Thursday, July 16, 2009

Review: Viruses Revealed

vrThis book should be a must read for anyone thinking about malware and anti-malware (including – or especially – all the people in the media!). It is a hype-free, no-nonsense book, which doesn’t shy away from writing the truth.

I found out about this book from the (ISC)2 blog, where Robert Slade (one of the authors) has written about the intention to publish it freely and mentioned that an unauthorized versions was already online (you can still get the physical book from Amazon). After reading it from top to bottom in a couple of days, I’m convinced that this book should be read by anyone thinking about malware threats. For younger technical people (like reverse engineers, security / malware researchers just starting out in the field) it can give a great historical perspective. For less technical people who are preoccupied by this issue it gives a lot of bias-free high quality information, that can help them to make sense of the security messages with which they are bombarded daily. As I mentioned in the introduction, it should be a mandatory read (in my humble opinion) for journalists writing about malware issues, since the media can play a big role in raising the level of public understanding.

Some of my favorite quotes from the book were:

Q: What's the difference between a computer salesperson and a used-car salesperson?
A: A car salesperson can usually drive, and knows when he or she is lying to you.

and

Jeff Richards' Laws of Data Security:
1. Don't buy a computer.
2. If you do buy a computer, don't turn it on.

These also show the light-hearted tone the authors use, which makes the book an easy read. If there is one negative thing about the book, is its age, exemplified by the following quote:

Some vendors claim to receive reports of as many as 20 new viruses a week.

(the number of new daily malware variants currently is several thousand!). Of course there is nothing the authors could have done at the time of the writing to avoid this issue, but it would be really nice if an updated edition would to appear (either free or for pay – this book is definitely worth its money!). Some of the areas where the book shows its age:

  • The focus on mostly the MS-DOS operating environment with some mention of Window ‘95. Currently the most widely deployed OS is Windows XP, so an updated edition should definitely include it
  • Given its focus on MS-DOS, there is relatively little mention of the PE format (which was a novelty at the moment when the book was published)
  • An other aspect not covered in detail in the book is the Internet as an attack vector (it talks about mass-mailing malware, but I’m referring here to things like security vulnerabilities, the browser as a platform, etc). Interestingly, during the last years the role of vulnerabilities has been deemphasized and more social-engineering type of attacks (which are thoroughly covered) seem to play a bigger role
  • When talking about the motivation of the malware writers they talk about wanting to “show off”, but in the last years money has become the most important motivator for creating malware.

Even with all these issues (which are minor if we consider the big picture), it is a well rounded book which includes not only technical information, but other, related (and relevant) information (like law, ethic, etc) which manages to create a holistic understanding of the issues surrounding malware.

Two thumbs up!

Update: added my Amazon Affiliate ID to the links. I might as well get a few cents ;-)

2 comments:

  1. Thanks for the kind comments. We'd have loved to do a radically updated edition, but there was no publishing interest. You can actually still buy soft copy from Osborne I believe: not that Rob or I would benefit from that, but the "print" quality is better than the pirate version, I would guess.

    David Harley CISSP FBCS CITP
    Director of Malware Intelligence, ESET

    ReplyDelete