Secure Reads: The Art of Computer Virus Research and Defense - Information Security Magazine

Secure Reads: The Art of Computer Virus Research and Defense

The Art of Computer Virus Research and Defense
By Peter Szor
713 pages, $49.99
Symantec Press

@exb

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

The Art of Computer Virus Research and Defense
@exe Need a deep, technical understanding of virus and antivirus technology? Weighing in at more than 700 pages, Virus Research and Defense is the literal "brain dump" of Peter Szor, a renowned virus expert. Nothing else even comes close in terms of giving the reader the ultimate in virus analysis theory and practice.

The book is split into the familiar dichotomy: attack methods and defense methods. In the first section, Szor sets the stage for his epic work, not only providing the computer science and mathematical theories underlying computer viruses (e.g., John von Neumann's automata models), but also recounting their history starting with the "Creeper" virus in the early 1970s. "Species" of viruses--each dedicated a separate section--are organized in a logical hierarchy. For example, Szor divides the chapter on "Classification of Infection Strategies" into three basic sections: boot viruses, file infection techniques and Win32 viruses. A full 14 different file infection techniques are then documented--e.g., "4.2.9 Amoeba Infections"--all within this small corner of Szor's incredibly rich kingdom.

But the book goes even further, providing several additional taxonomies--code environments, infection strategies, in-memory strategies and payload types. The chapter on basic self-protection strategies that viruses use to avoid detection, analysis and/or removal teaches that both sides in the virus war are equally intellectual and technically advanced.

The serious flaw afflicting Virus Research and Defense--poor composition and writing style--is intricately tied to its greatest strength. Presentation takes a back seat to the primary goal: jamming as much technical info into a single text as possible. While incredibly well-organized, the prose reads more like a lecture transcription than a textual composition.

Weaknesses aside, Virus Research and Defense leads the way for technical virus/antivirus books. If you are tasked with the antivirus strategy for your organization, or if you seek simply to broaden your infosecurity horizons, then this book should be on your shelf.

This was first published in April 2005