BKESCMSC.RVW 20070104 "Essential Computer Security", Tony Bradley, 2006, 1-59749-114-4, U$29.95/C$38.95 %A Tony Bradley tony@s3kur3.com %C 800 Hingham Street, Rockland, MA 02370 %D 2006 %G 1-59749-114-4 978-1-59749-114-3 %I Syngress Media, Inc. %O U$29.95/C$38.95 781-681-5151 fax: 781-681-3585 www.syngress.com %O http://www.amazon.com/exec/obidos/ASIN/1597491144/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/1597491144/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/1597491144/robsladesin03-20 %O Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation) %P 279 p. %T "Essential Computer Security" The introduction makes the usual analogy to an appliance and the owner's manual that would come with it, noting that a computer is much too complex, and has too many possible applications to have that kind of manual. Then it goes on to say that this book is that kind of manual. Next, it refers to the use of the Internet and seems to concentrate on those areas of use, despite the fact that a number of other uses for the computer had previously been mentioned. Even when limiting the computer operation to the one area of bare computer networking, this activity would still be the most complex and dangerous of those in common employment. Therefore, the promise that this work will give security (and, presumably, computer) neophytes the background they would require in order to function safely in a networked (including wireless) environment with even the most basic Internet applications is still a very tall order. Part one supposedly covers the bare essentials, with chapter one addressing fundamental Windows security. Unfortunately, while the material does note some of the basic Windows security tools, it does not provide the "bare essentials" level of detail that would help a completely naive user to effect any significant increase in protection. The utilities and usage are effectively described, but the settings of group privilege levels, for example, will require a great deal more effort and understanding on the part of the home computer owner. Some simple techniques for choosing stronger passwords are given in chapter two, although the additional protection yielded by adherence to the suggestions is limited. The content on malware, in chapter three, is not as bad as some, but still has a number of factual errors. (The advice on protection does not address the different types of protection or the actions to avoid to reduce threat levels, but is limited to the promotion of a few commercial products.) Chapter four suggests that users turn on Automatic Updates (which is probably not terribly useful if you are not running Windows XP). Part two is entitled "More Essential Security," which seems to need some definition. Is this simply more of the same as was given in part one (in which case why is there a part two) or is this security "more essential" than the first part (in which case why are they in this order). Chapter five shows some screenshots from Windows Firewall, Zonealarm, and Snort. Some of the advice on spam, hoaxes, and other email problems, in chapter six, are helpful, but the recommendations could be much more direct. Similarly, chapter seven's overview of Web security has some good points, but a number of areas (such as the dangers of active content) should have much greater emphasis and detail in order to protect those without a security background. There are basic security procedures for wireless networks in chapter eight. Again, without the technical aspects (explained at a minimal and appropriate level) the advice to use encryption or VPNs (Virtual Private Networks) leaves the reader open to choosing either the wrong technology, or unaware of the lack of protection for certain applications. Chapter nine tells users to run AdAware and Spybot. Part three turns to testing and maintenance. Chapter ten notes the basic maintenance tools in Windows XP, but not some of the essential points of these operations, such as how often to do disk defragmentation, or the different types of defragmentation. (Defragmenting the system files, for example, is potentially much more useful.) Event logs (which are going to be incomprehensible to naive users) and restore points (which get set by all kinds of system and application activities: users will be hard pressed to choose an appropriate one that doesn't lose important functions) are noted in chapter eleven. Chapter twelve provides too little information about alternatives to Microsoft. (I am not upset that Tony has used some of my definitions in his glossary: that's fine, particularly since he specifically acknowledges the source. I'm less than impressed with his choice of terms overall, and with a number of the other definitions.) I am in full sympathy with the intent to produce a book for people who don't know (and don't even particularly *want* to know) about security: something that the masses can read in order to obtain suggestions on significantly more protection for their computers, data, and operations. This work has some points, but nothing like the level of helpful detail and direct wording that exists in Thomas Greene's "Computer Security for the Home and Small Office" (cf. BKCMSCHO.RVW), or even Tony Bove's "Just Say No to Microsoft" (cf. BKJSN2MS.RVW). copyright Robert M. Slade, 2007 BKESCMSC.RVW 20070104