Need a deep, technical understanding of virus and antivirus technology? Weighing in at more than 700 pages, The Art of Computer Virus Research and Defense is the literal "brain dump" of Peter Szor, a renowned virus expert. Nothing else even comes close in terms of giving the reader the ultimate in virus analysis theory and practice.
The book is split into the familiar dichotomy: attack methods and defense methods. In the first section, Szor sets the stage for his epic work, not only providing the computer science and mathematical theories underlying computer viruses (e.g., John von Neumann's automata models), but also recounting their history starting with the "Creeper" virus in the early 1970s. "Species" of viruses -- each dedicated a separate section -- are organized in a logical hierarchy. For example, Szor divides the chapter on "Classification of Infection Strategies" into three basic sections: boot viruses, file infection techniques and Win32 viruses. A full 14 different file infection techniques are then documented -- e.g., "4.2.9 Amoeba Infections" -- all within this small corner of Szor's incredibly rich kingdom.
But the book goes even further, providing several additional taxonomies -- code environments, infection strategies, in-memory strategies and payload types. The chapter on basic self-protection strategies that viruses use to avoid detection, analysis and/or removal teaches that both sides in the virus war are equally intellectual and technically advanced.
The serious flaw afflicting Virus Research and Defense -- poor composition and writing style -- is intricately tied to its greatest strength. Presentation takes a back seat to the primary goal: jamming as much technical info into a single text as possible. While incredibly well-organized, the prose reads more like a lecture transcription than a textual composition.
Weaknesses aside, Virus Research and Defense leads the way for technical virus/antivirus books. If you are tasked with the antivirus strategy for your organization, or if you seek simply to broaden your infosecurity horizons, then this book should be on your shelf.
This was first published in May 2005