Securing the Network from Malicious Code
by Douglas Schweitzer
ISBN 0-7645-4958-8. 338 pages. $40.00. Index, Glossary, 6 Appendices.
Reviewed by Robert Bruen January 13, 2003
Schweitzer has given us a pretty good introductory book on malicious code, viruses, worms and trojans, with a good breadth of topics, which ranges from the infamous worms to server-side exploits. The book does not provide depth in what the code looks like or how one goes about writing such code. The approach is to explain the idea, then suggest some ways to protect against the attack. If you are not very familiar with malicious code, you will get a good overview of what it's all about.
The author spends more time with Microsoft issues, such as the registry and email, but does mention Linux and the Raman worm. He also covers PDAs web sites and wireless issues. The book is good for quick references for all of these issues, with some pointers to more detailed information. It is a quick read for anyone with some knowledge of security.
The history of viruses is good in terms of what is described. Fred Cohen's work going back to 1983 is even present, although I remember him being called a loon by a several people back then, but that is not mentioned. Recent viruses are also described, along with the arrests of some of the folks involved in their release into the wild.
Adding to the technical issues, the author delves into social issues, such as crime, Hactivism, forensics, and warfare. Apparently malicious code is not just for fun anymore. The disruptive nature has been harnessed by the organized people with agendas allowing for targeting specific entities. It is not enough to simply let loose an email worm. Now political and criminal players have added malicious code to their arsenal of weapons.
As far as the book goes, it is good. It is recommended for those who are just getting into the business of security. If you need depth for any of the concepts, you will need to go elsewhere. It is helpful that there are good books at all levels.