Book details of 'Desktop Witness: The Do's & Don'ts of Personal Computer Security'

Title	Desktop Witness: The Do's & Don'ts of Personal Computer Security
Author(s)	Michael A. Caloyannides
ISBN	0471486574
Language	English
Publisher	John Wiley & Sons

---

Back to shelf Computer security
Amazon.com info for Desktop Witness: The Do's & Don'ts of Personal Computer Security

Score:

Vote for this book

The Virtual Bookcase Reviews of 'Desktop Witness: The Do's & Don'ts of Personal Computer Security':

Reviewer Rob Slade wrote:
The title and the subtitle of this book are somewhat at odds. Is this text about the evidence that can be extracted from desktop machines? Or is it about protecting yourself and your personal computer or information? Caloyannides would seem to be making the point that the answer is both: that there is an overwhelming need to ensure that your computer isn't finking on you, and that you must make every effort to ensure that the government cannot obtain the information on your desktop. While he is clearly on the personal side of the privacy versus national security debate, even those who agree with him may find the arguments shrill and extreme. The subtitle of chapter one; indicating that the material is the author's opinion; should warn the reader that the discussion is editorial rather than closely reasoned. Caloyannides may, however, have hurt his own case by taking an anarchistic and almost paranoid position in stating the need for privacy against government encroachment. He does make a number of valid points, but misses other grounds that might have been convincing to a much wider audience, such as the point that the responsibility of protecting your own information is recognized in such legal areas as the difference between patent and trade secret. (A patent offers control over a device for a limited time as long as the technology is disclosed, whereas a trade secret offers protection for unlimited time as long as reasonable efforts are made to protect the information from disclosure.) The major point of chapter two appears to be that the use of encryption could, in and of itself, land you in trouble, and you should prepare to either hide the fact that encryption is taking place, or have a diversionary explanation ready for the authorities. (The recommended use of one-time-pad technology and variant keys is technically interesting, but is unlikely to survive beyond a first use. Ironically, it seems to support a point that the author made earlier: "clever" tricks that rely on obscurity provide very poor protection.) The types of information that might be available from your computer, or Internet connection, are discussed in chapter three. The material ranges over a number of topics and has a difficult structure: some points are raised more than once and there are a number of related issues that are not mentioned at all. Means of recovering some of the data, and of getting rid of it, are reported, but not consistently. Chapter four lists a vast array of protective measures. Most are very useful. Depending upon your situation, many will be considered overkill. Some are questionable: Caloyannides makes a blanket recommendation to install all operating system patches, but notes that doing so for some versions of Windows requires you to give away a lot of information. He does not, though, detail the times that official patches have made the situation worse rather than better, nor the complexity of some patches: by mid-2002 one expert noted that an effective installation of the Windows NT operating system required twenty nine steps, including no less then three separate installations of the latest service pack at different points. Oddly, while this section is supposed to review measures for computers not connected to networks, some of the points relate to activities on the Internet. Protection for connected machines is discussed in chapter five, with a heavy emphasis on the usage of the PGP encryption system. There is also an interesting insistence that steganography *is* an effective means of hiding communications: while Caloyannides points out a number of pitfalls in the use of the technology he does not mention detection measures, such as the ease of determining excessive entropy in the low-order bits of graphic images used to hide files. Secure telephony is discussed in chapter six. The legal issues reviewed in chapter seven are mostly related to recent legislation providing for additional search authority. The author does include material and actions from outside the United States. The editorial finish in chapter eight warns against a society where everything must be homogenized in order to be safe. In many places the book suffers from very poor copy editing. There are a great many instances of improper punctuation, sentence fragments, and words or phrases dropped into apparently unrelated text. Generally speaking one can discern the meaning, but deciphering the organization and intention of a section can be difficult. (Given the thrust of the book, is the author embedding hidden messages?) While there are issues of general security in the book, it is, first and last, about privacy, and primarily personal privacy. The material could have been structured more usefully, and written less stridently, but a great deal of helpful content is included. Those interested in privacy will find it interesting, and computer forensic specialists may also find it to be a handy reference. copyright Robert M. Slade, 2002
Add my review for Desktop Witness: The Do's & Don'ts of Personal Computer Security

Book description:

Do you trust your computer? You shouldn't. Personal computers are now part of the furniture in homes around the world. We use them for generating, storing and communicating documents and images; we talk to friends and family via email and surf the Web without giving too much thought to the security of our personal information. Unfortunately hacking and computer security are issues which affect all computer users, not just big corporations. What is a desktop witness? Your computer stores a record of every document you create, every e-mail you write or receive, which sites you visit on the Internet, even attachments which you don't open. An unattended computer may reveal your secrets if you leave security vulnerabilities unattended to. It may 'let in' outsiders through your IR port. It 'whispers' behind your back when you are online. Detectable radiation gives away the contents of your screen. Eavesdroppers can hear conversations through your microphone. Your computer remembers everything. What can you do? This straight-talking guide, with its easy-to-follow instructions will enable you to regain control and protect your personal information. It will show you the virtues of computer-anonymity, by making you aware of what might motivate people to access your computer in the first place, and it will help you free-up valuable memory by showing you how to really delete the files your computer stores without your knowledge. A valuable read for any computer user and absolutely essential for any individual, company or practice with information to protect.