The Myths of Security
and over one million other books are available for Amazon Kindle .
Learn more
| |||||||||||||||
 Trade In this Item for up to £0.25
Get an extra £5 when you trade in books worth £10 or more until June 30, 2012. Trade in The Myths of Security: What the Computer Security Industry Doesn't Want You to Know for an Amazon.co.uk gift card of up to £0.25, which you can then spend on millions of items across the site. Trade-in values may vary (terms apply). Find more products eligible for trade-in.
|
Frequently Bought Together
Product details
|
More About the Author
Product Description
Product Description
If you think computer security has improved in recent years, The Myths of Security will shake you out of your complacency. Longtime security professional John Viega, formerly Chief Security Architect at McAfee, reports on the sorry state of the industry, and offers concrete suggestions for professionals and individuals confronting the issue.
Why is security so bad? With many more people online than just a few years ago, there are more attackers -- and they're truly motivated. Attacks are sophisticated, subtle, and harder to detect than ever. But, as Viega notes, few people take the time to understand the situation and protect themselves accordingly. This book tells you:
- Why it's easier for bad guys to "own" your computer than you think
- Why anti-virus software doesn't work well -- and one simple way to fix it
- Whether Apple OS X is more secure than Windows
- What Windows needs to do better
- How to make strong authentication pervasive
- Why patch management is so bad
- Whether there's anything you can do about identity theft
- Five easy steps for fixing application security, and more
Provocative, insightful, and always controversial, The Myths of Security not only addresses IT professionals who deal with security issues, but also speaks to Mac and PC users who spend time online.
About the Author
John Viega is CTO of the Software-as-a-Service Business Unit at
McAfee, and was previously Vice President, Chief Security Architect at
McAfee. He is an active advisor to several security companies,
including Fortify and Bit9, and is the author of a number of security
books, including Network Security with OpenSSL (O'Reilly) and Building
Secure Software (Addison-Wesley).
John is responsible for numerous software security tools and is the
original author of Mailman, the popular mailing list manager. He has
done extensive standards work in the IEEE and IETF, and co-invented
GCM, a cryptographic algorithm that NIST (US Department of Commerce)
has standardized. He holds a B.A. and M.S. from the University of
Virginia.
Inside This Book
(Learn More)
Tags Customers Associate with This Product(What's this?)Click on a tag to find related items, discussions, and people.
|
What Other Items Do Customers Buy After Viewing This Item?
Customer Reviews
Most Helpful Customer Reviews
6 of 6 people found the following review helpful
Format:Paperback
This is a terrible book. If you are not an IT professional this book will bore you, if you are an IT professional this book will insult your intelligence and then bore you, if you are an IT security professional this book will infuriate you!
I bought this book based on the credentials of the author and because I was intrigued by the title. There are certainly many "Myths of Security" out there, but almost none of them are covered in this book. Instead what you get is a book that reads like a collection of ill informed, badly written and contradictory blog posts. I was staggered that an author with the credentials John Viega appears to have (as advertised on the back cover of the book) seems to miss the point on so many things. The very short chapters (nothing wrong with that... in fact in this book short was a blessing!) mostly consist of the authors personal decree's on a particular element of security. Most of which are pointless, ill informed or just plain wrong.
When I say pointless, I mean it! The last 4 or 5 chapters where a complete waste of paper and time. Luckily most of them are only a page or two long, but a page or two of the author going on about things like why he can't find a domestic locksmith to install proximity card readers for his house is just tedious. Then there was the chapter on VPN insecurity based on a notion of VPN's that I haven't seen in use for over 7 years. Add to that very bogus advice to people who run servers connected to the internet, where a NAT firewall is plenty of security. Ok I freely admit, there is a happy middle ground between industrial strength paranoid firewall security for your home computer and basic common sense traffic blocking. But if you ARE running some kind of server based application on the internet you should at least be thinking about packet inspecting firewalls and/or application firewalls.
