REVIEW: "Malware: Fighting Malicious Code", Ed Skoudis

Discussion in 'Computer Security' started by Rob Slade, doting grandpa of Ryan and Trevor, Feb 19, 2004.

  1. BKMLWFMC.RVW 20031202

    "Malware: Fighting Malicious Code", Ed Skoudis, 2004, 0-13-101405-6,
    %A Ed Skoudis
    %C One Lake St., Upper Saddle River, NJ 07458
    %D 2004
    %G 0-13-101405-6
    %I Prentice Hall
    %O U$44.99/C$67.99 +1-201-236-7139 fax: +1-201-236-7131
    %P 647 p.
    %T "Malware: Fighting Malicious Code"

    Chapter one introduces, but also mixes up, all kinds of malware,
    attack tools, and attacks. It does eventually provide a table of
    types of malware, but the definitions are not very clear or explicit.
    Chapter two has wide ranging, but careless, information about viruses.
    The strictly Cohenesque definition eliminates boot sector infectors
    from consideration, which is rather ironic given the prominence that
    they are given in the chapter. There is a confused outline of
    infection mechanisms. Many of the assertions made are based on
    questionable analysis: Strange Brew is stated to be potentially
    dangerous because of platform independence, but there is no mention of
    the fact that it fails as an applet, which is the most mobile form of
    Java code. Random thoughts on worms are in chapter three, with
    defence measures seemingly a vague afterthought. Malicious mobile
    code is limited to active content for Web pages in chapter four.
    Chapter five confuses maintenance hooks and rootkits, but mostly
    describes remote access trojans. Trojans, or trojan horse programs,
    are the broadest class of malicious software, so it is not surprising
    that chapter six is an unfocused grab bag: what is odd is that there
    is so much content that is a repeat of earlier material. Chapter
    seven deals with "user-mode" rootkits, providing lengthy examples
    which are nonetheless vague on concepts. "Kernel-mode" rootkits, in
    chapter eight, goes into excruciating operating system internals
    detail about how such software can be inserted into the system. Both
    chapters concentrate heavily on UNIX, with only limited mention of
    Windows, and both are primarily concerned about how to attack, with
    little attention paid to defence. ("Harden systems and apply
    patches.") Chapter nine theorizes about BIOS (Basic Input/Output
    System) and microcode malware, managing to confuse not only the two
    concepts with each other, but also with standard rootkits. A number
    of fictional attacks are outlined in chapter ten, although the
    "mistakes" pointed out do suggest some protective measures that might
    be of use. Chapter eleven lists hardware and software for building a
    setup to analyze malware. The book concludes with some opining in
    chapter twelve.

    The text is much more verbose than it really needs to be, and
    sensational rather than precise. There is a lot of specific detail in
    some areas, particularly for those interested in UNIX system
    internals, but the material on malware itself tends to be careless,
    and the author is obviously much keener on attacking than defending.
    This work does not offer much help to those who want to fight
    malicious code.

    copyright Robert M. Slade, 2003 BKMLWFMC.RVW 20031202


    "If you do buy a computer, don't turn it on." - Richards' 2nd Law
    ============= for back issues:
    [Base URL] site
    or mirror
    CISSP refs: [Base URL]mnbksccd.htm
    Security Dict.: [Base URL]secgloss.htm
    Security Educ.: [Base URL]comseced.htm
    Book reviews: [Base URL]mnbk.htm
    [Base URL]review.htm
    Security Educ.:
    Review mailing list: send mail to
    Rob Slade, doting grandpa of Ryan and Trevor, Feb 19, 2004
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Silverstrand

    Review: Battalion-101~ S Notebook Review

    Silverstrand, Jun 20, 2005, in forum: The Lounge
    Jun 20, 2005
  2. Silverstrand
    Jun 20, 2005
  3. Thad

    DP Review Leica Digilux 2 Review

    Thad, May 11, 2004, in forum: Digital Photography
    May 12, 2004
  4. Mike McGee
    Mike McGee
    Dec 4, 2003
  5. Replies:

Share This Page