaknesses. Some of the mathematics and mathematical "English" (user U-sub-1 runs program P-sub-1 that is infected with virus V-sub-1 at time T-sub-1) will give many readers trouble, and indeed, the book opens with an 11 line mathematical definition of a virus. The sections on exposure and cost analysis are also heavily mathematical. This does not, however, detract from the value of the rest of the book, which is extreamly readable. Many of the clear, real-world examples are ideal for use as answers when my users ask "Why?" The section on inadvertent compromise between peer networks was definitely an eye opener! While I thought myself much more knowledgeable about viruses than the "average" system administrator (yet by no means an expert), I found this book extreamly helpful and fascinating reading. It presented the issues in practical ways that I had not considered and has broadened my understanding of what we are up against (and it scares me...). "A Short Course on Computer Viruses" should be MUST reading for everyone from information security managers, auditors, network administrators, all the way to end users and home computer users. I am making it required reading in my shop! Dr. Cohen's book is 250 pages, including appendices, a "Good Joke", and an excellent annotated bibliography. The optional disk is a subset of Dr. Cohen's Integrity Toolkit and a number of cost analysis tools (a coupon is included in the book to order it separately). I have already found the disk quite helpful in dealing with our "bean counters." A Short Course on Computer Viruses is available from fine bookstores everywhere, or directly from: John Wiley & Sons, Inc. 605 Third Avenue New York, NY 10158 1-800-CALL-WILEY The price is $34.95 for the book, $44.95 for the book/disk set (they pay postage and handling on check and credit card orders). Quantity discounts are available.