Zero day: a novel


Paul Baccas

Sophos, UK
Editor: Helen Martin


VB usually reserves book reviews for factual books dedicated to the subject of information security. This month, however, we break away from tradition to review a piece of fiction written by renowned Windows systems internals expert and Microsoft Technical Fellow, Mark Russinovich.

Title: Zero Day

Author: Mark E. Russinovich

Publisher: Saint Martin’s Press Inc. (4 Jan 2011)

Pages. 336 (hardcover)

ISBN-13: 978-0312612467

RRP: £17.99 (hardcover)

Before I start, let me say that I am an omni-lector (reader of all), and while thrillers are not usually my genre of choice I do, on occasion, enjoy them. When Virus Bulletin asked me to review a thriller I was happy to oblige and awaited its arrival with a mixture of excitement and apprehension.

The arrival of the novel coincided with a few days of unusually warm spring weather and I was afforded the rare luxury of some outdoor reading time while I got to grips with the plot.


The book’s main character, Jeff Aiken, is an independent security researcher who is scarred from time spent working for the US government. He is called to New York City – somewhere he hasn’t visited since his girlfriend died in the 9/11 attacks on the Twin Towers – to investigate a computer system failure. Aiken is racked with guilt because, in the weeks leading up to the 9/11 attacks, he had found evidence to suggest that such a terrorist attack was likely. As he begins his investigation of the computer failures in New York a disturbing series of problems on other critical systems starts to unravel and Aiken fears another attack.


The dust jacket boasts comments from some pretty impressive names: the authors Nelson DeMille and William Landry; White House Cyber Security Coordinator Prof. Howard A. Schmidt (who has also written a foreword); and the entrepreneur and philanthropist Bill Gates all sing the book’s praises.

Is the story technically believable?

There are long and short answers to this question. The short answer is yes – the writing makes enough sense for the errors/misapprehensions about malware and anti-malware techniques to be lost in the flow of the story. The long answer is that, while Mark is an expert in Windows systems and rootkits, he isn’t an expert on the anti-malware industry, and vendors are portrayed in a very naïve way. If we ignore the premise that vendors are bad and the government is good at fighting malware, the rest of the book is technically believable (although one also hopes that nuclear power stations aren’t running Windows in the real world).

The book is divided into five sections corresponding to four weeks’ build-up and the aftermath. The first half of the novel reminds me of some of Michael Crichton’s stories – particularly Airframe – and as a whole the novel is very filmic. It is very teachy, though, and explaining that ‘the kingdom’ is how Saudis refer to their country since the 2007 movie of the same name put the term into common parlance is a little too teachy.

The second half of the novel moves into action after the cerebral beginnings and at that point the plot begins to lose a little of its integrity. An editor should have tightened this up and a screen writer would have to.


I suspect that the book will make it to the big screen as it has all the elements of a movie: a dashing hero and beautiful heroine (which security conferences has Mark been attending?) with a fast-paced story line that screams ‘film me’. It even has the customary bad guy with an English accent.

I believe that the three elements of a genre novel are plot, characterization and idea. Scoring these out of five I would give Zero Day:

  • Plot: 3–4

  • Characterization: 3

  • Idea: 4

The main characters are well formed, but others are slightly more one-dimensional. The idea is good and the plot fast-paced. I would buy this book, and if you are looking for some holiday reading then you could do a lot worse than getting your hands on a copy.



Latest articles:

APT vs Internet service providers – a threat hunter's perspective

Organizations in the telecommunications sector are faced with a multitude of threats, ranging from targeted attacks to malicious actions attributable to the criminal or activist world. Telsy researcher Emanuele De Lucia reports what he observed in…

VB2019 paper: APT cases exploiting vulnerabilities in region‑specific software

Some APT attacks are carried out by exploiting vulnerabilities in region-specific software. Government agencies frequently use such localized software, and this tends to be the target of attackers. In Japan, there have been many cases where attacks…

Detection of vulnerabilities in web applications by validating parameter integrity and data flow graphs

Web application vulnerabilities are an important entry vector for threat actors. In this paper researchers Abhishek Singh and Ramesh Mani detail algorithms that can be used to detect SQL injection in stored procedures, persistent cross-site scripting…

VB2019 paper: Cyber espionage in the Middle East: Unravelling OSX.WindTail

It’s no secret that many nation states possess offensive macOS cyber capabilities, though such capabilities are rarely publicly uncovered. However, when such tools are detected, they provide unparalleled insight into the operations and techniques…

VB2019 paper: 2,000 reactions to a malware attack – accidental study

This paper presents an analysis of 1,976 unsolicited answers received from the targets of a malicious email campaign, who were mostly unaware that they were not contacting the real sender of the malicious messages. Many of the victims were unaware…

Bulletin Archive

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.