The Myths of Security: What the Computer Security Industry Doesn't Want You to Know

Front Cover
"O'Reilly Media, Inc.", Jun 19, 2009 - Business & Economics - 238 pages
0 Reviews

If you think computer security has improved in recent years, The Myths of Security will shake you out of your complacency. Longtime security professional John Viega, formerly Chief Security Architect at McAfee, reports on the sorry state of the industry, and offers concrete suggestions for professionals and individuals confronting the issue.

Why is security so bad? With many more people online than just a few years ago, there are more attackers -- and they're truly motivated. Attacks are sophisticated, subtle, and harder to detect than ever. But, as Viega notes, few people take the time to understand the situation and protect themselves accordingly. This book tells you:

  • Why it's easier for bad guys to "own" your computer than you think
  • Why anti-virus software doesn't work well -- and one simple way to fix it
  • Whether Apple OS X is more secure than Windows
  • What Windows needs to do better
  • How to make strong authentication pervasive
  • Why patch management is so bad
  • Whether there's anything you can do about identity theft
  • Five easy steps for fixing application security, and more

Provocative, insightful, and always controversial, The Myths of Security not only addresses IT professionals who deal with security issues, but also speaks to Mac and PC users who spend time online.

 

What people are saying - Write a review

We haven't found any reviews in the usual places.

Contents

The Security Industry Is Broken
1
Nobody Cares
5
Its Easier to Get 0wned Than You Think
9
Its Good to Be Bad
19
Would I Use It?
25
Why Microsofts Free AV Wont Matter
29
Google Is Evil
33
Why Most AV Doesnt Work Well
41
Host Securitys Silver Bullet?
135
When Will We Get Rid of All the Security Vulnerabilities?
139
Application Security on a Budget
145
Responsible Disclosure Isnt Responsible
153
Are ManintheMiddle Attacks a Myth?
163
An Attack on PKI
167
HTTPS Sucks Lets Kill It
171
CrAPTCHA and the UsabilitySecurity Tradeoff
175

Why AV Is Often Slow
49
Four Minutes to Infection?
55
Personal Firewall Problems
59
Call It Antivirus
65
Why Most People Shouldnt Run Intrusion Prevention Systems
71
Problems with Host Intrusion Prevention
75
Plenty of Phish in the Sea
79
The Cult of Schneier
87
Helping Others Stay Safe on the Internet
91
Legitimate Vendors Sell It Too
95
Living in Fear?
99
Is Apple Really More Secure?
105
OK Your Mobile Phone Is Insecure Should You Care?
109
Do AV Vendors Write Their Own Viruses?
113
One Simple Fix for the AV Industry
115
A Red Herring
119
Why SiteAdvisor Was Such a Good Idea
127
Is There Anything We Can Do About Identity Theft?
129
No Death for the Password
181
Spam Is Dead
187
Improving Authentication
191
Cloud Insecurity?
197
What AV Companies Should Be Doing AV 20
203
VPNs Usually Decrease Security
213
Usability and Security
215
Privacy
217
Anonymity
219
Improving Patch Management
221
An Open Security Industry
223
Academics
225
Locksmithing
227
Critical Infrastructure
229
Epilogue
231
Index
233
Copyright

Other editions - View all

Common terms and phrases

About the author (2009)

John Viega is CTO of the Software-as-a-Service Business Unit at
McAfee, and was previously Vice President, Chief Security Architect at
McAfee. He is an active advisor to several security companies,
including Fortify and Bit9, and is the author of a number of security
books, including Network Security with OpenSSL (O'Reilly) and Building
Secure Software (Addison-Wesley).

John is responsible for numerous software security tools and is the
original author of Mailman, the popular mailing list manager. He has
done extensive standards work in the IEEE and IETF, and co-invented
GCM, a cryptographic algorithm that NIST (US Department of Commerce)
has standardized. He holds a B.A. and M.S. from the University of
Virginia.