BKSGTCVR.RVW 931105 Sophos Limited/Virus Bulletin Ltd. 21 The Quadrant Abingdon Science Park Abingdon, Oxfordshire OX14 3YS UK +44-235-559933 +44-235-555139 fax: (0235) 559935 oxcompl@vax.ox.ac.uk Edward Wilding or Richard Ford virusbtn@vax.ox.ac.uk "Survivor's Guide to Computer Viruses", 1993, 0-9522114-0-8, UK#19.95 A book by the staff of the Virus Bulletin would seem to hold the high ground in many ways. Not only do they have the corporate resources of both Sophos and the Virus Bulletin behind them, but they also have the publishing expertise, files, stories, writers and, not least, technical expertise of those who have written for, and been associated with, either VB or the annual conferences. Coming, as it does, while I am, myself, in negotiation with a publisher for my own book, I looked forward to this with both enthusiasm and trepidation. I think I will finish my book after all. Overall, the book is a reasonable introduction to the topic ... of PC viruses. Aside from some review materials of OS/2 programs (which identify DOS virals) there is no attempt to look at other operating systems. Even in this limited context, the book is still somewhat restricted. Chapter one is a history. More accurately, it is a vaguely chronological series of short anecdotes about various viral, and related, happenings. There is much of interest here, but also a most disturbing lack of accuracy. Names are misspelled, events are presented out of order, and some very important occurrences are glossed over while other, relatively trivial, happenings are presented at length. There are annoying technical errors. The book insists on calling Stoned "New Zealand", waits until 1990 to discuss it, and states that it was "the first virus to infect the DOS Boot Sector of the hard drive." A UK-centric, as opposed to US-centric, view of the situation is interesting, but shows the same parochialism. (Those who say that this sounds strange coming from an American will be boiled alive in maple syrup.) Chapter two is an overview of viral operations, risk factors and protective measures. Thankfully, it is more technically accurate than the first. However, it is still very iconoclastic. Most researchers would speak of two distinct types of viral programs, boot sector and file infecting. (This distinction is technically somewhat arbitrary, but important in terms of the user's perception of a "blank" disk as being safe.) The book insists on five. The additional three result from the breakdown of file infectors into parasitic, companion, and system or FAT virals (which the "Survivor's Guide" calls "link"); the fifth is multi-partite, which is simply a combination infector which will attack either book sectors or files. There are also postulates of such things as an "unscannable" virus, which is interesting in view of the repeated references to Mark Washburn who tried, and failed, to produce such a thing. The risk factors and protective measures are the same we have seen before, with warnings against bulletin boards, and recommendations for diskless workstations. Chapter three, although short, is a solid and reasonably thorough introduction to antiviral procedures. Certain sections could use more details; for example, the use of a "quarantine" PC is recommended but there is no discussion of the problems such a setup can cause; but all of the major points are at least opened for discussion. The heavy emphasis on the use of the FORMAT command for recovery is somewhat questionable, but other options are raised as well. Dr. Keith Jackson's general advice on evaluating products and reviews, which starts chapter four, is very much to the point and raises issues too often ignored. Too bad the book does not follow its own advice more closely. There follow two "ratings" articles, one for DOS and one for OS/2, plus a quick overview of some NLM products. The choice of viral programs in the chapter on "dissections" is rather odd. The simplistic and relatively rare Batman virus is included, but there is no entry for the ubiquitous Jerusalem which is not only widespread, but also the "template" used for a number of variants and mutations. It is also interesting to see that original headlines have been kept. Joshi is subtitled "Spreading Like a Forest Fire" even though the original reports of its infectiousness are now known to have been mostly hype. It is difficult to say whether the remaining materials are chapters or appendices. There is a decent article on virus toolkits by Tim Twaits, a set of rather limited statistics of numbers of reported viri from 1991 to mid-1993, a list of vendors (with no indication of product), a rather limited listing of "further information," and a glossary. There is also a "Who's Who." It is amusing to note the introductory quote of Oscar Wilde's, "There is only one thing in the world worse than being talked about, and that is not being talked about," given those who are not being talked about. There is no David Chess, no Edwin Cleton, no Paul Ferguson, no Lance Hoffman, no John Norstrad, no Padgett Peterson, no Gene Spafford, no Wolfgang Stiller, no Franz Veldman, no Ken van Wyk (for crying out loud!) ... and probably no future for me if I carry on long enough to indicate that I might think I have a complete list. The Virus Bulletin logo appears prominently on the front and back covers. Not only there, but on copies of the magazine itself on the cover illustrations of offices full of happy, smiling people and presumably virus free computers. Some of the people look remarkably like, say, Richard Ford and Jan Hruska. Nothing succeeds like excess, eh? Still, the attempts to use the book to sell the Virus Bulletin seem reasonably contained to the "ends" of the work. Viewed objectively against other virus works, this does provide the corporate manager with valuable background information and resources. It is, all the same, somewhat disappointing. copyright Robert M. Slade, 1993 BKSGTCVR.RVW 931105 Permission granted to distribute with unedited copies of the Digest ====================== DECUS Canada Communications, Desktop, Education and Security group newsletters Editor and/or reviewer ROBERTS@decus.ca, RSlade@sfu.ca, Rob Slade at 1:153/733 DECUS Symposium '94, Vancouver, BC, Mar 1-3, 1994, contact: rulag@decus.ca