Malicious Mobile Code
By Roger A. Grimes
Opening this book a few days after Nimda hit, I was hoping it would provide some insight into the mechanisms that this hybrid worm used to spread itself across the 'Net. Although hostile code is one of the more serious infosec problems, book publishers haven't kept up with the significant changes in the hostile code environment brought about by ubiquitous e-mail, always-on Internet connectivity and the near universal use of Microsoft Word. With chapters on Windows, macro viruses, Java, ActiveX and e-mail, this book is aimed at a huge hole in everyone's security library. Unfortunately, like a marksman shooting in the dark, it largely misses its target.
I enjoyed the section on instant messaging, and learning a lot about a subject that I previously knew very little about. But many sections, such as the ones on Web protocols, security software and digital signatures, are full of misleading "simplifications" or errors. For instance, the author describes code as being "signed by a digital certificate." Someone who mistakenly believes that a certificate contains the private key will have difficulty making good organizational decisions on the acceptability of signed external code. The statement "IDS programs rely on signatures that need constant updating with an AV scanner" is horribly wrong -- one of many sentences that are apparently the victims of "Trojan prepositions." Note to Grimes and his editors: Honeypots can't help an admin learn where an attacker is physically located.
A list of the characteristics of a hypothetical "good" AV product is provided, but no guidance is offered on how to evaluate products for these attributes. And while the names of the most popular vendors are provided, their offerings aren't compared. Only one product is covered, but the multi-page "review" of Symantec's suite is really just a laundry list of its features.
They say you should never judge a book by its cover; advice that is supported in this case. The title Malicious Mobile Code is based on a flawed understanding of what constitutes mobile code, and an awkward attempt to define Trojan horse is further weakened by inconsistent usage. Both of these crucial terms are used so broadly that they become practically meaningless. I went through the book with a fine-toothed comb, using orange highlighting for awkward or misleading text, pink for outright mistakes and green for interesting advice or revelations. My copy now is glowing orange, punctuated by pink stripes. I felt moved to uncap the green highlighter less than a dozen times.
Neither the technical review nor the copyediting is consistent with O'Reilly's normal standards. The poor writing and factual errors prevent this book from fulfilling the pressing need for a comprehensive guide to today's hostile code problem. The author made a great start, but the publisher dropped the ball and didn't add the value that was needed to make it what it should've been.