The Myths of Security: What the Computer Security Industry Doesn't Want You to Know Review

The Myths of Security: What the Computer Security Industry Doesn't Want You to Know
Average Reviews:

(More customer reviews)
Let me start by saying I usually like John Viega's books. I rated Building Secure Software 5 stars back in 2005 and 19 Deadly Sins of Software Security 4 stars in 2006. However, I must not be the target audience for this book, and I can't imagine who really would be. The book mainly addresses consumer concerns and largely avoids the enterprise. However, if most consumers think "antivirus" when they think "security," why would they bother reading The Myths of Security (TMOS)?
TMOS is strongest when Viega talks about the antivirus (or antimalware, or endpoint protection, or whatever host-centric security mechanism you choose) industry. I didn't find anything to be particularly "myth-shattering," however. I have to agree with two of the previous reviewers. Many of the "chapters" in this book could be blog posts. The longer chapters could be longer blog posts. The lack of a unifying theme really puts TMOS at a disadvantage compared to well-crafted books. I was not a huge fan of The New School of Information Security or Geekonomics (both 4 stars), but those two titles are better than TMOS.
If you want to read books that will really help you think properly about digital security, the two must-reads are still Secrets and Lies by Bruce Schneier and Security Engineering, 2nd Ed by Ross Anderson. I would avoid Bruce's sequel, Beyond Fear -- it's ok, but he muddles a few concepts. (Heresy, I know!) I haven't read Schneier on Security, but I imagine it is good given the overall quality of his blog postings.
If you want to shatter some serious myths, spend time writing a book on the "80% myth," which is stated in a variety of ways by anyone who is trying to demonstrate that insider threats are the worst problem facing digital security. If you're going to pretend to debunk open source security, why not back it up with some numbers? Studies have been published recently, and original research and results would be welcome. How about demonstrating that user awareness training wastes money, because enough marks fall prey anyway? I'd also like to see research showing that frequent password changes are worse for security, not better. Wrap all of that in a coherent manner with substantial chapters and you have a real TMOS book.

Click Here to see more reviews about: The Myths of Security: What the Computer Security Industry Doesn't Want You to Know


If you think computer security has improved in recent years, The Myths of Security will shake you out of your complacency. Longtime security professional John Viega, formerly Chief Security Architect at McAfee, reports on the sorry state of the industry, and offers concrete suggestions for professionals and individuals confronting the issue. Why is security so bad? With many more people online than just a few years ago, there are more attackers -- and they're truly motivated. Attacks are sophisticated, subtle, and harder to detect than ever. But, as Viega notes, few people take the time to understand the situation and protect themselves accordingly. This book tells you:



Why it's easier for bad guys to "own" your computer than you think
Why anti-virus software doesn't work well -- and one simple way to fix it
Whether Apple OS X is more secure than Windows
What Windows needs to do better
How to make strong authentication pervasive
Why patch management is so bad
Whether there's anything you can do about identity theft
Five easy steps for fixing application security, and more

Provocative, insightful, and always controversial, The Myths of Security not only addresses IT professionals who deal with security issues, but also speaks to Mac and PC users who spend time online.


Buy Now

Click here for more information about The Myths of Security: What the Computer Security Industry Doesn't Want You to Know

0 comments:

Post a Comment