BKCMVRCR.RVW 930610 Van Nostrand Reinhold c/o Nelson Canada 1120 Birchmont Road Scarborough, Ontario M1K 5G4 416-752-9100 fax: 416-752-9646 The Computer Virus Crisis, 2nd edition, 1992; Fites, Johnston, Kratz; 0-442-00649-7 For its professional appearance and impressive credentials, this work is an unfortunately sloppy and undisciplined approach to the problem. The looseness of the book starts with the definition of a virus: it really doesn't have one. There is a section of the introduction entitled "What is a computer virus", but, having stated that they prefer the Cohen or Adelman definitions (without quoting them), quoting the Podell/Abrams definition, and meandering around the related terms such as worms and trojans, no definition is ever finalized. The book tends to read in a schizoid fashion. It often contradicts itself, again starting the with definition, where a "buggy" program which submitted jobs to the queue too frequently is first used as an example of a virus, and then is said to contradict the definition of a virus. Page ten gets points for stating that downloaded software is probably safe; page sixty loses them all again by stating that "bulletin boards present the greatest exposure to computer viruses"; and the very next sentence on page sixty states that bulletin boards are less risky than other means of obtaining software. Page 62 mentions the rumour that a virus was spread via email, dismisses CHRISTMA and the Internet Worm as non-viral, and then pooh-poohs the concept. A mainframe, and corporate, bias is quite evident in the work. Mainframe professionals are said to know what viral programs are, and to be "ethical". (The more corporate of the computer and data processing associations are also given credit for the lack of mainframe viri.) However, this bias seems to preclude an accurate knowledge of personal and microcomputers. DOS (obviously referring to MS-DOS) is said to have "completely overwhelmed CP/M is the late 1970's" in spite of the fact that the PC wasn't marketed until 1981. Apple Corporation is credited with the invention of the "GUI" (and the Mac Toolbox is credited with the success of Mac viri, in spite of the fact that the Toolbox is primarily concerned with the user interface). A number of myths are presented as fact. The recommended procedure for virus cleanup is a low-level format of the disk. "Physical damage" is listed as one fo the symptoms of a virus. A very odd list of non-viral computer attacks contains the "salami scam" (siphon off fractions of a penny) urban legend. As with the Feudo book, almost half of the pages in this work are a reprint of the Hoffman Summary List (in this case "dated" January, 1991, but "copyright" 1990). Graphics are used to take up additional space: a number of the figures are used several times over, without ever really adding anything to the understanding of the subject under discussion at the time. It is very hard to find anything to recommend in this book. At best, the naive reader will be confused by the meandering nature of the text and the self- contradictions contained in it. For every positive statement (such as the fact that computer retail and repair shops are a source fo infections), there is nonsense such as the statement that when you discover the identity of the author of malicious software, you have a legal basis for action. (As a counter example, the AIDS trojan is thoroughly covered in this book, and we have recently learned that Popp's case was dismissed in Britain, although he was found guilty, in absentia, in Italy.) copyright Robert M. Slade, 1993 BKCMVRCR.RVW 930610 ====================== DECUS Canada Communications, Desktop, Education and Security group newsletters Editor and/or reviewer ROBERTS@decus.ca, RSlade@sfu.ca, Rob Slade at 1:153/733 Author "Robert Slade's Guide to Computer Viruses" (Oct. '94) Springer-Verlag