BKVRSPRF.RVW 20000711 "Virus Proof", Phil Schmauder, 2000, 0-7615-2747-8, U$34.99/C$48.95/UK#32.49 %A Phil Schmauder %C 3875 Atherton Road, Rocklin, CA 95765-3716 %D 2000 %G 0-7615-2747-8 %I Prima Publishing/Jamsa Press %O U$34.99/C$48.95/UK#32.49 800-632-8676 www.primapublishing.com %P 273 p. + CD-ROM %T "Virus Proof: The Ultimate Guide to Protecting Your PC" On the very first page of this book we are told that viruses are written to steal or destroy "information that resides on your disk." (Viruses are written to reproduce.) The text then contradicts itself by saying that viruses may just print a message. Then we are told that you should never run programs downloaded from the Internet (downloading infected program files has always been a relatively trivial vector). Along the way we are told such vital information as that viruses must get into your computer's RAM in order to do damage (*everything* has to get into your computer's RAM in order to do anything) and that viruses are exchanged on disks or transferred files (that pretty much covers the field of data transport, wouldn't you say?) Welcome to "Virus Proof," a collection of mistaken, valid, useless, and repetitive information. Sharp-eyed readers will have noted the inclusion of "valid" in that list. Unfortunately, you will have to be much more acute to pick out the true facts from the volume under discussion. As the old saying goes, if you can tell good advice from bad advice, you don't need any advice. Some of the errors in the book simply show that the author has not done his homework. (There is no evidence to suggest that the Michelangelo virus was written to "commemorate" the birth of Michelangelo the artist. The researcher who first reported the existence of the virus learned that the target date of March 6 was Michelangelo's birthday, and so used that name as a convenient label.) Some of the errors in the book are more seriously misleading. (The Michelangelo virus did not "occur" on March 6, 1992. It was, fortunately, discovered long before, possibly existed before March of 1991, and still results in regular computer erasures every March 6th to this date.) The author does keep telling the reader not to use any data file, or run any program, until it has been scanned for viruses. That is good advice, as far as it goes. Unfortunately, it isn't very useful advice, and the constant repetition of that single injunction is likely going to dull the reader to the necessary finer points. The directive to scan everything isn't the only thing that gets repeated in the book. The first chapter manages to tell us once per page that computer programs are lists of instructions. Now, that statement is true: programs are sets of commands. But that bald assertion provides the normal computer user with no insight that could help with virus protection. One would think that the space dedicated to this piece of trivia could more helpfully be employed in presenting an accurate definition of viruses, or a list of the ways that you are more likely to get a virus these days. In only four pages, chapter two presents serious misinformation. A boot sector does not show up on a list of files on a disk. Boot sector infectors can infect non-bootable, and even "blank" disks. Trojan horse (or just "trojan") programs do not reproduce. A file infecting virus is not referred to as a "Trojan Horse virus." The definition given for a worm (if you are making a distinction the term "worm virus" makes no sense) clearly contradicts the declaration that a worm could also be a file infector. Most macro languages are not capable of supporting a successful virus: to date, only those written for Microsoft applications have presented any danger. And so it goes. Virus writers don't need your password, and system security breakers (who dearly love the confusion of the term "hacker") don't bother with viruses. Being the first on your block to upgrade to new versions of programs can have drastic security risks itself. If you are not supposed to run anything you download from the Web, why are you supposed to upgrade your software over the Internet? Since viruses are appearing at the rate of hundreds per month, keeping up with the few that make it into [large AV corporation]'s press releases is unlikely to be very useful. Mailing lists and newsgroups are recommended without any analysis. Most recent email viruses and worms harvest addresses for regular correspondents, so the direction to avoid email attachments from someone you don't know is almost worthless. Firewalls have nothing to do with viruses. If a virus infects a system file, knowing what programs are running on your computer is useless. Many loopholes have been found in the security of ActiveX controls: restricting operation to signed controls provides very little protection. Backups will help you recover if hit, but provide no inherent virus protection. Knowing how to break into systems will not protect you from viruses, nor will seven pages of C source code for a variant of the Crack program. (For those script kiddies eager to learn how to break into systems, save your money. It doesn't tell you that, either.) Phone phreaking isn't that easy, trying the stuff in the book can get you arrested, and it has nothing to do with viruses. (And John Draper's own account, given on the site illustrated, contradicts the story in the book.) Chernobyl is a variant of CIH, and not the other way around. Backing up the Registry provides no inherent virus protection. Anonymizers for email and Web browsing have nothing to do with viruses. Cookies have nothing to do with viruses. (Many of the points made about cookies are incorrect as well.) Happy99 used Usenet news, as well as email. Spam has almost nothing to do with viruses (and most of the recommended actions are not only useless, but will annoy people who have better things to do). The material on virus hoaxes is limited, physically hard to read (small print), and has no real analysis. Chat has nothing to do with viruses. Denial of service attacks have little to do with viruses, chapter sixteen has *nothing* to do with viruses, and neither do six pages of SYNattack source code. Privacy has nothing to do with viruses (and chapter seventeen has little to do with privacy). Email encryption has nothing to do with viruses. The Melissa virus was not polymorphic. Polymorphic viruses do not change their payloads. Virus "families" result from virus writers taking a given virus and making very minor changes to it. Digital signatures have little to do with viruses, and chapter nineteen does not discuss key management at all. JavaScript is not a "cut down" version of Java, and does not have Java's security model. E-commerce does not have anything to do with viruses. Y2K does not have anything to do with viruses. And, fortunately, the code presented in chapter twenty five is nowhere near sufficient to create a working virus. (It is enough is create serious problems for the person who tries to use it.) Now, of course, a number of the items mentioned do have something to do with general security. Unfortunately, the level of detail given in the book is far from sufficient to protect the user against these threats. Indeed, the threats themselves are not described particularly well, and I could go through a very similar exercise in pointing out the weaknesses in the general security material. Given the total size of the book it really isn't a work on viruses. It throws together a random assortment of information (and misinformation) about a variety of security related topics. Nothing is covered in depth, and nothing is covered completely accurately. Approximately half of the book is occupied with screenshots of miscellaneous Web sites, not always to do with the topic under discussion (and a number of which are repeated at random through the work) so this detracts even more from the material that could have been provided. A pamphlet on viruses surrounded by some opining on security issues buried within a lot of careless research. copyright Robert M. Slade, 2000 BKVRSPRF.RVW 20000711