To print this page properly - use Print icon located on the page.
Please note that JavaScript has to be enabled.
 

Title - Computer Security Basics & Steal This Computer Book 4.0: What They Won't Tell You About the Internet

Author – Ken Rogers, GCPCUG Member
Category - Book
Subject - Computer Security, two points of view from two books
Date - October 2006

 

ComputerSecurityBasics.jpgProtecting your computer is like flossing your teeth. You know you should do it, and you feel good for having done it, but the task is so mundane and daunting (human fingers weren’t designed to reach so far back into one’s own mouth, and a firewall manual can generate blank stares from even the most computer literate) that you just feel like putting the whole thing off and hoping for the best.

 

Writers of computer security books, therefore, have a unique challenge. On the one hand, they have a large potential audience, motivated readers who value secure computing as much as they do good dental hygiene. On the other hand, their topic has all the inherent interest of changing your motor oil, Canadian politics, and the Cleveland Browns’ offense.

 

There are numerous books available to help those who’ve finally resolved to stop ignoring security. The two books for this review, Computer Security Basics and Steal This Computer Book, take very different approaches to the subject. Computer Security Basics, written by and for corporate IT security professionals, is a straightforward, analytical overview of computer security. Steal This Computer Book, meanwhile, is anything but straightforward. Written from the perspective of hackers, the latter book is far more interesting, and ironically provides more useful information on computer security than the former.

 

Computer Security Basics reads like a textbook. If you’re taking Computer Security 101, or just have an interest in computer history, cryptology, or government security standards – if you’d like to know how viruses and worms work, or the vulnerabilities of TCP and UDP – this book will meet your needs. On the other hand, veteran IT professionals will probably find this book too basic – if you already know the difference between DES, AES, and RSA, you’ll probably find this book covers ground you traveled some time ago.

 

And if you’re a home user who just wants to know if his firewall is doing its job, there’s not much here for you at all. Computer Security Basics is rich in the history and theory of computer security, but poor in practical advice on keeping your computer secure. “What does it mean to perform regular backups?” ask the authors rhetorically in the chapter on data backups. “That’s an organizational decision,” they respond, and follow with a cursory mention of the variables involved in making such a decision, such as the number of users and volume of work. The book provides plenty of theory, most of it good, but offers little help figuring out how to apply it. (A notable exception is the chapter on wireless security, which offers practical advice that is as useful in the home as it is in the corporate world.)

 

To make matters worse for home users, Computer Security Basics is written in flat, didactic prose – again, much like a textbook. Perhaps the only section that I enjoyed reading was the chapter on biometrics. Fingerprint scanners, I learned, can be programmed to send a distress signal if a user accesses the system in a certain way – for example, if someone is being coerced into helping an unauthorized individual gain access, he or she can send a warning by using the left-index finger instead of the right. That’s not terribly useful information for home users, but I bet you’ll see this on an episode of “24” next year.

 

Computer Security Basics is a book you have to but not want to read, just like dental floss is something you have to but not want to use. Steal This Computer Book, however, demonstrates that you can write about computer security in an engaging manner. Invoking the title and ethos of Abbie Hoffman’s 1970 counter-cultural bestseller (there’s a delicious oxymoron for you), this book promotes the perspective of the hacker. While John and Jane Doe may believe hackers are criminals, Steal This Computer Book justifies hacking as a justifiable act in a world where software companies install spyware with their applications, governments monitor our online and offline activities, and corporate media routinely manipulates public opinion. Hacking is seen as a technical and intellectual challenge, an act of problem-solving rather than troublemaking, exploration not exploitation. The book is not a hacker how-to manual – you won’t learn how to break into your neighbor’s bank account – but rather a hacker manifesto.

 

And despite being written from the other side of the fence, Steal This Computer Book provides more practical advice for protecting your computer than Computer Security Basics. Configuring Internet Explorer to limit exposure to rogue ActiveX controls, using multiple anti-spyware applications, disabling the Windows Messenger service – these are the tips that you just don’t find in Computer Security Basics, with its theoretical emphasis.

 

Steal This Computer Book also comes with a CD containing dozens of applications. You may not have much use for the keyboard loggers and other hacker applications, but you’ll certainly find some of the security diagnostic programs and utilities helpful. A particular useful program is EULA Analyzer, a free application (as most on the CD are, although some require a license for full functionality) that will analyze the text of software end user license agreements for potential security concerns, such as an agreement to have your web usage monitored.

 

Perhaps the best feature, though, of Steal This Computer Book is that it is as entertaining as it is informative, mostly because it doesn’t restrict itself to technical details, the “zeroes and ones” of computing. Social engineering, dumpster diving, lock picking, and pirate radio broadcasts are just some of the topics included in this book’s broad perspective. The digressions into non-computing topics, such as the deconstruction of “reality” television (warning to “American Idol” fans – skip chapter 15), are lively and engaging. At times the rhetoric can get out of hand, such as the sophomoric analysis of the reasons for Beaver College’s name change to Arcadia University (sorry, it had a lot more to do with content filters blocking access to the college’s web site), and the historical claim that the Social Security system is a pyramid scheme – but if it never took risks that sometimes failed, could it ever really challenge our assumptions?

 

Flossing your teeth will never be fun, but by listening to good music or a recorded book you can perhaps get some satisfaction as you cram your fingers into your mouth. In much the same manner, by choosing the unconventional (Steal This Computer Book) over the customary (Computer Security Basics), you can brush up on your computer security knowledge without feeling that flossing seems pleasant in comparison.

 

Computer Security Basics, 2nd Edition

Rick Lehtinen, Deborah Russell and G.T. Gangemi Sr.

O’Reilly

ISBN: 0-596-00669-1

310 pages, US $39.99

 

Steal This Computer Book 4.0: What They Won’t Tell You About the Internet

Wallace Wang

No Starch Press

ISBN 1-59327-105-0

376 pages, US $29.95


Discount of 35% for User Group members
Use code: DSUG
http://www.oreilly.com

 
 
apcug logo 1 inch.jpgThe information, web links and articles presented here, are done as a public service. The Greater Cleveland PC Users Group (GCPCUG) does not condone software privacy. Before trying any programs, websites, techniques or suggestions on your computers, you should have a backup of your hard drives. Opinions expressed by authors of articles on the site are not necessarily those of the GCPCUG. Mention of products or websites in no way constitutes endorsement by GCPCUG.The GCPCUG is a member of the Association of Personal Computer User Groups (APCUG)