BKMCAFEE.RVW 930404 St. Martin's Press 175 Fifth Ave. New York, NY 10010 USA Computer Viruses, Worms, Data Diddlers, Killer Programs and Other Threats to Your System: what they are, how they work and how to defend your PC, Mac or mainframe, John McAfee and Colin Hayes, 1989, 0-312-02889-X If you buy only one book to learn about computer viral programs -- this is *not* the one to get. As a part of a library of other materials it may raise some interesting questions, but it is too full of errors to serve as a "single source" reference. I began to have my doubts about the validity of this book in the foreword, written by no less a virus researcher than John C. Dvorak. He states that what we need, in order to stem the virus problem, is a "... Lotus 1-2-3 of virus code. Something that is so skillfully [sic] designed and marvelously [sic] elegant that all other virus programs will be subject to ridicule and scorn." (Aside from a rather naive view of human nature, this was obviously written before his more recent PC Magazine editorial in which he states that virus writers are the most skilful programmers we have.) The prologue seems to be a paean of praise to one John McAfee, frequently identified as Chairman of the Computer Virus Industry Association. He is also identified as head of Interpath Corporation. Intriguingly, there is no mention of McAfee Associates or the VIRUSCAN/SCAN suite of programs. Given that the "chronology" of computer viral programs ends after 1988, the present company may not have been a formal entity at the time. The first six chapters give the impression of being a loose and somewhat disorganized collection of newspaper articles decrying "hackers". Some stories, such as that of the Morris/Internet Worm, are replayed over and over again in an unnecessary and redundant manner, repetitively rehashing the same topic without bringing any new information forward. (Those having trouble with the preceding sentence will have some idea of the style of the book.) Chapters seven to thirteen begin to show a bit more structure. The definition of terms, some examples, recovery, prevention, reviewing antivirals and the future are covered. There are also appendices; the aforementioned chronology, some statistics, a glossary, and interestingly, a piece on how to write antiviral software. Given what is covered in the book, am I being too hard on it in terms of accuracy? Well, let's let the book itself speak at this point. The errors in the book seem to fall into four main types. The least important is simple confusion. The Chaos Computer Club of Europe are stated to be "arch virus spreaders" (p. 13). The Xerox Worm gets confused with the Core Wars game (p. 25). The PDP-11 "cookie" prank program is referred to as "Cookie Monster", and is said to have been inspired by Sesame Street. At another level, there is the "little knowledge is a dangerous thing" inaccuracies. These might be the understandable result of a journalist trying to "flesh out" limited information. The Internet Worm is said to have used a "trapdoor", an interesting description of the sendmail "debug" feature (p. 12). ("Trapdoor" is obviously an all-encompassing term. The "Joshua" program in the movie "Wargames" is also so described on page 78.) Conway's "Game of LIFE" is defined as a virus, obviously confusing the self-reproducing nature of "artificial life" and not understanding the boundaries of the programming involved, nor the conceptual nature of Conway's proposal (p. 25). Mac users will be interested to learn that "through much of 1988" they were spreading the MacMag virus, even though it was identified so early that few, if any, ever reached the "target date" of March 2, 1988, and that none would have survived thereafter (p. 30). Some of the information is simply wild speculation, such as the contention that terrorists could use microcomputers to spread viral software to mainframes (p. 12). Did you know that because of the Jerusalem virus, some computer users now think it wiser to switch the computer off and go fishing on Friday the 13th (p. 30)? Or that rival MS-DOS and Mac users use viral programs to attack each others systems (p.43)? That the days of public bulletin boards and shareware are numbered, and that by the early 1990's, only 7000 BBSes will remain, with greatly reduced activity (p. 43)? Chapter thirteen purports to deal with the possible future outcomes of viral programs, but should be recognizable to anyone as, at best, pulp fiction. Some of the information is just flat out wrong. Page 75, "... worms do not contain instructions to replicate ..." Or, on page 95, a diagram of the operations of the BRAIN virus, showing it infecting the hard disk. We won't delve too deeply into the statements about the CVIA and Interpath Corporation. It is interesting to note, though, that of the antiviral software "reviewed", only one product still remains in anything like the same form. Flu-Shot, at the time the most widely used antiviral software, is *not* reviewed (although it is mentioned later in the book -- in a very negative sense). In a sense I am being too hard on the book. It does contain nuggets of good information, and even some interesting speculation. However, the sheer weight of "dross" makes it extremely difficult to recommend it. If you are not familiar with the real situation with regard to viral programs, this book can give you a lot of unhelpful, and potentially even harmful, information. If you are familiar with the reality, why bother with it? copyright Robert M. Slade, 1993 BKMCAFEE.RVW 930404 ====================== DECUS Canada Communications, Desktop, Education and Security group newsletters Editor and/or reviewer ROBERTS@decus.ca, RSlade@sfu.ca, Rob Slade at 1:153/733 Author "Robert Slade's Guide to Computer Viruses" (Oct. '94) Springer-Verlag