The Myths of Security
What the Computer Security Industry Doesn't Want You to Know
Publisher: O'Reilly Media
Final Release Date: June 2009
Pages: 264

If you think computer security has improved in recent years, The Myths of Security will shake you out of your complacency. Longtime security professional John Viega, formerly Chief Security Architect at McAfee, reports on the sorry state of the industry, and offers concrete suggestions for professionals and individuals confronting the issue.

Why is security so bad? With many more people online than just a few years ago, there are more attackers -- and they're truly motivated. Attacks are sophisticated, subtle, and harder to detect than ever. But, as Viega notes, few people take the time to understand the situation and protect themselves accordingly. This book tells you:

  • Why it's easier for bad guys to "own" your computer than you think
  • Why anti-virus software doesn't work well -- and one simple way to fix it
  • Whether Apple OS X is more secure than Windows
  • What Windows needs to do better
  • How to make strong authentication pervasive
  • Why patch management is so bad
  • Whether there's anything you can do about identity theft
  • Five easy steps for fixing application security, and more

Provocative, insightful, and always controversial, The Myths of Security not only addresses IT professionals who deal with security issues, but also speaks to Mac and PC users who spend time online.

Table of Contents
Product Details
About the Author
Recommended for You
Customer Reviews

REVIEW SNAPSHOT®

by PowerReviews
O'Reilly MediaThe Myths of Security
 
3.4

(based on 5 reviews)

Ratings Distribution

  • 5 Stars

     

    (1)

  • 4 Stars

     

    (2)

  • 3 Stars

     

    (1)

  • 2 Stars

     

    (0)

  • 1 Stars

     

    (1)

80%

of respondents would recommend this to a friend.

Pros

  • Easy to understand (4)
  • Well-written (3)

Cons

    Best Uses

    • Intermediate (4)
    • Novice (4)
    • Student (3)

    Reviewed by 5 customers

    Sort by

    Displaying reviews 1-5

    Back to top

    (1 of 1 customers found this review helpful)

     
    3.0

    Food for thoughts about security

    By p6ril

    from Guyancourt, France

    About Me Developer

    Verified Reviewer

    Pros

    • Easy to understand

    Cons

    • No real practical outcome

    Best Uses

    • Intermediate
    • Novice
    • Student

    Comments about O'Reilly Media The Myths of Security:

    This book is a nice introduction about what computer systems security is and means. It explains the various aspects of security and digs into the minds of the "bad guys" to explain the challenges security professional do face.

    One nice thing about this book is that it's an easy read, almost entertaining. Each chapter covers independent topics and is short. You can almost consider each chapter as a short story. Hence if one isn't interested in one particular subject, she can easily skip it or browse through it quickly.

    This book is only an mainly informational so don't really expect anything practical out of it (technically speaking). As I mentioned in the title, it is essentially food for thoughts.

    (1 of 2 customers found this review helpful)

     
    1.0

    Self-opinionated book without real facts

    By joblack

    from Berlin, Germany

    About Me Sys Admin

    Pros

      Cons

      • Self-opinionated
      • Too many errors

      Best Uses

        Comments about O'Reilly Media The Myths of Security:

        The book begins by praising John Viega's career start at McAfees (vibe: he 'saved' the company and gave it the right direction).

        The chapters are full of his own opinions without real scientific background.

        The apex of opinions can be found in Chapter 23 and 24 where he claims opinions like ""if you don't have anything to hide, what's the
        deal ...". He argues that most of the people don't care about privacy and anonymity so it shouldn't be a high priority for you.

        (1 of 1 customers found this review helpful)

         
        4.0

        Security Industry - The Broken Model

        By Praveen Karunakaran

        from Chennai, India

        About Me Designer

        Verified Reviewer

        Pros

        • Easy to understand
        • Helpful examples
        • Well-written

        Cons

        • Not comprehensive enough

        Best Uses

        • Intermediate
        • Novice

        Comments about O'Reilly Media The Myths of Security:

        Most of the Security Products give you a false sense of security. But John Viega shows you the broken picture of the Security Industry and explain you why the Security products/technologies really can't provide you same the level security they are designed to provide.

        Its a wonderful book for anyone who is concerned about security

        (1 of 1 customers found this review helpful)

         
        5.0

        Very Entertaining; Practical;

        By jdruin

        from Kentucky

        About Me Designer, Developer, Educator

        Verified Reviewer

        Pros

        • Accurate
        • Easy to understand
        • Well-written

        Cons

          Best Uses

          • Expert
          • Intermediate
          • Novice
          • Student

          Comments about O'Reilly Media The Myths of Security:

          This book is an easy, fun, and somewhat scary read all at the same time. It accomplishes its goal of raising awareness about security issues by presenting material in small chapters that focus on a particular point.

