Author: John Viega
Published: 2009
Published: 2009
Publisher: O'Reilly Media Inc.
Paperback: 252 pages
Buy from Flipkart
The author John Viega, an IT security expert is of the view "... and the (IT security) industry as a whole is broken ". This viewpoint coming from a person who is the CTO of SaaS business Unit at McAfee, a leading security product vendor, is bound to grab attention of the readers who are worried about the security and privacy of their digital information stored in the confines of their computers.
The author John Viega, an IT security expert is of the view "... and the (IT security) industry as a whole is broken ". This viewpoint coming from a person who is the CTO of SaaS business Unit at McAfee, a leading security product vendor, is bound to grab attention of the readers who are worried about the security and privacy of their digital information stored in the confines of their computers.
According to the author, the internet users are at heavy risk, which can be mitigated to a great extent if the security industry examines itself and changes for better. It is not only the hackers or lay users who are to be blamed for security disasters. Security industry needs to come out with products which provide the promised security but without impacting the performance of the user's system (most of the security products tend to slow down the system !).
Through 48 short yet interesting articles (4-5 pages average, 10 pages maximum.) , the author provides his perspectives on the security industry, identifies glaring problems, shows what the industry can do differently to give the end users more value for their money. He promises no "silver bullet", but hopes that the security industry takes note of his criticism and correct the things which are fundamentally wrong.
The articles in this book gives the author's opinion on a wide range of security subjects and issues like :
- Anti-Virus (AV) products - why they are slow; why they do not work well; what AV companies should be doing; is it true that AV companies create viruses they detect.
- Is vulnerability research community helping to improve security ?
- Are Macs more secure than Windows PCs ?
- Open Security Standards
- Phishing, Identity Thefts
- Personal Firewall problems
- Why most people shouldn't run intrusion prevention system ?
- Google is Evil - it takes only half-way measures to check click fraud in its online advertisements. Stringent measures are actually in conflict with its business interest.
- VPNs usually decreases security
- HTTPS sucks: lets's kill it
- CAPTCHA and the Usability/Security Tradeoff
Each article can be independently read, however I felt that the order of the articles could have been better organized - for e.g. AV related articles are scattered throughout the book (widely separated chapters -6,8,12,22,23,39). Instead all the articles related to a subject could have been ordered closely.
Links: