Virus Research and Defense


  • Peter Szor
  • Addison-Wesley
  • 0321304543

Order (or just read more about) Virus Research and Defense  from Amazon.com

More Books

Warning: heavy geek zone ahead.


Hate these ads?


Over 700 pages and two and a half pounds of virus information: history, methodology, analysis of specific attacks, analysis of detection techniques and more, all presented in fantastic detail.

Peter Szor is Symantec's chief antivirus researcher. He saw his first computer virus in 1990 when his own system was infected with the "Stoned" virus. At that time, Peter didn't even know assembly language, but he figured out that this was a boot sector virus and eventually wrote a program to eradicate it. That began his career as a virus researcher.

According to Peter, the first microcomputer virus was Elk Cloner. Things have changed a bit since then: viri might take weeks or even years to spread any significant amount. Nowadays, viruses spread so quickly that many, many machines can get infected before the virus is even noticed.

This book can be heavy geek territory. If you aren't fascinated by the details of executable programs and the like, some of this will be hard sledding. But if you are the type who likes to take things apart to see how they work, this is for you. A lot of this is, of course Windows related, but there is also coverage of Linux viruses and worms. All sorts of virus types are explored and laid out in general, and certain specific instances are explored in great detail. I have learned a lot just in my first quick read-through, and expect to spend many hours reading details more thoroughly. It's really an encyclopedic piece of work.

I was interested in Peter's description of how Macro viruses can mutate due to a bug in Microsoft's code. I was not surprised to hear him explain that virus defense is made more difficult by Microsoft refusing to release details of their file formats or, if they do release under a NDA, the information is often innacurate and incomplete. Good old Microsoft, helping us every step of the way.

Recommended mostly for the curious geek or serious security professional only, but highly, highly recommended for that audience. For the less geeky, this would still be of interest because the historical and more general overviews it contains.

Many of the products and books I review are things I purchased for my own use. Some were given to me specifically for the purpose of reviewing them.

I resell or can earn commissions from the sale of some of these items. Links within these pages may be affiliate links that pay me for referring you to them. That's mostly insignificant amounts of money; whenever it is not I have made my relationship plain. I also may own stock in companies mentioned here. If you have any question, please do feel free to contact me.




Comments


Don't miss responses! Subscribe to Comments by RSS or by Email

Click here to add your comments

If you want a picture to show with your comment, go get a Gravatar


Have you tried Searching this site?

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more. We appreciate comments and article submissions.

Publishing your articles here


book graphic unix and linux troubleshooting guide

My Troubleshooting E-Book will show you how to solve tough problems on Linux and Unix systems!





pavatar.jpg
More:
       - Security
       - Code
       - Programming











Change Congress