David@DOCKMASTER.NCSC.MIL (Jon David) (09/24/90)
[Ed. This review was done (but as yet unpublished) for the NYPC Magazine. Jon David is head of the New York PC club security subgroup. (For those of you just tuning in, VIRUS-L welcomes independent, objective book and product reviews. If you would like to submit a review for distribution, please keep it short enough (a couple screenfulls, maximum) for the digest, or else it will be distributed via the VIRUS-L/comp.virus archives.)] A Short Course on Computer Viruses (a book review) by Jon David - ---------------------------------- Dr. Frederick B. Cohen has just come out with a new book, A Short Course on Computer Viruses. It is not by far the first book on computer viruses, and it will certainly not be the last. Atypically, though, it is one of particular worthiness. Dr. Cohen is referred to as "the father of the virus." While he did not create the virus, he published much original work on viruses in the early '80s, most of it theoretical, or at least heavily mathematically based. This work was originally relegated to academic circles, but has since become the heart of the set of classic virus literature. Further, Dr. Cohen has since taken his virus investigations out of the lab and applied them to the real world. For companies and individuals recognizing the need to understand viruses before attempting to treat them, Dr. Cohen offers a full day course on computer viruses. (And, by the way, not just PC viruses; it also treats mainframe viruses, network viruses, etc.) This book, while not a word-for-word transcription of this course, seems a fairly close approximation. (Although I have not attended Dr. Cohen's course, I have heard him speak on several occasions, and the book is true to those presentations wherever the topics coincide.) The book is written with a wry sense of humor throughout (and it is important to know this, otherwise you might find some things set forth a bit outrageous). This makes reading it, if not enjoyable, at least a lot more enjoyable than other virus texts. It covers everything from what viruses are and how they impact information systems, through present defenses and future directions. I found the sections on peer network problems and exposure analysis particularly worthwhile. The examples given are clear and ideal answers to the "But why to you say that?" questions my customers always ask when I create security and anti-virus methodologies for them. In the course of treating viruses, Dr. Cohen explains the differences between sound defenses and solid defenses, between contamination exposure and leakage exposure, between protection with your priority being secrecy and it being integrity and the like. As you read this, these may seem fine points, of interest only to students of security (they apply, by the way, to all security, not just virus protection), but let me assure you (and as you will find out by reading the book), this is not the case, and understanding these things will make you a better and more intelligent computer user. In all honesty, the vast majority of readers will have trouble with some parts of the book. The first chapter, for example, uses quite a bit of mathematical "English" (user U-sub-1 evokes program P-sub-1 infected with virus V-sub-1 at time T-sub-1, etc.), and the fantastic chapter on exposure analysis is quite heavily mathematical in parts. Be assured, though, that missing some of the fine points of some sections does not take away from the tremendous value of the rest of the book. A Short Course on Computer Viruses should be MUST reading for everyone impacted by viruses or any other facet of information security (and this is not just security leaders, or even controllers, auditors and the like, but includes virtually every computer user). Dr. Cohen's book is 196 pages (including a 5-page table of contents, a 3-page "Good Joke" and an outstanding 14-page annotated bibliography), is available from ASP Press PO Box 81270 Pittsburgh, PA 15217 and sells for $48.00 (single quantity, including postage & handling, and with significant volume discounts available). (ASP Press takes checks or money orders, not credit cards.)