BKLEVIN.RVW 930628 McGraw-Hill Ryerson/Osborne 300 Water Street Whitby, Ontario L1N 9B6 416-430-5000 fax: 416-430-5020 or 2600 Tenth St. Berkeley, CA 94710 USA 415-548-2805 800-227-0900 The Computer Virus Handbook, Richard Levin, 1990, 0-07-881647-5 Unlike Highland's work by the same name (and, interestingly, the same year), this "Computer Virus Handbook" isn't really worthy of the name. The material is quite confused, and quite inconsistent in quality. Although there are some good points, they are lost in masses of verbiage which too often are mere handwaving and speculation. The confusion starts even before the book does. Alfred Glossbrenner's foreword mentions two examples of viral situations -- one of which is a trojan and the other a logic bomb. This lack of precision with nomenclature continues throughout the book, until one wonders whether it is really about viral programs at all. A number of rather spurious definitions are given at times. A "chameleon", as defined, sounds no different than a trojan, but the example given is for the "salami" (fractional pennies) scam urban legend. "Rabbit" programs are those which use up memory or disk space. There is a specific confusion of the boot sector with the master boot record. Some of the other terminology is recognizable, but quite different from that used generally: "multipurpose" for multipartite, "insertion" for overwriting, "redirectors" for system viri and "viral shell" for stealth. (Levin also must be counted as one with those who include virus source code. Fortunately the "batch" language virus which he includes is an extremely crude virus. "Infectious", in a sense, but easily detected and more messy than destructive.) Levin seems at once very optimistic and pessimistic. He states that local virus experts are widely available and easily found. (I suppose I would have to accept this as true -- with the proviso that I, personally, would trust very few local "experts" to know what they are doing.) At the same time, he issues what seems to amount to a blanket condemnation of all antiviral software. Excepting his own: the book "Contains Money-Saving Coupons for [his] Outstanding Antivirus Utilities". If they are so outstanding I must admit to a failing in the CONTACTS.LST: until I reviewed this book I had never heard of them. The book does contain some worthwhile material. He does, somewhat, debunk the "commercial software as protection" myth, and mentions that retail and repair outlets can be sources for infection. Chapter six, "Implementing an Effective Antivirus Policy", generally contains very reasonable and effective guidelines. In particular, he pays attention to the fact that too strict a policy will drive staff to find ways to circumvent it. Some weaknesses: he suggests the use of the "read only" attribute as protection, and recommends "low level formatting" for disinfection. Levin's writing actually comprises less than a third of the volume. Part Three of the book gives us the C source code for four small utility programs, plus printed documentation for Flu-Shot, SCAN, CLEANUP and Levin's own CHECKUP. The "Appendices" contain an article on software law, a compilation of all the virus related newswire stories that appeared in "Compuserve Magazine" from 1987 to 1989, and a copy of the Hoffman Summary List from February of 1990. There is unfortunately little here to interest or assist the reader. While the policy guidelines may be helpful, the remaining material is either too vague or error prone to provide more than additional background to a more authoritative work. While I would not recommend against it, this should not have much priority in the antivirus library. copyright Robert M. Slade, 1993 BKLEVIN.RVW 930628 ====================== DECUS Canada Communications, Desktop, Education and Security group newsletters Editor and/or reviewer ROBERTS@decus.ca, RSlade@sfu.ca, Rob Slade at 1:153/733 Author "Robert Slade's Guide to Computer Viruses" (Oct. '94) Springer-Verlag