On Thu, 29 Jul 2010, Rob, grandpa of Ryan, Trevor, Devon & Hannah wrote:
> BKMTHSEC.RVW 20091221 > > "The Myths of Security", John Viega, 2009, 978-0-596-52302-2, > U$29.99/C$37.99 > %A John Viega [email protected] > %C 103 Morris Street, Suite A, Sebastopol, CA 95472 > %D 2009 > %G 978-0-596-52302-2 0-596-52302-5 > %I O'Reilly & Associates, Inc. > %O U$29.99/C$37.99 800-998-9938 fax: 707-829-0104 [email protected] > %O http://www.amazon.com/exec/obidos/ASIN/0596523025/robsladesinterne > http://www.amazon.co.uk/exec/obidos/ASIN/0596523025/robsladesinte-21 > %O http://www.amazon.ca/exec/obidos/ASIN/0596523025/robsladesin03-20 > %O Audience i Tech 1 Writing 1 (see revfaq.htm for explanation) > %P 238 p. > %T "The Myths of Security" > > The foreword states that McAfee does a much, much better job of > security than other companies. The preface states that computer > security is difficult, that people, particularly computer users, are > uninformed about computer security, and that McAfee does a much better > job of security than other companies. The author also notes that it That's because it has a much better AV engine :-) > is much more fun to write a book that is simply a collection of your > opinions than one which requires work and technical accuracy. > > The are forty-eight "chapters" in the book, most only two or three > pages long. As you read through them, you will start to notice that > they are not about information security in general, but concentrate > very heavily on the antivirus (AV) field. > > After an initial point that most technology has a poor user interface, > a few more essays list some online dangers. Viega goes on to note a > number of security tools which he does not use, himself. He then > argues unconvincingly that free antivirus software is not a good > thing, unclearly that Google is evil, and incompletely that AV > software doesn't work. (I've been working in the antivirus research > field for a lot longer than the author, and I'm certainly very aware > that there are problems with all forms of AV: but there are more forms > of AV in heaven and earth than are dreamt of in his philosophy. By > the way, John, Fred Cohen listed all the major forms of AV technology > more than twenty-*five* years ago.) The author subsequently jumps > from this careless technical assessment to a very deeply technical > discussion of the type of hashing or searching algorithms that AV > companies should be using. Would you like to see my design for an airplane? > And thence to semi-technical (but highly > opinionated) pieces on how disclosure, or HTTPS, or CAPTCHA, or VPNs > have potential problems and therefore should be destroyed. Eventually > all pretence at analysis runs out, and some of the items dwindle down > to three or four paragraphs of feelings. > > For those with extensive backgrounds in the security field, this work > might have value. Not that you'll learn anything, but that the biases > presented may run counter to your own, and provide a foil to test your > own positions. However, those who are not professionals in the field > might be well to avoid it, lest they become mythinformed. > > copyright Robert M. Slade, 2009 BKMTHSEC.RVW 20091221 > > > ====================== (quote inserted randomly by Pegasus Mailer) > [email protected] [email protected] [email protected] > Computers are useless. They can only give you answers. > - Pablo Picasso > victoria.tc.ca/techrev/rms.htm blog.isc2.org/isc2_blog/slade/index.html > http://blogs.securiteam.com/index.php/archives/author/p1/ > http://www.infosecbc.org/links http://twitter.com/rslade > _______________________________________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. > _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
