Computer Viruses for Dummies


Paul Baccas

Sophos, UK
Editor: Helen Martin


Paul Baccas reviews: Computer Viruses for Dummies, by Peter Gregory

See Computer Viruses for Dummies on Amazon.

Title: Computer Viruses for Dummies

Author: Peter Gregory, CISSP, CISA

Publisher: Wiley

ISBN: 0-7645-7418-3

As a publishing phenomenon the 'for Dummies' series has run the gamut from A to Z over the academic and not so academic disciplines. Unfortunately, in running such a gamut you will perforce travel both through 'nadir' and 'zenith'. This tome leans heavily towards the former, thanks to a number of glaring errors.

My first complaint about this book is that the title is a misnomer. This is not a book about computer viruses per se, but rather a book about personal computer security for the home user. While, naturally, a great deal of the topic concerns computer viruses, the book does not inform the reader extensively about them.

Another serious error was made with the timing of the publication of this book. Whether by ignorance or design the publication date of August 2004 was unfortunate, since the book was able to make no mention of <product>Windows XP Service Pack 2 </product>(which was also released in August 2004). While not a panacea, SP2 has by its very nature changed the home computing market with its specific focus towards security.

Some parts of the book contain fabrications worthy of the most sordid tabloid journalist. In fact, the motto 'never let the facts get in the way of a good story' would be apt in many cases. A selection of howlers:

  • 'Brain, the first virus'

  • 'Concept virus was the first encrypted virus'

  • 'Norton VirusScan was the first anti-virus program'

Part I of the book deals with assessing the risks that arise when a computer is connected to the Internet and describes how to combat them. The section begins with an explanation of viruses and other malware the computer user may encounter. Next, a general chapter describes what symptoms and changes a computer may exhibit if malicious code is running on it. These are followed by an introduction to finding, running and updating anti-virus solutions.

Part II is wholly concerned with anti-virus software. It begins by looking at how to evaluate, acquire and install anti-virus solutions. As part of the section on evaluating anti-virus products the book focuses on many functions of the anti-virus software - with the exception of virus detection. No mention is made of independent anti-virus testing, or even magazine reviews.

The next chapter looks at and explains some of the jargon involved in configuring anti-virus software. This is followed by a section that is best described as 'what to scan and when to scan it'. Finally, a chapter describes what to do if the software detects a virus. Importantly, this section tells the reader to find out what the virus has done before removing it.

Part III deals with the aspects of security software that are often neglected. Computer security is not like forestry where you plant a sapling and leave it - it is more like bonsai, where constant nurturing is required. This includes updating anti-virus data and programs, patching the operating system and applications, and running anti-spyware and firewall programs.

A chapter is devoted to PDAs and describes how they should be protected. Part III finishes with an overarching chapter on how to practise 'safe hex' - from using legitimate software to avoiding spam.

In my opinion Part IV lets the book down. The chapter on the history of viruses contains many errors (some of which were mentioned earlier). This is followed by a chapter on Trojans, worms, hoaxes, and spam - where there are more statements with which experts will disagree. Finally, there is an explanation of how viruses infect and virus taxonomy, which includes further interesting assertions such as: 'The other name for a macro virus is Trojan horse [sic].'

Part V, the ubiquitous ‘part of tens’, ends the book. There are two chapters here; the first concerns virus myths and the second concerns anti-virus programs. The virus myths range from ‘anti-virus companies write viruses’ to ‘viruses broke my computer’. The last chapter lists ten anti-virus programs with a two-third page summary which lists manufacturer, website etc., along with a ‘yes/no’ list of features. One would have to assume that the intended audience for this book is the 'average joe' computer user, but I cannot see why it was written - the book contains no new information and no new insights. What's more, the information the book provides can be gleaned from various other sources and publications, most of which are available free of charge. The author's website does not elaborate on the subject either - although it does provide the opportunity to purchase most of the software programs that are mentioned in the book.

Found a useful infosecurity book? Why not tell us about it so we can let others know - email: [email protected].

View this book on Amazon



Latest articles:

Cryptojacking on the fly: TeamTNT using NVIDIA drivers to mine cryptocurrency

TeamTNT is known for attacking insecure and vulnerable Kubernetes deployments in order to infiltrate organizations’ dedicated environments and transform them into attack launchpads. In this article Aditya Sood presents a new module introduced by…

Collector-stealer: a Russian origin credential and information extractor

Collector-stealer, a piece of malware of Russian origin, is heavily used on the Internet to exfiltrate sensitive data from end-user systems and store it in its C&C panels. In this article, researchers Aditya K Sood and Rohit Chaturvedi present a 360…

Fighting Fire with Fire

In 1989, Joe Wells encountered his first virus: Jerusalem. He disassembled the virus, and from that moment onward, was intrigued by the properties of these small pieces of self-replicating code. Joe Wells was an expert on computer viruses, was partly…

Run your malicious VBA macros anywhere!

Kurt Natvig wanted to understand whether it’s possible to recompile VBA macros to another language, which could then easily be ‘run’ on any gateway, thus revealing a sample’s true nature in a safe manner. In this article he explains how he recompiled…

Dissecting the design and vulnerabilities in AZORult C&C panels

Aditya K Sood looks at the command-and-control (C&C) design of the AZORult malware, discussing his team's findings related to the C&C design and some security issues they identified during the research.

Bulletin Archive

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.