BKHOFMAN.RVW 930401 Van Nostrand Reinhold c/o Nelson Canada 1120 Birchmont Road Scarborough, Ontario M1K 5G4 416-752-9100 fax: 416-752-9646 Rogue Programs: Viruses, Worms and Trojan Horses, Ed. Lance J. Hoffman, 1990, 0-442-00454-0 Reading the list of contributors to this work was rather like "old home week" at VIRUS-L. The introduction states that the book arose from Hoffman's frustration over the lack of a suitable text for a virus seminar and that the seminar participants compiled the material from available sources. Even one of the seminar participants, Chris Feudo, has recently released a computer virus handbook (see BKFEUDO.RVW). Hoffman's "big iron" bias shows through occasionally in his lack of distinction between "network" and "micro" viral programs (someone with a $1000 computer "within days can be writing viruses that attempt to break into world-wide networks") and insists upon destructive and "service denial" capabilities when defining a virus. Overall, however, he tries to present a balanced and realistic view of the virus situation. The essays contained in the book are grouped into five sections. The distinctives between the sections are somewhat clearer than with Denning's "Computers Under Attack". The overall design of the book makes a lot of sense as a textbook (its primary purpose, after all), but may be less lucid to the home or business user looking for specific direction on protection of their system. The first section contains papers that attempt to look at the broad overview of viral type programs. Although this book is primarily intended as a text in computer security courses (presumably at the university level), one still feels the lack of an initial concise and clear statement of what viral programs are today. This desire may be unrealistic: the majority of the works contained in the book were prepared, at least in initial form, prior to 1990. By the time the book was published, however, a larger view of the virus situation should have been possible. Still, as introduction and background material within the context of a virus related course, these papers are all of significant value. The second part relates to social and legal topics. The current state of (American) law figures heavily in this section. The discussion of ethics is quite limited. Karen Forcht's article on the subject is very terse, seemingly being only a report of various surveys. (The most interestingly point I found in it was the contention, by CEOs, that ethics should be taught in the classroom, rather than on the job, which displays either a surprising confidence in the school system, or a definite unwillingness to face the issue themselves.) Parts three and four separate the study of viral programs into the realms of personal (micro) computers and "network" situations. This distinction is important, and it is heartening to see it made here. The opening essay in the micro section, by Hoffman and Brad Stubbs, attempts to walk the line between giving information to the user who needs it without giving too much assistance to virus-writer-wannabes. In my own view it falls somewhat short in this, being perhaps more technical than an introductory article warrants. However, it is a good compilation of the technical background to viral programs in the MS-DOS environment. (The micro section closes on a slightly worse note, with the PC Magazine reviews that are starting to become somewhat infamous in the virus research community.) The network virus section contains the two major "dissections" of the Internet Worm. Surprisingly, however, none of the other major network incidents, such as the CHRISTMA EXEC and the "WANK" worm, are mentioned. Some of the other papers in this section might have more general application to the virus problem overall, such as studies into cryptographic authentication. Others, such as an exploration of viral programs in "electronic warfare" seem to be "blue sky" exscursions with very little relation to reality. The final section is entitled "Emerging Theory of Computer Viruses". It contains two articles by Fred Cohen, and one by Leonard Ableman reporting Fred's findings. With all due respect to Dr. Cohen, there might be room for works by other theoreticians here. As a textbook, this tome contains a diverse range of material well suited to a seminar on viral programs. While some of the material is becoming dated, and some of the points of view are oversimplified, I have not yet found another book as well surited for raising topics for discussion. The one major flaw is the lack of balance and opposition to some of the wilder flights of fancy. It would be well to have someone point out that the human immune system cannot fully be used as an analogy of computer virus defence, or to point out the difficulties involved in transmitting a virus from a radio to a fighter aircraft to a military command centre. In the classroom, of course, this job belongs to the instructor. Those looking for a reference for protection against viral programs may find this book to be unsuitable. It does, however, have a place as background material for those large firms in the process of planning overall corporate data security strategy. Again, it should be used to generate discussion on some issues which other "how to" books do not yet address. (Post scriptum: Lance Hoffman, in responding to the initial draft of this review, has been most gracious. He has also acknowledged the shortcomings of the current version of the book. There are plans for a new version, which may be released some time in 1994. Hopefully the few gaps in the current work will be covered in that.) copyright Robert M. Slade, 1993 BKHOFMAN.RVW 930401 ====================== DECUS Canada Communications, Desktop, Education and Security group newsletters Editor and/or reviewer ROBERTS@decus.ca, RSlade@sfu.ca, Rob Slade at 1:153/733 Author "Robert Slade's Guide to Computer Viruses" (Oct. '94) Springer-Verlag