David@DOCKMASTER.NCSC.MIL (Jon David) (09/24/90)
[Ed. This review was done (but as yet unpublished) for the NYPC
Magazine. Jon David is head of the New York PC club security
subgroup. (For those of you just tuning in, VIRUS-L welcomes
independent, objective book and product reviews. If you would like to
submit a review for distribution, please keep it short enough (a
couple screenfulls, maximum) for the digest, or else it will be
distributed via the VIRUS-L/comp.virus archives.)]
A Short Course on Computer Viruses (a book review) by Jon David
- ----------------------------------
Dr. Frederick B. Cohen has just come out with a new book, A Short
Course on Computer Viruses. It is not by far the first book on
computer viruses, and it will certainly not be the last. Atypically,
though, it is one of particular worthiness.
Dr. Cohen is referred to as "the father of the virus." While he did
not create the virus, he published much original work on viruses in
the early '80s, most of it theoretical, or at least heavily
mathematically based. This work was originally relegated to academic
circles, but has since become the heart of the set of classic virus
literature. Further, Dr. Cohen has since taken his virus
investigations out of the lab and applied them to the real world.
For companies and individuals recognizing the need to understand
viruses before attempting to treat them, Dr. Cohen offers a full day
course on computer viruses. (And, by the way, not just PC viruses; it
also treats mainframe viruses, network viruses, etc.) This book, while
not a word-for-word transcription of this course, seems a fairly close
approximation. (Although I have not attended Dr. Cohen's course, I
have heard him speak on several occasions, and the book is true to
those presentations wherever the topics coincide.)
The book is written with a wry sense of humor throughout (and it is
important to know this, otherwise you might find some things set forth
a bit outrageous). This makes reading it, if not enjoyable, at least a
lot more enjoyable than other virus texts.
It covers everything from what viruses are and how they impact
information systems, through present defenses and future directions. I
found the sections on peer network problems and exposure analysis
particularly worthwhile. The examples given are clear and ideal
answers to the "But why to you say that?" questions my customers
always ask when I create security and anti-virus methodologies for
them.
In the course of treating viruses, Dr. Cohen explains the differences
between sound defenses and solid defenses, between contamination
exposure and leakage exposure, between protection with your priority
being secrecy and it being integrity and the like. As you read this,
these may seem fine points, of interest only to students of security
(they apply, by the way, to all security, not just virus protection),
but let me assure you (and as you will find out by reading the book),
this is not the case, and understanding these things will make you a
better and more intelligent computer user.
In all honesty, the vast majority of readers will have trouble with
some parts of the book. The first chapter, for example, uses quite a
bit of mathematical "English" (user U-sub-1 evokes program P-sub-1
infected with virus V-sub-1 at time T-sub-1, etc.), and the fantastic
chapter on exposure analysis is quite heavily mathematical in parts.
Be assured, though, that missing some of the fine points of some
sections does not take away from the tremendous value of the rest of
the book.
A Short Course on Computer Viruses should be MUST reading for everyone
impacted by viruses or any other facet of information security (and
this is not just security leaders, or even controllers, auditors and
the like, but includes virtually every computer user).
Dr. Cohen's book is 196 pages (including a 5-page table of contents, a
3-page "Good Joke" and an outstanding 14-page annotated bibliography),
is available from
ASP Press
PO Box 81270
Pittsburgh, PA 15217
and sells for $48.00 (single quantity, including postage & handling,
and with significant volume discounts available). (ASP Press takes
checks or money orders, not credit cards.)