COMPUTER VIRUS HANDBOOK Harold Joseph Highland, 1990, 0-946395-46-2 Elsevier Mayfield House 256 Banbury Road Oxford OX2 7DH England 655 Avenue of the Americas New York, NY 10010 USA 212-989-5800 fax: 212-633-3990 When Dr. Highland first offered to send me a copy of this work, late in 1992, he indicated that it was outdated. In some respects this is true. Some of the precautions suggested in a few of the essays which Dr. Highland did not write tend to sound quaint. As one example, with the advantage of hindsight, Jon David's ten page antiviral review checklist contains items of little use, and has a number of important gaps. However, for the "general", rather than "specialist" audience, this work has much to recommend it. The coverage is both broad and practical, and the information, although not quite up to date, is complete and accurate as far as it goes. The book starts with, as the title has it, "Basic Definitions and Other Fundamentals". Dr. Highland has collected definitions from a number of sources here, which makes a refreshing change from some of the dogmatic assertions in other works. The fact that the reader is left to make his own final decision as to a working definition might be frustrating to some, but is likely reasonable given that the argument over the definition of a virus is still raging to this day. With the changes that are still taking place in terms of new "forms" of viral programs, it is unlikely that this debate will be settled any time soon. Chapter one also contains important background information on the operation of the PC and the structure of MS-DOS format disks. The one shortcoming might be that so much of the book deals with MS-DOS machines that readers dealing with other systems may fail to note the generic concepts contained therein. Chapter two is a concise but encompassing overview of the viral situation by William Hugh Murray. Using epidemiology as a model, he covers the broad outline of viral functions within a computing "environment", and examines some theoretical guidelines to direct the building of policy and procedures for prevention of viral infection. The article is broadly helpful without ever pushing the relation between computer viral and human epidemiology too far. Chapter three deals with history and examples of specific viral programs. This section is an extremely valuable resource. While other works reviewed have contained similar sections, the quality of this segment in Highland's tome is impressive. Mention must be made of the reports by Bill Kenny of Digital Dispatch who provides detailed and accurate descriptions of the operations of a number of viral programs which are, unfortunately, all still too common. (Chapter four is similar, containing three reports of viral programs from other sources.) Large sections of the handbook deal with the evaluation and review of antiviral software. (I must say that I had great sympathy with that part of the preface which dealt with some experiences encountered when trying to test various packages.) Chapter five gives an evaluation protocol and test methodology. The detail here may lead some to skip over it, but it is helpful to those who wish to determine how thoroughly the testing was conducted. Chapter six, an article by Jon David as mentioned earlier, is a suggested procedure and checklist for testing antiviral software. This chapter is unfortunately weak, and although there is some valuable direction, one comes away with the impression that the important thing to test is whether the program runs on a VGA monitor and has a bound manual. One must, of course, realize that antiviral testing was then in its infancy, and Mr. David's article reflects the general tone fo those times. Chapter seven is concerned with specific product evaluations, and, as most lists of its type do, shows its age. Of the twenty products listed, I recognize only seven as still being in existence,; of those that still do exist four have changed substantially in the intervening three years. Chapter eight is an essay by Harry de Maio entitled "Viruses - A Management Issue", and it must be considered one of the "forgotten gems" of virus literature. It debunks a number of myths, and raises a number of issues seldom discussed in corporate security and virus management. Chapter nine is similar, being Dr. Highland's suggested procedures for reducing the risk of computer virus infection. Chapter ten is a collection of essays on theoretical aspects of computer virus research and defence. Fred Cohen is heavily represented here, of course, but not as singularly as in, for example, Hoffman's "Rogue Programs". Dated as the book may be in some respects, it is still a valuable overview for those wishing to study viral programs or the defence against them, particularly in a corporate environment. While some may find the book to be "academic" in tone, it never launches into "blue sky" speculations: all of the material here is realistic. The "aging" of the product reviews makes it difficult to consider it still a reference "handbook" or a "how to" resource, but Dr. Highland's work is by no means to be discarded yet. copyright Robert M. Slade, 1993 BKHGHLND.RVW