Another infuriating chapter top of my list, is the one titled "Google is Evil", where the point is that google created its successful click-for-money add system and in doing so created a click fraud problem which it isn't doing enough to cure because its not in its financial best interest to do so. Sure, point taken, google probably does profit from click fraud, but it is NOT in its best interests to have a widespread click fraud as it undermines confidence in its core product which will in turn drive away custom. The author conveniently pulls out some figures taken from an independent evaluator that suggested google wasnt doing as well as it should to clean up the problem however in there is no reference to the study data so who knows. References are something this book totally lacks unless there is a solid reference for the point the author is making none are given. Where there is no data at all the author just guesses at figures or assumes a percentage, very annoying! Well google may well be evil but not on this charge!
What makes that chapter worse is the one that follows which talks about Antivirus (a subject that is covered over and over with tedious monotony) and how AV companies are struggling to make AV work etc. In this chapter no AV company is painted as "evil" as per the previous chapter, yet it is stated that as long as AV companies can get money for their existing products they wont do much to improve or make new ones. Why then arent they explicitly evil for indirectly adding to the virus problem?
I could go on and on... Almost every chapter has something in it that will annoy most security and IT pro's so many chapters set up a premise just to make a weak point or no point at all. Don't waste your time with this book, there are plenty of other security books that are far far better.
James
I bought this book based on the credentials of the author and because I was intrigued by the title. There are certainly many "Myths of Security" out there, but almost none of them are covered in this book. Instead what you get is a book that reads like a collection of ill informed, badly written and contradictory blog posts. I was staggered that an author with the credentials John Viega appears to have (as advertised on the back cover of the book) seems to miss the point on so many things. The very short chapters (nothing wrong with that... in fact in this book short was a blessing!) mostly consist of the authors personal decree's on a particular element of security. Most of which are pointless, ill informed or just plain wrong.
When I say pointless, I mean it! The last 4 or 5 chapters where a complete waste of paper and time. Luckily most of them are only a page or two long, but a page or two of the author going on about things like why he can't find a domestic locksmith to install proximity card readers for his house is just tedious. Then there was the chapter on VPN insecurity based on a notion of VPN's that I haven't seen in use for over 7 years. Add to that very bogus advice to people who run servers connected to the internet, where a NAT firewall is plenty of security. Ok I freely admit, there is a happy middle ground between industrial strength paranoid firewall security for your home computer and basic common sense traffic blocking. But if you ARE running some kind of server based application on the internet you should at least be thinking about packet inspecting firewalls and/or application firewalls.
Another infuriating chapter top of my list, is the one titled "Google is Evil", where the point is that google created its successful click-for-money add system and in doing so created a click fraud problem which it isn't doing enough to cure because its not in its financial best interest to do so. Sure, point taken, google probably does profit from click fraud, but it is NOT in its best interests to have a widespread click fraud as it undermines confidence in its core product which will in turn drive away custom. The author conveniently pulls out some figures taken from an independent evaluator that suggested google wasnt doing as well as it should to clean up the problem however in there is no reference to the study data so who knows. References are something this book totally lacks unless there is a solid reference for the point the author is making none are given. Where there is no data at all the author just guesses at figures or assumes a percentage, very annoying! Well google may well be evil but not on this charge!
What makes that chapter worse is the one that follows which talks about Antivirus (a subject that is covered over and over with tedious monotony) and how AV companies are struggling to make AV work etc. In this chapter no AV company is painted as "evil" as per the previous chapter, yet it is stated that as long as AV companies can get money for their existing products they wont do much to improve or make new ones. Why then arent they explicitly evil for indirectly adding to the virus problem?
I could go on and on... Almost every chapter has something in it that will annoy most security and IT pro's so many chapters set up a premise just to make a weak point or no point at all. Don't waste your time with this book, there are plenty of other security books that are far far better.
James
1 of 1 people found the following review helpful
Format:Paperback|Amazon Verified Purchase
Security is a key topic in IT, yet it is often one of the least well understood. There are many people in IT that are convinced that they are experts in security, but often they demonstrate a lack of real understanding of many aspects of the subject.
Viega is someone that has worked within the field of virus detection and prevention; he identifies some of the key limitations of the products and where they fail and in most cases why. He also highlights how this has come about, why it occurs and also why the companies concerned are unlikely to do much to resolve the main issues. Much of this information comes from his own experience, and it seems worth reading just for that.
Of course, AV is just a small subset of the protective measures that should be used, and although it would seem appropriate to include some more detail of the other options for this within the book, there is very little information or advice. Possibly this is because the author has worked primarily within the AV field, so has a pretty good understanding of this and less so of other areas. Describing the AV industry as the "Computer Security Industry" is a bit ingenuous; IT security is composed of far more than just AV products.
I would suggest that this is a useful book for those starting to take an active interest in security, but certainly not one that would be a key reference for serious professionas.
Viega is someone that has worked within the field of virus detection and prevention; he identifies some of the key limitations of the products and where they fail and in most cases why. He also highlights how this has come about, why it occurs and also why the companies concerned are unlikely to do much to resolve the main issues. Much of this information comes from his own experience, and it seems worth reading just for that.
Of course, AV is just a small subset of the protective measures that should be used, and although it would seem appropriate to include some more detail of the other options for this within the book, there is very little information or advice. Possibly this is because the author has worked primarily within the AV field, so has a pretty good understanding of this and less so of other areas. Describing the AV industry as the "Computer Security Industry" is a bit ingenuous; IT security is composed of far more than just AV products.
I would suggest that this is a useful book for those starting to take an active interest in security, but certainly not one that would be a key reference for serious professionas.
1 of 1 people found the following review helpful
Format:Paperback
There are some interesting thoughts in the book like the idea of certifying obfuscated code.
But there is also a shameless plug/astroturf for McAfee which is the company the author works for and Siteadvisor,one of their products ("Why Siteadvisor is such a good idea" is one of the chapters). Even if what he says is true, which it may or may not be, it is IMO rather bad form to use a book like this to plug companies and products in this way. Even the foreward is by the McAfee former CTO. It just doesn't really speak for the independence of the advice.
It's not very clear who the audience is supposed to be. If you're an information security person, then there is a lot of running over stuff you already know and if you're not, then I'm not sure it would really make a lot of sense because you wouldn't be familiar with the myths he tries to explode.
Finally some of it is educational and advisory and has no relevance to the title. For example what does: "Helping others stay safe on the internet" have to do with myths of security?
Some of the sections are a bit too cursory to be worthwhile and read more like padding - e.g. Cloud Insecurity - is mostly just explaining what Cloud Computing and offering a few very basic security concerns.
But there is also a shameless plug/astroturf for McAfee which is the company the author works for and Siteadvisor,one of their products ("Why Siteadvisor is such a good idea" is one of the chapters). Even if what he says is true, which it may or may not be, it is IMO rather bad form to use a book like this to plug companies and products in this way. Even the foreward is by the McAfee former CTO. It just doesn't really speak for the independence of the advice.
It's not very clear who the audience is supposed to be. If you're an information security person, then there is a lot of running over stuff you already know and if you're not, then I'm not sure it would really make a lot of sense because you wouldn't be familiar with the myths he tries to explode.
Finally some of it is educational and advisory and has no relevance to the title. For example what does: "Helping others stay safe on the internet" have to do with myths of security?
Some of the sections are a bit too cursory to be worthwhile and read more like padding - e.g. Cloud Insecurity - is mostly just explaining what Cloud Computing and offering a few very basic security concerns.
Would you like to see more reviews about this item?
Were these reviews helpful?
Let us know
Listmania!
Look for similar items by category
- Books > Business, Finance & Law
- Books > Computing & Internet > Computer Science > Artificial Intelligence
- Books > Computing & Internet > Computer Science > Information Systems > Expert Systems
- Books > Computing & Internet > Networking & Security > Security
- Books > Computing & Internet > Web Development
Look for similar items by subject
Feedback
- Would you like to update product info or give feedback on images?
- I am the Author, and I want to comment on my book.
- I am the Publisher, and I want to comment on this book.
|
