Joined: 04 Mar 2003
|Posted: Wed Oct 15, 2003 5:54 pm Post subject: Book Review - Malicious Mobile Code: Virus Protection
Malicious Mobile Code: Virus Protection for Windows
Author(s): Roger A. Grimes
Book Specifications: Soft-Cover, 522 pages
Category: Windows Virus Protection
User Level: Knowledge of Windows, and common Windows applications
Suggested Publisher Price: $39.95 USA/ $59.95 CAN/ £28.18 Net UK (inc of VAT)
Amazon.co.uk: Malicious Mobile Code: Virus Protection for Windows
Amazon.com: Malicious Mobile Code: Virus Protection for Windows
Info from Back: "Malicious mobile code: What is it? Where does it come from? How does it spread? How can you prevent it from attacking your computer? What can you do if it has already attacked your computer? Malicious Mobile Code: Virus Protection for Windows provides the information that helps system administrators and users understand the issues of malicious code on Windows systems.Ē
The multi-headed Hydra that is malicious mobile code comes in many different forms, and from various vectors. It could be embedded in an html page on a website, or a floppy disk in your hard drive amongst others. In itís various disguises the many threats posed by this pernicious adversary can be so varied as to overwhelm even the experienced system administrator. Only through education, and self-study will one be able to confront this unyielding danger to computer networks. For this threat is not only aimed at the high bandwidth corporate network, but also targets the individual home user. At this level will the battle be fought, and won using the well articulated tactics, and strategies outlined by the author Roger Grimes. Each chapter will guide the reader through not only the danger posed by this continually evolving threat, but also just as importantly how to deal with it. This books primary audience should be the system administrator, as well as the home user wishing to tighten his security.
Content & Overview
Covered over fifteen chapterís, and one index are the threats currently facing not only todayís home user, but also the system administrator at the corporate network level. Of note is the very first chapter itself which will walk the reader through just what is mobile malicious code. Briefly covered as well is where both the law, and mobile code have collided. One of the difficult areaís in todayís computer environment is the sometimes confusing terminology. Covered in the first chapter are several pertinent examples of the sometimes arcane words used to describe mobile code, and itís various incarnations. Following this the author details the DOS based computer viruses. This is perhaps the most prevalent virus out there today as noted by the author. The reader would benefit greatly by paying special attention to this chapter, as the author does an excellent job of covering this area.
Quite often when dealing with users, as well as some network administrators the subject of viruses, and macro viruses will leave them with a rather puzzled look on their face. One must understand the difference between the two, as they deal both deal with separate issues. Almost 90 pages are devoted to the two types of viruses. Windows itself is used to show, and explain how a virus works. Also shown are the ways that your computer will react to a virus infection. Microsoft Word and Excel are used to show how a macro virus works, as well as a definition of just what a macro virus is. Included as well is the way to detect, remove, and prevent future macro virus infections.
After the above noted topics have been covered we then move onto the meat of the book itself. Spanning a good many chapters is coverage on the most prevalent, and lethal mobile code out there today.
To whit, all of these are covered in an easy to read fashion while still providing a good amount of detail. Each topic is first given a quick over view at the beginning, which is then followed by a description of itís useís and some examples of itís implementations. Some of the most prominent types such as Java Applets, Active X controls, and internet browser attacks should be paid read very carefully. Almost every corporate environment allows employeeís the use of the internet from their work station. While there are all kinds of security at the exterior there is usually not much preventing the downloading, and subsequent spreading of malicious content such as the above three. It is through this vector that both a user both at home and at work can be compromised. Close scrutiny must be paid to these exploits in these days of escalating corporate espionage as well.
- Macro Viruses
- Trojans and Worms
- Instant Messaging Attacks
- Internet Browser Attacks
- Malicious Java Applets
- Malicious Active X Controls
- Email Attacks
One specific example of a recent vulnerability found in Microsoft WordPerfect is the MS03-036 security bulletin, which details how an attacker could execute code of their choice on the destination machine. This is done through a maliciously crafted MS WordPerfect document which would be opened on the unwitting personís computer. In turn as mentioned this would enable the attacker to execute code of their choice.
Wrapping up the book are some hoax viruses, an overall defense plan, and the future of malicious mobile code as envisioned by the author. There is a very good reason that the author included a chapter on defense. With a reasonable amount of money, and some effort one can greatly clamp down on the possible avenues of ingress that these threats use. The more people secure their networks, and home computing assets the less prevalent will this problem become.
Style and Detail
As befits the subject matter the author does an admirable job in laying out the threat posed by malicious mobile code. Starting off each chapter is a quick introduction to the topic at hand. Once this has been covered you are then off into the nuts and bolts of the specific subject. Then at the end of each chapter while the information is fresh in the mind of the reader the remedies are then laid out to counter what was just covered. The one area which I would of liked to have seen is actual code snippets detailing the various viruses, and html or java script exploits. This could of perhaps also been followed by an autopsy as it were on a specific piece of mobile code detailing itís exacts functions. Though there are some diagrams, and charts in the book it could of used some more to help the reader visualize what the author was explaining at that time.
This book is indeed an eye opener for the normal computer user, and the junior system administrator. Laid out in detail, and covering almost every aspect of malicious mobile code out there today this book should indeed be read by everyone who owns a computer. Only through user education will one half of the battle be won against the never ending tide of malicious mobile code. The one area that I feel the book would of greatly benefited from is the inclusion of a CD with actual code snippets showing some of the various real life viruses and exploits out there today. Also as mentioned an actual dissection of a piece of mobile code would have helped the reader visualize what the problem looks like. That being said this book is highly recommended for reading due to the plethora of viruses, macro viruses, and client side exploits out there today.
It's gets an SFDC 8/10 from me. Had there been an included CD with code snippets this would have been a solid 9 out of 10 instead.
[color=red]Keywords for this post: Malicious Mobile Code: Virus Protection for Windows/color]
This review is copyright 2003 by the author and Security-Forums Dot Com, and may not be reproduced in any form in any media without the express permission of the author, or Security-Forums Dot Com.