Paul Baccas reviews: Computer Viruses for Dummies, by Peter Gregory
Copyright © 2005 Virus Bulletin
Title: Computer Viruses for Dummies
Author: Peter Gregory, CISSP, CISA
As a publishing phenomenon the 'for Dummies' series has run the gamut from A to Z over the academic and not so academic disciplines. Unfortunately, in running such a gamut you will perforce travel both through 'nadir' and 'zenith'. This tome leans heavily towards the former, thanks to a number of glaring errors.
My first complaint about this book is that the title is a misnomer. This is not a book about computer viruses per se, but rather a book about personal computer security for the home user. While, naturally, a great deal of the topic concerns computer viruses, the book does not inform the reader extensively about them.
Another serious error was made with the timing of the publication of this book. Whether by ignorance or design the publication date of August 2004 was unfortunate, since the book was able to make no mention of <product>Windows XP Service Pack 2 </product>(which was also released in August 2004). While not a panacea, SP2 has by its very nature changed the home computing market with its specific focus towards security.
Some parts of the book contain fabrications worthy of the most sordid tabloid journalist. In fact, the motto 'never let the facts get in the way of a good story' would be apt in many cases. A selection of howlers:
'Brain, the first virus'
'Concept virus was the first encrypted virus'
'Norton VirusScan was the first anti-virus program'
Part I of the book deals with assessing the risks that arise when a computer is connected to the Internet and describes how to combat them. The section begins with an explanation of viruses and other malware the computer user may encounter. Next, a general chapter describes what symptoms and changes a computer may exhibit if malicious code is running on it. These are followed by an introduction to finding, running and updating anti-virus solutions.
Part II is wholly concerned with anti-virus software. It begins by looking at how to evaluate, acquire and install anti-virus solutions. As part of the section on evaluating anti-virus products the book focuses on many functions of the anti-virus software - with the exception of virus detection. No mention is made of independent anti-virus testing, or even magazine reviews.
The next chapter looks at and explains some of the jargon involved in configuring anti-virus software. This is followed by a section that is best described as 'what to scan and when to scan it'. Finally, a chapter describes what to do if the software detects a virus. Importantly, this section tells the reader to find out what the virus has done before removing it.
Part III deals with the aspects of security software that are often neglected. Computer security is not like forestry where you plant a sapling and leave it - it is more like bonsai, where constant nurturing is required. This includes updating anti-virus data and programs, patching the operating system and applications, and running anti-spyware and firewall programs.
A chapter is devoted to PDAs and describes how they should be protected. Part III finishes with an overarching chapter on how to practise 'safe hex' - from using legitimate software to avoiding spam.
In my opinion Part IV lets the book down. The chapter on the history of viruses contains many errors (some of which were mentioned earlier). This is followed by a chapter on Trojans, worms, hoaxes, and spam - where there are more statements with which experts will disagree. Finally, there is an explanation of how viruses infect and virus taxonomy, which includes further interesting assertions such as: 'The other name for a macro virus is Trojan horse [sic].'
Part V, the ubiquitous ‘part of tens’, ends the book. There are two chapters here; the first concerns virus myths and the second concerns anti-virus programs. The virus myths range from ‘anti-virus companies write viruses’ to ‘viruses broke my computer’. The last chapter lists ten anti-virus programs with a two-third page summary which lists manufacturer, website etc., along with a ‘yes/no’ list of features. One would have to assume that the intended audience for this book is the 'average joe' computer user, but I cannot see why it was written - the book contains no new information and no new insights. What's more, the information the book provides can be gleaned from various other sources and publications, most of which are available free of charge. The author's website does not elaborate on the subject either - although it does provide the opportunity to purchase most of the software programs that are mentioned in the book.
Found a useful infosecurity book? Why not tell us about it so we can let others know - email: firstname.lastname@example.org.
View this book on Amazon