Virus Research and Defense

• Peter Szor
• Addison-Wesley
• 0321304543

Order (or just read more about) Virus Research and Defense  from Amazon.com

More Books

Warning: heavy geek zone ahead.

Over 700 pages and two and a half pounds of virus information: history, methodology, analysis of specific attacks, analysis of detection techniques and more, all presented in fantastic detail.

Peter Szor is Symantec's chief antivirus researcher. He saw his first computer virus in 1990 when his own system was infected with the "Stoned" virus. At that time, Peter didn't even know assembly language, but he figured out that this was a boot sector virus and eventually wrote a program to eradicate it. That began his career as a virus researcher.

According to Peter, the first microcomputer virus was Elk Cloner. Things have changed a bit since then: viri might take weeks or even years to spread any significant amount. Nowadays, viruses spread so quickly that many, many machines can get infected before the virus is even noticed.

This book can be heavy geek territory. If you aren't fascinated by the details of executable programs and the like, some of this will be hard sledding. But if you are the type who likes to take things apart to see how they work, this is for you. A lot of this is, of course Windows related, but there is also coverage of Linux viruses and worms. All sorts of virus types are explored and laid out in general, and certain specific instances are explored in great detail. I have learned a lot just in my first quick read-through, and expect to spend many hours reading details more thoroughly. It's really an encyclopedic piece of work.

I was interested in Peter's description of how Macro viruses can mutate due to a bug in Microsoft's code. I was not surprised to hear him explain that virus defense is made more difficult by Microsoft refusing to release details of their file formats or, if they do release under a NDA, the information is often innacurate and incomplete. Good old Microsoft, helping us every step of the way.

Recommended mostly for the curious geek or serious security professional only, but highly, highly recommended for that audience. For the less geeky, this would still be of interest because the historical and more general overviews it contains.

Buy Take Control of Upgrading to Snow Leopard

Buy Take Control of Exploring & Customizing Snow Leopard

Jump to Comments

Many of the products and books I review are things I purchased for my own use. Some were given to me specifically for the purpose of reviewing them. I resell or can earn commissions from the sale of some of these items. Links within these pages may be affiliate links that pay me for referring you to them. That's mostly insignificant amounts of money; whenever it is not I have made my relationship plain. I also may own stock in companies mentioned here. If you have any question, please do feel free to contact me.

Specific links that take you to pages that allow you to purchase the item I reviewed are very likely to pay me a commission. Many of the books I review were given to me by the publishers specifically for the purpose of writing a review. These gifts and referral fees do not affect my opinions; I often give bad reviews anyway.

We use Google third-party advertising companies to serve ads when you visit our website. These companies may use information (not including your name, address, email address, or telephone number) about your visits to this and other websites in order to provide advertisements about goods and services of interest to you. If you would like more information about this practice and to know your choices about not having this information used by these companies, click here.