funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: REVIEW: "The Myths of Security", John Viega

From: Drsolly <drsollyp () drsolly com>
Date: Fri, 30 Jul 2010 00:31:43 +0100 (BST)
On Thu, 29 Jul 2010, Rob, grandpa of Ryan, Trevor, Devon & Hannah wrote:


BKMTHSEC.RVW   20091221

"The Myths of Security", John Viega, 2009, 978-0-596-52302-2,
U$29.99/C$37.99
%A   John Viega viega () list org
%C   103 Morris Street, Suite A, Sebastopol, CA   95472
%D   2009
%G   978-0-596-52302-2 0-596-52302-5
%I   O'Reilly & Associates, Inc.
%O   U$29.99/C$37.99 800-998-9938 fax: 707-829-0104 nuts () ora com
%O  http://www.amazon.com/exec/obidos/ASIN/0596523025/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/0596523025/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/0596523025/robsladesin03-20
%O   Audience i Tech 1 Writing 1 (see revfaq.htm for explanation)
%P   238 p.
%T   "The Myths of Security"

The foreword states that McAfee does a much, much better job of
security than other companies.  The preface states that computer
security is difficult, that people, particularly computer users, are
uninformed about computer security, and that McAfee does a much better
job of security than other companies.  The author also notes that it


That's because it has a much better AV engine :-)


is much more fun to write a book that is simply a collection of your
opinions than one which requires work and technical accuracy. 
 
The are forty-eight "chapters" in the book, most only two or three
pages long.  As you read through them, you will start to notice that
they are not about information security in general, but concentrate
very heavily on the antivirus (AV) field. 
 
After an initial point that most technology has a poor user interface,
a few more essays list some online dangers.  Viega goes on to note a
number of security tools which he does not use, himself.  He then
argues unconvincingly that free antivirus software is not a good
thing, unclearly that Google is evil, and incompletely that AV
software doesn't work.  (I've been working in the antivirus research
field for a lot longer than the author, and I'm certainly very aware
that there are problems with all forms of AV: but there are more forms
of AV in heaven and earth than are dreamt of in his philosophy.  By
the way, John, Fred Cohen listed all the major forms of AV technology
more than twenty-*five* years ago.)  The author subsequently jumps
from this careless technical assessment to a very deeply technical
discussion of the type of hashing or searching algorithms that AV
companies should be using.


Would you like to see my design for an airplane?


And thence to semi-technical (but highly
opinionated) pieces on how disclosure, or HTTPS, or CAPTCHA, or VPNs
have potential problems and therefore should be destroyed.  Eventually
all pretence at analysis runs out, and some of the items dwindle down
to three or four paragraphs of feelings.

For those with extensive backgrounds in the security field, this work
might have value.  Not that you'll learn anything, but that the biases
presented may run counter to your own, and provide a foil to test your
own positions.  However, those who are not professionals in the field
might be well to avoid it, lest they become mythinformed.

copyright Robert M. Slade, 2009    BKMTHSEC.RVW   20091221


======================  (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca     slade () victoria tc ca     rslade () computercrime org
Computers are useless. They can only give you answers.
                                                     - Pablo Picasso
victoria.tc.ca/techrev/rms.htm blog.isc2.org/isc2_blog/slade/index.html
http://blogs.securiteam.com/index.php/archives/author/p1/
http://www.infosecbc.org/links http://twitter.com/rslade
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.



_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: