The Myths of Security: What the Computer Security Industry Doesn't Want You to Know |  | Author: John Viega
Publisher: O'Reilly Media
Category: Book
List Price: $29.99
Buy New: $16.99
as of 7/31/2010 07:10 CDT details
You Save: $13.00 (43%)
New (24) Used (9) from $9.39
Seller: new_books_today
Rating:  26 reviews
Media: Paperback
Edition: 1
Pages: 264
Number Of Items: 1
Shipping Weight (lbs): 0.6
Dimensions (in): 8.3 x 5.5 x 0.4
ISBN: 0596523025
Dewey Decimal Number: 005.8
EAN: 9780596523022
Availability: Usually ships in 1-2 business days
| |
| Features:
| • | ISBN13: 9780596523022 | | • | Condition: New | | • | Notes: BUY WITH CONFIDENCE, Over one million books sold! 98% Positive feedback. Compare our books, prices and service to the competition. 100% Satisfaction Guaranteed |
|
| Also Available In:
|
| Similar Items:
| |
| Editorial Reviews:
Product Description
If you think computer security has improved in recent years, The Myths of Security will shake you out of your complacency. Longtime security professional John Viega, formerly Chief Security Architect at McAfee, reports on the sorry state of the industry, and offers concrete suggestions for professionals and individuals confronting the issue.
Why is security so bad? With many more people online than just a few years ago, there are more attackers -- and they're truly motivated. Attacks are sophisticated, subtle, and harder to detect than ever. But, as Viega notes, few people take the time to understand the situation and protect themselves accordingly. This book tells you: - Why it's easier for bad guys to "own" your computer than you think
- Why anti-virus software doesn't work well -- and one simple way to fix it
- Whether Apple OS X is more secure than Windows
- What Windows needs to do better
- How to make strong authentication pervasive
- Why patch management is so bad
- Whether there's anything you can do about identity theft
- Five easy steps for fixing application security, and more
Provocative, insightful, and always controversial, The Myths of Security not only addresses IT professionals who deal with security issues, but also speaks to Mac and PC users who spend time online.
|
| Customer Reviews:
Showing reviews 1-5 of 26
 The Plain Truth August 6, 2009
Dennis Fisher (Boston)
4 out of 5 found this review helpful
John Viega has written the book about the security industry that has needed writing for a very long time. He exposes the plain (and often ugly) truth about the way that the industry works and why the state of computer and Internet security has continued to deteriorate over the last decade.
Viega is one of the smarter and more candid people in the security community and those two qualities come through loud and clear throughout the book. He's an industry insider who knows what's real and what's tripe, and this book will help even complete security newbies figure out what's what. With chapters with titles such as "Security: Nobody Cares!" (sad, but true) and "Is Apple Really More Secure?" (no), you know right away that Viega is not in this to make friends.
But this isn't just a hack job on the security industry (which, after all, wouldn't be very original). Viega takes the time to explain what's going wrong as well as what can be done to fix it. Still, the key thing to remember in all of this is that things are bad and they're likely going to get worse. Probably much worse. But as long as there are cats like Viega around to give us the real scoop, at least we'll be entertained while the ship goes down.
A Rude Awakening for Many (Who Will Probably Try and Hide or Dismiss the Facts) July 9, 2009
Mark Curphey (Seattle, USA)
6 out of 8 found this review helpful
I was lucky enough to be sent a pre-production copy of the book by John. As I read the TOC my jaw dropped. Finally someone has the balls to say whats really happening. Far too many people have been hiding behind marketing FUD or driving their opinions and defending their actions laregly to defend their careers and salaries. I am sure it's a tough message to swallow for many. I saw many things I am or have been guilty of in the book. That's all the more reason why it needed to be said. The industry needs to be cleaned up and the BS called out for what it is.
I applaude John for having the balls to write it.
Its not just a must read, its a must take note and must take action book!
A Quick and Enjoyable Read (*and* it's a book about security!) July 29, 2009
Deborah Moynihan (Boston, MA USA)
2 out of 3 found this review helpful
I had the opportunity to review John's book as it was being developed. I liked the format because each of the chapters are independent, so you can pick it up and read a bit here and there. You can also skip around to get to the parts you are most interested in. Many of the topics covered like Facebook Privacy, Anti-virus, Identity Theft and Captcha, are topics that concern the general computer user population, and he also covers some areas that relate to major computing trends like the security of open source and cloud computing.
John is a security expert and devotes a large amount of his time to keeping up on current trends and technologies, and in this book he talks candidly about the topics that he thinks everyday computer users and security experts should be aware of and be concerned about both from a user perspective and from the perspective of those that offer products and services to computer users.
I have also read Schneier on Security. In comparison - Schneier's book is also a collection of independent essays, but his style is more formal and not as provocative as John's book. Also the topics in John's book are more current because it is newly published. I would still recommend you read both if you are trying to come up to speed on security overall and also recommend that you subscribe to Schneier's Cryptogram, but John's book will give you cool things to think and talk (and maybe worry) about today. I know I now take my software updates much more seriously and I am much more cognizant of how and what type of information I give out online.
John made a significant effort (with help from reviewers like me) to make this book easily readable by non-security experts. I would definitely recommend it to intellectually curious computer users/internet surfers and to anyone working in security (on the business and technical side), IT, and application development. For non-security experts, it is highly educational and engaging (difficult to find in security books in my opinion). For security experts, you may find some of the explanations of the security terminology elementary, but the book is still very worthwhile because it covers very current and interesting topics, and John tells it like it is and provides industry insider information.
I read several security books and I'll also mention that I found the Art of Intrusion to be a really fun read - it is like true crime that gets you inside of hackers' heads.
Great read for overview of modern security industry landscape September 3, 2009
Oliver Day
2 out of 3 found this review helpful
John and I don't see eye to eye on everything. In particular his thoughts of how vulnerability disclosure work. But this book deals with this and many other topics in a quick vernacular style which should make it accessible to security pros and everyone else. As an industry insider he has deep knowledge of how things work and it shows in the different stories throughout the book.
While there is no unifying theme throughout this text it is great to read in short bursts. He didn't try to add a lot of fluff to the chapters just to fill out the pages like a lot of other books tend to do. If you are thinking about entering or moving up in the security industry this is a great place to get a foothold on how the security industry's leaders think.
Insight for the common user. July 3, 2009
D. Estlick
1 out of 2 found this review helpful
A great primer for those new to Information Security, as well as, Security Leaders in search of a high-level argument for change. The Author provides an interesting and entertaining walk through many of todays beliefs, questions, and technical solutions.
Not surprisingly, given John Viega's background, Anti-Virus (AV) is frequently referenced and discussed - what AV was, is, and should be. The reader should be encouraged to put aside their impressions of, or experience with, specific AV products and focus on the fundamental problems presented.
Through this collection of essays, the reader is exposed to a broad range of topics including: existing fallacies (Chapter 10: Four Minutes to Infection?), current situations (Chapter 15: Plenty of Phish in the Sea), the economics of maintaining the 'status quo' (Chapter 7: Google Is Evil), and potentials for the future (Chapter 39: What AV Companies Should Be Doing).
Overall, the ideas and topics presented should not come as a surprise to anyone within the field of Information Security. The real value of this book is the clean and concise explanations provided by the Author. His unassuming writing style allows those with limited exposure to gain a working grasp of the problems presented. I fully intend on sharing my copy with several individuals in the hopes of improving understanding and increasing support for critical initiatives.
Showing reviews 1-5 of 26
|
|
|
|
