Joined: 04 Mar 2003
|Posted: Sun Feb 22, 2004 11:12 pm Post subject: Book Review - Malware: Fighting Malicious Code
Malware: Fighting Malicious Code
Author: Ed Skoudis, with Lenny Zeltser
Publisher: Prentice Hall PTR
Book Specifications: Soft-Cover, 647 Pages
Category: Malicious Code
User Level: Intermediate/Advanced
Suggested Publisher Price: $44.99 USA/ $69.99 CAN/ £30.99 Net UK (inc of VAT)
Amazon.co.uk: Malware: Fighting Malicious Code UK
Amazon.com: Malware: Fighting Malicious Code US
Info from Back: "Ignoring the threat of malware is one of the most reckless things you can do in today’s increasingly hostile computing environment. Malware is malicious code planted on your computer, and it can give the attacker a truly alarming degree of control over your system, network, and data—all without your knowledge! Written for computer pros and savvy home users by computer security expert Ed Skoudis, Malware: Fighting Malicious Code covers everything you need to know about malware and how to defeat it!”
Malware, malicious logic, and other like minded terms all refer to the world of trojans, worms, and macro viruses. Unless one has been living in a cave on a distant planet as of late it is impossible not to have heard of these terms recently. Though these destructive forces have been around for years now they are finally receiving more press coverage. This is partly due to the virulent, and faster spreading nature of the latest variants of malware.
The single largest reason that malware continues to spread, and become a problem is simply due to the computer users themselves. Far too many of computer users today do not have anti-virus or firewall software on their computers. This in turn leads to the rapid spread of viruses and worms. It will only be through educating the home user that such outbreaks as the recent MyDoom/Norvag will be contained by their continued awareness. By reading this book from cover to cover one will come away with a far greater understanding of the dangers lurking on the web today. This book can benefit everyone from the novice to the advanced user, and is very much recommended reading for all computer users out there.
Explained at the very beginning of the book are the reasons why we are seeing a continuing onslaught of malicious mobile code today. The authors list several reasons some of which I touched on above in the introduction. Each and every day there are more and more people becoming a part of the global online community. Throw in as well the ever increasing connectivity of networks worldwide and you now have an ever bigger pool of users. As the authors also allude to today’s computer user is not as savvy as that of those of in the past years. Computers have become so easy to use that everyone can now use them. This has led to the “clueless user” as it were.
Following the introductory chapter is one on the history of viruses. Within this chapter is where you will read about the various targets for infection by malicious code. Places such as boot-sectors, executable files, and document files are covered. Shown as well is why these are specifically targeted by virus writers. Right after this chapter is one on the very much publicized “worm”. All facets of a worm are explained here, from the way the worm gains entry on a victim’s computer to how they spread after they have breached it.
Another well known threat is that of mobile code itself. In brief what is meant by mobile code is a piece of code which will execute on the client side. Chronicled are the many forms of mobile code. These range from Active X content, Java applets, cookies, and cross site scripting attacks. All of these mobile code variants have been used very successfully in the past and continue to do so today. How each of the variants works will be shown so as to clarify many terms heard on the news today.
Trojan horses, root-kits, and Kernel mode root-kits are also covered to round out the malware landscape as it were. Of particular interest in this book as well is the chapter devoted to malware analysis. You will be shown how to go about it, and what environment you should have to do so as well. Through the analysis of malware will one truly gain an understanding of it. Wrapping up the book is a series of sites that the authors recommend for staying current with malware, and it’s various trends.
Style and Detail
One of the things I liked about this book is it’s nice font size as it makes for easy reading. Too many books out there have too small a font sadly, and the actual paper itself is of a nice quality. Throughout the book the authors make use of diagrams, screen shots, and other visual aides to get their teaching points across. All material covered in the book is clearly explained with a minimum of techo-jargon involved. The author’s mastery of the subject material is evident in the way that the information is presented and explained.
Quite simply put this is one of the best books out there when it comes to explaining malware, and its many variants. It should be noted that both of the books authors are well known, and well respected in their field. I for one believe it should be required reading for anyone who just bought a computer, and preferably read before they actually buy it.
This book gets an SFDC 8/10 from me
Keywords for this post: Malware: Fighting Malicious Code
This review is copyright 2004 by the author and Security-Forums Dot Com, and may not be reproduced in any form in any media without the express permission of the author, or Security-Forums Dot Com.