BKFEUDO.RVW 930527 Business One Irwin Homewood, IL 60430 Chris Feudo - xi685c@gwuvm.gwu.edu The Computer Virus Desk Reference, 1992 I must make one thing perfectly plain from the start, here. You are going to have to determine for yourself whether I am biased in favour of this book because it reprints a fair amount of my own writing, or whether I am biased against the book because I am not being paid for any of it. The title is definitely correct. This is far too large a tome to be a handbook or a "quick" reference. Of the 556 pages in the book, more than 400 come from other sources. Patty Hoffman has contributed about 250 in the form of three sections from the Virus Summary list; Chris McDonald and myself are represented by about 50 pages of antiviral software reviews each. Jim Wright's list of antiviral archive sites is included, as is a copy of the "Dirty Dozen" list of "malware" sightings. The structure of the work is as a small "book" with a lot of large appendices. The "book" part, unfortunately, is somewhat confused. On the one hand there are items which, if they are not perhaps in outright error, definitely mislead the naive reader. For example, the definitions at the beginning of the book tell us that a trojan horse "can easily implant itself in any normal program". The absolute distinction between a trojan horse and a viral program may not always be clear. A program infected with a virus may be seen as a type of trojan horse since it carries an undesired "payload". However, most researchers would agree that a trojan horse is the combination of carrier and payload, and that the distinction between a trojan and a virus is that the trojan does *not* have the ability to "implant itself" in another program. Reproduction is the domain of the viral program. Feudo also makes reference, on page 34, to "replacement" viral programs. These he describes as programs which "recode" (and, presumably, recompile) other programs to include themselves. While this kind of activity is occasionally discussed by the research community, no such viral programs have ever been seen. The closest is "p1" in the fictional work "The Adolescence of P1" by Thomas J. Ryan. It is difficult to see why other parts of the book, while interesting, are included in a computer virus reference. For example, there are three pages dedicated to the technology and vendors of wireless LANs. While the network spread of viral programs is a concern, there is no distinction at all between wired or wireless LANs in this regard. The structure of the book overall is somewhat undisciplined. Chapter 2, entitled "Viral Attacks", turns very quickly into an extremely technical overview of the disk and program structure of MS-DOS computers. It then goes on to give case studies of a number of "case studies" of Mac specific viral programs. Two of these are repeated in chapter 4, "Viral Program Analysis", in which most of the MS-DOS case studies are done. As previously mentioned, most of the "contributed" material is in appendices. This is not, however, the case with the bulk of the Hoffman Virus Summary List, which is chapter 5 of the book itself. (Interestingly, although the VTC/CARO Computer Virus Catalog is mentioned in the Acknowledgments, it is *not* reproduced in the book at all.) The contributed reference material may be very helpful to those who have no access to computer network archives and sources. However, it should be noted that much of this is very "dated". Although the book has a copyright date of 1992, and I received a copy early in 1993, the Hoffman Summary List is dated August of 1991. If I recall correctly, the last of the reviews I sent to Chris Feudo were slightly before that. The contact info listed for me is even older: so old that all of the email addresses listed were invalid by the summer of 1991. Aside from the dating of the material, there is much here that is not available in other printed works, or to those who do not have net access. However, this is primarily a reference work, and should be supplemented by more accurate conceptual material on viral operations and prevention. This is particularly true for beginning computer users, since much of the work is either highly technical, or requires additional background material as an aid to understanding. copyright Robert M. Slade, 1993 BKFEUDO.RVW 930527 ====================== DECUS Canada Communications, Desktop, Education and Security group newsletters Editor and/or reviewer ROBERTS@decus.ca, RSlade@sfu.ca, Rob Slade at 1:153/733 Author "Robert Slade's Guide to Computer Viruses" (Oct. '94) Springer-Verlag