Book of the Month – The Myths of Security

This is another non-technical book which exposes the true & practical realities of the security. This book is compilation of lot of security facts which has the power of awakening any living soul. The facts which are hard to agree and digest, but they are true to the point.

Most thing I liked about John Viega is that he is quite outspoken and makes bold statements throughout the book. Some of the statements are so bold that some of them are against his organization, McAfee  :). Being author of the book, it takes lot of courage to put up the such statements in public.

Also some of the revelations in the book are quite outstanding and real eye opener, even for security nerds. For example, in one of the chapter he shouts ‘Google is Evil’ and exposes how its AdWords are indirectly leading to more evil things on the net.

One thing I very much agree with Author is that ‘Antivirus is useless’. I myself never install Antivirus on my personal machines. As it slows down the machine considerably and more or less does not help when it supposed to. I will better have virus on my machine once in a while than Antivirus. Also it gives you the opportunity to play with virus if it comes to your home 😉

The book not only exposes the myths but also proposes cool solutions some of the big problems faced by security industry.For example, in one of the chapter John proposes solution for identifying packed virus binaries. Since the packing is used by both good & bad guys, its good to have central association which signs the legitimate packed binaries (similar to what Microsoft does for the drivers). That way Antivirus can just mark the packed unsigned binaries as Virus. This will make the job of Antivirus much much easier and will eliminate lot of false positives.

Overall the book is worth the read and reader will be left surprised & shocked at the same time.

[ebook link – ]


Similar posts
  • Computer Security Tips: Stay Safe Onl... In recent times cyber security has raised the level of awareness and public consciousness as never before. Both large corporations and big organizations try to take care of online security as much as they can. That’s why cyber criminals and hackers have focused more on smaller companies and single entrepreneurs. This awful tendency leads to [...]
  • SecurityXploded Mentorship Programme ... I am writing this blog to share my SecurityXploded Student Mentorship Programme experience with the future students of this programme. My mentorship programme started last year in August when I was in 2nd year of MS at IIIT-Allahabad. I knew about SecurityXploded community since I used to follow their blogs, training programmes and security tools [...]
  • Code Injection and API Hooking Techni... Hooking covers a range of techniques used for many purposes like debugging, monitoring, intercepting messages, extending functionality etc. Hooking is also used by a lot of rootkits to camouflage themselves on the system. Rootkits use various hooking techniques when they have to hide a process, hide a network port, redirect file writes to some different [...]
  • Announcement – SecurityXploded ... From the past two years we are working actively on couple of projects to support the security community. As you all may already know that we have successfully completed our reversing and malware analysis training programme and we are very glad that it was very helpful for everyone. In my opinion the success of any [...]
  • Advanced Malware Analysis Training Se... Here is the quick update on this month’s Local Security meet (SX/Null/G4H/owasp) and our advanced malware training session on (Part 2) Dissecting the HeartBeat  RAT Functionalities   This is part of our FREE ‘Advanced Malware Analysis Training’ series started from Dec 2012.       In this extended session, I explained “Decrypting various Communications Of HeartBeat [...]

Leave a Reply