          The book is really a collection of short stories; each about a particular topic that is either directly about security or affected by security. The average chapter is probably about 5 pages, with most being between 2 and 7 pages. (230 pages in all, 48 chapters). I like this approach because it keeps the stories interesting. )If the reader does get bored with a particular topic, it will be over soon anyway.) Also, the chapters are independently written so the reader can skip around at will.

          The style used is quite entertaining. There is a slight hint of sarcasm in some areas but it is not overwhelming. The material itself is fairly serious (i.e. - identity theft, anti-virus, corporate security, etc), but the problems are presented in way that is easy to read. Also, while the problems presented seem generally impossible to solve if one only reads the popular press (the world is coming to and end -turn to page 3 to see why), the book gives practical advice and/or suggestions of what we might do about such problems. There is a fair amount of "warnings" also given.

          Overall, what advice is given is practical. For some problems where the author does not have an answer, he says so and points to areas that may be able to help in the future.

          The point of the book it seems is to raise awareness of security issues. It does an excellent job of this.

          Security professionals will like the book although I suspect they probably already know much of the material. More importantly, readers whose main profession is not security will be able to easily understand the problems presented. This should provide a fun/scary read but also get people thinking about these issues and their implication to our daily lives.

          (3 of 3 customers found this review helpful)

           
          4.0

          Good, but not what I expected

          By Wayne M. Gipson, CISSP, CISA

          from West Point, UT

          About Me Security Engineer, Sys Admin

          Verified Reviewer

          Pros

          • Accurate
          • Concise
          • Easy to understand
          • Well-written

          Cons

          • Too basic

          Best Uses

          • Intermediate
          • Novice
          • Student

          Comments about O'Reilly Media The Myths of Security:

          The Myths of Security, by John Viega

          After reading a brief overview of this book I was really excited to read it. As an information security professional, I was hoping the author would stir up some controversial thoughts and ideas that may have me rethinking the way I am doing things. What I got was a book that was a very good read, but nothing revolutionary. The book is organized into forty-eight topics, each a separate chapter consisting of a few pages each. Each chapter was just long enough to give some details or opinions about a topic without boring the reader with mundane page filler.

          The Likes:

          Chapter 16: The Cult of Schneier, was a great chapter. Yes, Bruce Schneier is one of the smartest minds in the industry, but he is the first to tell people not to be sheep. The author takes this one step further and declares do not take everything Schneier says as gospel, he is human, and can be wrong. Although I agree with the authors' thoughts that he will get a lot of flack for these comments from the "Cult of Schneier," I thought it was a great way to tell people to think for themselves and think outside the box.

          Chapter 24: Open Source Security: A Red Herring was my favorite chapter in this book. It looks at both sides of the open source software vs. closed source software debate. This portion of the book was written in a way to let the reader come to the own conclusion about the debate, and not just rely on the authors' opinion. It was an unbiased view on the pros and cons to both types of software solutions.

          Chapter 30: "Responsible Disclosure" isn't Responsible, was another great chapter. Again the author presented many pros and cons to both sides of the debate about public disclosure of vulnerabilities. This was again a chapter that shows the reader how the software industry currently views disclosure and lets the reader decide how they feel about the issue. In my opinion, this is one of the few chapters that will make you think about your stand on the topic and maybe help you choose a position.

          All of the anti-virus chapters were very well written, as expected from someone who has worked for one of the largest anti-virus developers. These chapters gave enough insight and detail about how the software works to let a layman understand, but not so much detail that they drowned in information.

          The Dislikes:

          In chapter 5 the author talks about the security software he runs, and then common security software that he does not run, including: firewalls and AV. His arguments for not running these items seemed very weak, especially for a guy who works for an anti-virus company. I would have liked more insight into his thought process.

          I found one contradiction that stood out, in Chapter 3 the author states that "However, these days, few services are visible by default..." when talking about need of firewalls. In Chapter 5 the author states firewalls are needed because "people typically leave lots of vulnerable services on machines that are directly accessible to a lot of people". Which is it?

          Overall this book was a very fast (you could read it on a short flight), but very good read. It may not challenge your perspective as I had previously thought, but it is a good refresher as to why some of us work in the Information Security industry.

          Review Written By Wayne M Gipson, CISSP, CISA

          Displaying reviews 1-5

          Back to top

           
          Buy 2 Get 1 Free Free Shipping Guarantee
          Buying Options
          Immediate Access - Go Digital what's this?
          Ebook: $23.99
          Formats:  DAISY, ePub, Mobi, PDF
          Print & Ebook: $32.99
          Print: $29.99