funsec mailing list archives
Re: REVIEW: "The Myths of Security", John Viega
From: Drsolly <drsollyp () drsolly com>
Date: Fri, 30 Jul 2010 00:31:43 +0100 (BST)
On Thu, 29 Jul 2010, Rob, grandpa of Ryan, Trevor, Devon & Hannah wrote:
BKMTHSEC.RVW 20091221 "The Myths of Security", John Viega, 2009, 978-0-596-52302-2, U$29.99/C$37.99 %A John Viega viega () list org %C 103 Morris Street, Suite A, Sebastopol, CA 95472 %D 2009 %G 978-0-596-52302-2 0-596-52302-5 %I O'Reilly & Associates, Inc. %O U$29.99/C$37.99 800-998-9938 fax: 707-829-0104 nuts () ora com %O http://www.amazon.com/exec/obidos/ASIN/0596523025/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/0596523025/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/0596523025/robsladesin03-20 %O Audience i Tech 1 Writing 1 (see revfaq.htm for explanation) %P 238 p. %T "The Myths of Security" The foreword states that McAfee does a much, much better job of security than other companies. The preface states that computer security is difficult, that people, particularly computer users, are uninformed about computer security, and that McAfee does a much better job of security than other companies. The author also notes that it
That's because it has a much better AV engine :-)
is much more fun to write a book that is simply a collection of your opinions than one which requires work and technical accuracy. The are forty-eight "chapters" in the book, most only two or three pages long. As you read through them, you will start to notice that they are not about information security in general, but concentrate very heavily on the antivirus (AV) field. After an initial point that most technology has a poor user interface, a few more essays list some online dangers. Viega goes on to note a number of security tools which he does not use, himself. He then argues unconvincingly that free antivirus software is not a good thing, unclearly that Google is evil, and incompletely that AV software doesn't work. (I've been working in the antivirus research field for a lot longer than the author, and I'm certainly very aware that there are problems with all forms of AV: but there are more forms of AV in heaven and earth than are dreamt of in his philosophy. By the way, John, Fred Cohen listed all the major forms of AV technology more than twenty-*five* years ago.) The author subsequently jumps from this careless technical assessment to a very deeply technical discussion of the type of hashing or searching algorithms that AV companies should be using.
Would you like to see my design for an airplane?
And thence to semi-technical (but highly opinionated) pieces on how disclosure, or HTTPS, or CAPTCHA, or VPNs have potential problems and therefore should be destroyed. Eventually all pretence at analysis runs out, and some of the items dwindle down to three or four paragraphs of feelings. For those with extensive backgrounds in the security field, this work might have value. Not that you'll learn anything, but that the biases presented may run counter to your own, and provide a foil to test your own positions. However, those who are not professionals in the field might be well to avoid it, lest they become mythinformed. copyright Robert M. Slade, 2009 BKMTHSEC.RVW 20091221 ====================== (quote inserted randomly by Pegasus Mailer) rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org Computers are useless. They can only give you answers. - Pablo Picasso victoria.tc.ca/techrev/rms.htm blog.isc2.org/isc2_blog/slade/index.html http://blogs.securiteam.com/index.php/archives/author/p1/ http://www.infosecbc.org/links http://twitter.com/rslade _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- REVIEW: "The Myths of Security", John Viega Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jul 29)
- Re: REVIEW: "The Myths of Security", John Viega Drsolly (Jul 29)
- Re: REVIEW: "The Myths of Security", John Viega Joel Esler (Jul 30)