Zero day: a novel


Paul Baccas

Sophos, UK
Editor: Helen Martin


VB usually reserves book reviews for factual books dedicated to the subject of information security. This month, however, we break away from tradition to review a piece of fiction written by renowned Windows systems internals expert and Microsoft Technical Fellow, Mark Russinovich.

Title: Zero Day

Author: Mark E. Russinovich

Publisher: Saint Martin’s Press Inc. (4 Jan 2011)

Pages. 336 (hardcover)

ISBN-13: 978-0312612467

RRP: £17.99 (hardcover)

Before I start, let me say that I am an omni-lector (reader of all), and while thrillers are not usually my genre of choice I do, on occasion, enjoy them. When Virus Bulletin asked me to review a thriller I was happy to oblige and awaited its arrival with a mixture of excitement and apprehension.

The arrival of the novel coincided with a few days of unusually warm spring weather and I was afforded the rare luxury of some outdoor reading time while I got to grips with the plot.


The book’s main character, Jeff Aiken, is an independent security researcher who is scarred from time spent working for the US government. He is called to New York City – somewhere he hasn’t visited since his girlfriend died in the 9/11 attacks on the Twin Towers – to investigate a computer system failure. Aiken is racked with guilt because, in the weeks leading up to the 9/11 attacks, he had found evidence to suggest that such a terrorist attack was likely. As he begins his investigation of the computer failures in New York a disturbing series of problems on other critical systems starts to unravel and Aiken fears another attack.


The dust jacket boasts comments from some pretty impressive names: the authors Nelson DeMille and William Landry; White House Cyber Security Coordinator Prof. Howard A. Schmidt (who has also written a foreword); and the entrepreneur and philanthropist Bill Gates all sing the book’s praises.

Is the story technically believable?

There are long and short answers to this question. The short answer is yes – the writing makes enough sense for the errors/misapprehensions about malware and anti-malware techniques to be lost in the flow of the story. The long answer is that, while Mark is an expert in Windows systems and rootkits, he isn’t an expert on the anti-malware industry, and vendors are portrayed in a very naïve way. If we ignore the premise that vendors are bad and the government is good at fighting malware, the rest of the book is technically believable (although one also hopes that nuclear power stations aren’t running Windows in the real world).

The book is divided into five sections corresponding to four weeks’ build-up and the aftermath. The first half of the novel reminds me of some of Michael Crichton’s stories – particularly Airframe – and as a whole the novel is very filmic. It is very teachy, though, and explaining that ‘the kingdom’ is how Saudis refer to their country since the 2007 movie of the same name put the term into common parlance is a little too teachy.

The second half of the novel moves into action after the cerebral beginnings and at that point the plot begins to lose a little of its integrity. An editor should have tightened this up and a screen writer would have to.


I suspect that the book will make it to the big screen as it has all the elements of a movie: a dashing hero and beautiful heroine (which security conferences has Mark been attending?) with a fast-paced story line that screams ‘film me’. It even has the customary bad guy with an English accent.

I believe that the three elements of a genre novel are plot, characterization and idea. Scoring these out of five I would give Zero Day:

  • Plot: 3–4

  • Characterization: 3

  • Idea: 4

The main characters are well formed, but others are slightly more one-dimensional. The idea is good and the plot fast-paced. I would buy this book, and if you are looking for some holiday reading then you could do a lot worse than getting your hands on a copy.



Latest articles:

Guest article: Threat analysis report Save Yourself malware

VB2019 Platinum partner Reason Cybersecurity presents a threat analysis report on the Save Yourself malware.

VB2018 paper: Lazarus Group: a mahjong game played with different sets of tiles

The number of incidents attributed to the Lazarus Group, a.k.a. Hidden Cobra, has grown rapidly since its estimated establishment in 2009. In this paper, ESET researchers Peter Kalnai and Michal Poslusny look at various cells within the group, that…

VB2018 paper: Fake News, Inc.

As the world grapples with massive disinformation campaigns waged by the intelligence agencies of hostile nations, we should not forget that such activities are not limited to the purview of the Bears or Pandas of the world, and that even relatively…

Alternative communication channel over NTP

Nikolaos Tsapakis explores Network Time Protocol (NTP) as an alternative communication channel, providing practical examples, code, and the basic theory behind the idea.

VB2018 paper: Under the hood: the automotive challenge

In an average five-year-old car, there are about 30 different computers on board. In an average new car, there are double that number, and in some cases up to 100. That’s the size of network an average SMB would have, only there’s no CIO/CISO, and…

Bulletin Archive

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.