BKLUNDEL.RVW 930616 Contemporary Books 3250 South Western Avenue Chicago, IL 60608 312-782-9181 Beaverbooks Ltd. 195 Allstate parkway Markham, Ontario L3R 4T8 Virus!: the secret world of computer invaders that breed and destroy, Allen Lundell, 1989 My initial reaction to "Virus!" was that it was another "gee-whiz!" virus book, long on enthusiasm and informality, and short on facts. However, trying to set that feeling aside, I did find a wealth of research had been done. Given the date of the book (most of it seems to have been written in the fall of 1988, with the final drafting done in early 1989) there is a lot of valuable information contained in it. The reaction of the knowledgeable reader will likely depend upon the level of expectation. Those expecting accurate facts and astute analysis will be disappointed by the many errors and the lack of balance. Those expecting little may be pleasantly surprised by the easy readability and smorgasbord of details and gossip. Neophyte readers will find Lundell's writing easy to follow, and will likely come away with quite a reasonable set of background information on computer viral programs. The journalistic and "storybook" style will make spending the two or three hours needed to read it all a very small challenge. This is in sharp contrast to numerous other works reviewed. However, the book does have serious problems, and cannot be recommended as the "final word" by any means. Alongside of the valuable factual information, there is a great deal of error, myth, or misinterpretation. For example, while the coverage of the Internet Worm is generally clear and thorough, Lundell seems to have only the most tenuous grasp of the mechanics of the Worm itself. (This in spite of having obvious access to both the Eichin/Rochlis and Spafford papers.) His distinction between a virus and a worm, in the same chapter, is both lucid and accurate, and yet other parts of the book lump bugs, trojans, pranks and even games together under the viral heading. (Appendix B, a "software bestiary", includes a "Virus Hall of Flame": the only two entries are variations on the mythical "monitor exploding" virus.) A more serious, and insidious, flaw, though, is the credulous nature of the work. Many times we get only one side of a given story. The theory that Bob Morris Senior was a party to RTM's actions is presented almost as an accomplished fact. A conversation on the highway with John McAfee is presented as golden insight. (To be fair, Lundell does eventually admit that McAfee's attempt to be the evaluation standard for antiviral software might pose a conflict of interest.) Transcripts of conversations (one hesitates to call them interviews) with hackers are reprinted with almost no critical analysis. (Although the BRAIN virus, and the Alvi brothers, are covered in depth, it is unclear whether Lundell actually spoke to any virus writers.) The extensive digging Lundell has done is sometimes overshadowed by his almost blind acceptance of what he has been told. The careful reader, even without background knowledge, can pick out some of the flaws. Early in the book the discussion of the MacMag/Peace/Brandow virus points out that the standard injunction against shareware and BBSs is rendered almost meaningless in the face of contaminated "shrink-wrapped" commercial software. Yet that same "buy only commercial" advice is repeated as gospel later in the book. (The interviews and research also seem to have a regional bias. Many of Lundell's contacts seem to have been obtained from VIRUS-L contributors: definitely a good source. However, John McAfee is given a great deal of ink, while Ross Greenberg, at the time much more visible and respected on the Net, is not even mentioned. Might this be because John lives in California, while Ross is on the East Coast?) Despite the numerous flaws, I find it somewhat odd that the book should have been so hard to find, given its readability, information and precedence. While a good dose of skepticism and a more accurate fact base is needed as an adjunct, it still has a place as one of the few books that a "naive" user could read and still get something out of. RMS:gjs 93.06.16 copyright Robert M. Slade, 1993 BKLUNDEL.RVW 930616 ====================== DECUS Canada Communications, Desktop, Education and Security group newsletters Editor and/or reviewer ROBERTS@decus.ca, RSlade@sfu.ca, Rob Slade at 1:153/733 Author "Robert Slade's Guide to Computer Viruses" (Oct. '94) Springer-Verlag