BKPCVIRS.RVW 930913 Springer-Verlag 175 Fifth Ave. New York, NY 10010 212-460-1500 800-777-4643 or 8 Alexandra Road London SW19 7JZ UK 44-81-947 5885 "PC Viruses: Detection, Analysis and Cure", Solomon, 1991, U$49.00 DRSOLLY@IBMPCUG.CO.UK or sands@cix.compulink.co.uk Alan Solomon's "Dr. Solomon's Anti-Virus Toolkit" holds a justifiable place in the first rank of antiviral software and protection. While not as well known as some other products which commit more money to marketing than to development, his software is recognized by anyone who really knows the field. There is, between Alan Solomon and Fridrik Skulason, a friendly rivalry as to whose program most accurately detects more viri and disinfects them. (The fact of the "friendly" alone is a refreshing change in the virus research world.) I say this to put in context the impression one gets, from the beginning of the book, that the author is very confident of his own capabilities. Alan Solomon is not very humble, but then, he doesn't have an awful lot to be humble about. This is not to say that there are no flaws in the work. "Dr. Solomon's Anti- Virus Toolkit", despite the "medicine show" sounding name, is a product which is aimed at the technically literate user, and makes little concession to the novice. So, too, in "PC Viruses" the material moves briskly, and the non- technical or even intermediate reader will likely need to read and re-read sections in order to make the necessary connections. Also, while knowledgeable researchers will be pleased with the overall quality of the factual material, certain opinions are stated with a force that makes them seem like gospel truth. By and large, those opinions have a weight of justification behind them. The book has a very realistic view of the virus situation. It is neither alarmist, nor dismissive of the problem. Suggested actions take into account not only the technicalities of the issue, but also human nature and corporate climates as well. Chapter one is an introduction--to an overview of the field, and also to the author. His statement that he is most familiar with his own software will raise an alert, in the discriminating reader, to watch for bias, although it is not a very formal warning. Still, it is very nice to see at least an acknowledgement of a vested interest, as opposed to so many authors who try to maintain a facade of impartiality while lauding their own product and savaging their competitors'. As mentioned, however, the text maintains a very fast "pace", and a reader who is new to the field may have some difficulty extracting the concepts from the text. (Very interesting text it is, too.) Moreover, the content is not very disciplined. Chapter one is an introduction, and presents an overview of the virus situation, but viral programs are not defined until chapter two. The second chapter does describe what a virus is, and isn't, quite well. It suffers, though, from the same abandon as does the first. After having talked of bugs, trojans and worms, there is only one paragraph devoted to a definition of a virus before the book is off into the esoterica of stealth, memory residence, interrupts, and self-encryption. Chapter two goes on to discuss the detection and identification of viral programs. While we have been warned that the author will be referring to his own software, the references to it are quite casual, as if these tools were a part of DOS. The chapter concludes with an excellent section on various malfunctions which are not viral in nature but generate "false alarms". Chapter three is a brief summary of viral operation as far as infection is concerned. The digressions of chapters one and two about payloads and detection avoidance are completely absent here. This makes chapter three much better organized. The material is accurate, but readers should be warned of a somewhat iconoclastic terminology. Chapter four is the virus description list, that makes the "Dr. Solomon's Anti- Virus Toolkit" a good buy even if you don't use the program. Even this 1991 list is excellent. Some of the more recently important viri are not mentioned, but the most common programs are still the older ones, and most of what you need to know is here. (If you want an update, then buy the program--if only for the documentation.) A couple of problems: the list is not in alphabetical, or any other, discernable, order. Also, the listings, while highly accurate, are not entirely free of errors, or at least potential misinterpretations. Solomon repeats the oft-quoted line about Stoned displaying its message "every eighth infective boot-up". Stoned shows the message based upon a calculation which has one chance in eight of triggering. It is quite easy to boot more than eight times in succession without the message being displayed. As well, the message only displays when booting from a floppy disk. (This is, perhaps, what is meant by "infective boot-up".) Chapters five and six discuss procedures for dealing with viral infections and some policies for reducing the level of risk of infection and increasing the chance of detection. Chapter five, on recovery, is quite good, although short; chapter six, on protection, may be a bit too short. The book is quite short altogether. There are only 288 pages in total; less than seventy of these cover viral definitions, overview, history, cure and prevention. Most of the rest is made up of the virus listings. There is a lot to recommend this work. It is much more accurate than most. It is practical. The virus list is a very valuable resource, and even if this book is not your primary reference on protection, it should have a place as a reference for specific infectors. Although the book is dated by time, the material is covered in a manner which avoids, as far as possible, those aspects which go out of date quickly. On the negative side, the book, as the title indicates, is concerned strictly with MS-DOS. There is little or no "theoretical" background. The list of references to other material or sources is very short, and not necessarily of the best quality. Finally, there is the technical nature of the content, very demanding either of background or attention from the reader. In addition, there is, if not disorganized, precisely, at least the meandering nature of the text, which puts non-technical readers at an even greater disadvantage. Still, in comparison to many of the works on the market, this is a refreshingly accurate change. copyright Robert M. Slade, 1993 BKPCVIRS.RVW 930913 ====================== DECUS Canada Communications, Desktop, Education and Security group newsletters Editor and/or reviewer ROBERTS@decus.ca, RSlade@sfu.ca, Rob Slade at 1:153/733 Author "Robert Slade's Guide to Computer Viruses" (Oct. '94) Springer-Verlag