REVIEW: "Computer Viruses and Other Malicious Software", Organization for Economic Co-operation and

BKCVAOMS.RVW 20100607

"Computer Viruses and Other Malicious Software", Organization for
Economic Co-operation and Development, 2009, 978-92-64-05650-3
%A Organization for Economic Co-operation and Development
%C 2 rue Andre Pascal, 75775 Paris Cedex 16, France
%D 2009
%G 978-92-64-05650-3 92-64-05650-5
%I OECD Publishing
%O
%O http://www.amazon.com/exec/obidos/ASIN/9264056505/robsladesinterne
http://www.amazon.co.uk/exec/obidos/ASIN/9264056505/robsladesinte-21
%O http://www.amazon.ca/exec/obidos/ASIN/9264056505/robsladesin03-20
%O Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation)
%P 244 p.
%T "Computer Viruses and Other Malicious Software"

The executive summary doesn't tell us much except that malware is bad,
and that this report is seen as a first step in addressing the issue
in a global, comprehensive manner.

Part one, entitled "The Scope of Malware," is intended to provide
background to the problem. Chapter one, as an overview, is a random
collection of technical issues, with poor explanations. Although it
is good to see that the malware situation is defined in terms that are
more up-to-date than those in all too many security texts, the lack of
foundational material provided by the authors will necessarily limit
the perception of the issue for those readers who have not done
serious research themselves. Various stories of attacks and payloads
(not all related to malware) are listed in an equally disjointed
manner in chapter two. There are numerous errors, including in simple
aspects like arithmetic. (20 million is not "5 times" one million.)
The explanation of why we should be concerned, in chapter three, boils
down to the fact that the net is important, and malware imposes costs.

Part two turns to the economics of malware. Chapter four, while it
promises to deal with cybersecurity and economic incentives, merely
states that security is hard. Chapter five does deal with economic
factors influencing decisions of key players on the Internet, but does
so only on the basis of an opinion survey, rather than any measured
costs or benefits. Descriptions of different types of economic
situations are given in chapter six, but a final set of "findings"
doesn't seem to have much background support.

Part three is supposed to contain recommendations about actions to
take, or policies to follow, to address the malware issue.

Unfortunately, this work does not have sufficient technical depth on
areas of malware to contribute to the literature. The concept of
addressing the economic aspects is interesting, but is not
sufficiently fulfilled. Overall, this text has nothing to add to
existing information.

copyright, Robert M. Slade 2010 BKCVAOMS.RVW 20100607


======================

"Dictionary of Information Security," Syngress 1597491152
http://blogs.securiteam.com/index.php/archives/author/p1/
http://blog.isc2.org/isc2_blog/slade/index.html
http://twitter.com/rslade http://twitter.com/NoticeBored
============= for back issues:
[Base URL] site http://victoria.tc.ca/techrev/
CISSP refs: [Base URL]mnbksccd.htm
Book reviews: [Base URL]mnbk.htm
Review mailing list: send mail to
or