Sunday, August 21, 2011

The Myths of Security

Author:         John Viega
Published:     2009
Publisher:     O'Reilly Media Inc.
Paperback:   252 pages
Buy from Flipkart

The author John Viega, an IT security expert  is of the view "... and the (IT security)  industry as a whole is broken ". This viewpoint coming from a person who is the CTO of SaaS business Unit at McAfee, a leading security product vendor, is bound to grab attention of the readers who are worried about the security and privacy of their digital information stored in the confines of their computers. 

According to the author, the internet users are at heavy risk, which can be mitigated to a great extent  if the security industry examines itself and changes for better. It is not only the hackers or lay users who are to be blamed for security disasters. Security industry needs to come out with products which provide  the promised security but without  impacting  the performance of the  user's system (most of the security products tend to slow down the system !).

Through 48 short yet interesting articles (4-5 pages average, 10 pages maximum.) , the author provides his  perspectives on the security industry, identifies glaring problems, shows what the industry can do differently to give the end users more value for their money.  He promises no "silver bullet", but hopes that  the security industry takes note of  his criticism and correct the things which are fundamentally wrong. 

The articles in this book gives the author's opinion on a wide range of security subjects and issues like :
  • Anti-Virus (AV) products -   why they are slow; why they do not work well; what AV companies should be doing;  is it true that  AV companies create viruses they detect. 
  • Is vulnerability research community helping to improve security ?
  • Are Macs more secure than Windows PCs ?
  • Open Security Standards
  • Phishing, Identity Thefts
  • Personal Firewall problems
  • Why most people shouldn't run intrusion prevention system ?
  • Google is Evil - it takes only half-way measures  to check click fraud in its online advertisements. Stringent measures are actually in conflict with its business interest.
  • VPNs usually decreases security
  • HTTPS sucks: lets's kill it
  • CAPTCHA and the Usability/Security Tradeoff
Each article can be independently read, however I felt that the order of the articles could have been better organized - for e.g. AV related articles are scattered throughout the book (widely separated  chapters -6,8,12,22,23,39). Instead all the articles related to a subject could have been ordered closely.

I am not a security expert so I am not in a position to either support or oppose the author's views expressed in this book. But I found the articles written with a sense of humor a very good read and understood around 75 % of what he has to say.


No comments:

Post a Comment