Book details of 'Malicious Mobile Code: Virus Protection for Windows (O'Reilly Computer Security)'

Title	Malicious Mobile Code: Virus Protection for Windows (O'Reilly Computer Security)
Author(s)	Roger A. Grimes
ISBN	156592682X
Language	English
Published	August 2001
Publisher	O'Reilly & Associates

---

Back to shelf Computer security
Amazon.com info for Malicious Mobile Code: Virus Protection for Windows (O'Reilly Computer Security)

Score:

Vote for this book

The Virtual Bookcase Reviews of 'Malicious Mobile Code: Virus Protection for Windows (O'Reilly Computer Security)':

Reviewer amazon.com wrote:
Defending Microsoft Windows against viruses requires careful attention to emerging technical alerts and diligence in installing manufacturers' latest patches and upgrades. You'll do a better job of keeping Windows secure if you have a body of background knowledge about security weaknesses in Windows and familiarity with good security practices. That, for the most part, is what Malicious Mobile Code is about. Roger Grimes shares facts, tells stories, and reveals technical details that will make you realize how serious a threat is posed by malicious mobile code (a catch-all term Grimes uses to describe viruses, Trojans, and the like). Further, his exposition will likely motivate you to take the precautions he recommends. Some of Grimes's advice is by now obvious (don't run executable files that arrive attached to e-mail messages), but a lot of it will be news to Windows users and even system administrators. For example, he goes into considerable detail on how BackOrifice works, with particular attention to how black-hat hackers use it to build networks of compromised machines that they can use in further attacks. He's liberal with defensive advice, as well, describing how to adjust the settings of your browser, instant messaging client, and other software to stave off attacks. There's much discussion of Registry manipulation, too. More coverage of risks specific to Windows 2000 (and Windows XP, which isn't covered here at all) would make this book better, but since many attacks are generic to 32-bit Windows environments, Grimes's work remains current. --David Wall Topics covered: Viruses, Trojans, worms, and other nasties--particularly those that can be distributed with e-mail messages, Web pages, or instant messaging tools--that can disable Microsoft Windows, or turn control of it over to unauthorized hackers. Coverage is explanatory, in a "know your enemy" sort of way, and includes lots of defensive strategies.
Reviewer Rob Slade wrote:
I have to admit to a very definite bias. My co-authors and I have just finished a book that attempts to provide up to date virus protection information to sysadmins. As I understand it, ours will be printed about three weeks after this one. I also have a problem with the title. Grimes appears to be trying to carve himself out a niche by promoting a term that nobody else is currently using. And the subtitle should more properly be, "Risk Mitigation for Microsoft Software." However, if you are using Windows, there is a good deal of information is this book that, with some diligience and additional work on your part, can help improve your security. Grimes starts off the book by listing some fallacies that we have always believed. "You can't get a virus by simply reading an email." (OK, Microsoft has amply demonstrated that they've added virus capabilities to their mail software.) "Malicious code can't harm hardware." (Well, quibbles about terminology aside, it usually can't.) "A virus can't hide from a booted write-protected diskette." (Ummm, I'm not sure that sentence even *means* anything.) Melissa and the Love Bug were serious nuisances, and even worse, but is it really accurate to say that they shut down tens of thousands of networks? This book is intended for intermediate and advanced users and system administrators, and addresses only the Microsoft Windows operating systems. While I would agree that Windows is the system most in need of virus protection and help, this focus does limit the audience. Grimes also tries to avoid the virus/worm/replicating trojan argument with the use of the term malicious mobile code, and states that the book does not deal with attacks and security holes, but the coverage of trojans, RATs (Remote Access/Administration Trojans/Tools), and browser attacks seems to contradict that position. (In fact, the more detailed description of "malicious mobile code," and the MMC acronym that Grimes creates, seems to be amply covered under the more commonly used term malware.) Chapter one provides a very brief outline of some malware related concepts. Most of the chapter concentrates on the virus writing community, although only in a superficial way. Grimes obviously feels sympathetic towards virus writers, and presents their own stories without criticism or analysis. Some details of the MS-DOS operating system, as well as basic virus technologies, are given in chapter two. The programming particulars, and a bit of virus source code, are likely to be of more help to budding virus writers than to the defending sysadmins. There are copious errors in the information listed about specific viruses. Sometimes the material is careless, such as the assertion that Michelangelo formats hard drives (the original version overwrites sections of the disk, and only the disk booted from on the trigger date). In other places the wording is slipshod, such as the implication that a seldom seen screen artifact of the Jerusalem virus is somehow responsible for file deletion. (Oddly, while Grimes does not appear to have done serious research he has obviously read my stuff at some point: one of the examples is taken almost word for word from my writings. Other passages originating in my work are recognizable, although not quite as blatant.) The recovery advice is also suspect: he reiterates the rather dangerous suggestions to format the disk or use FDISK /MBR. Some very useful information about Windows, particularly the 9x, NT, and higher versions, is presented in chapter three. The material does not often deal with malware as such, and, in a number of cases, details are either too particular or not specific enough. A few "native" Windows viruses are described in chapter four, along with some useful general security and recovery tips. Unfortunately, the virus detection and recovery tips are derivative, vague, and not always comprehensive. Chapter five has explanations of the VBA (Visual Basic for Applications) macro system in Microsoft Office applications, and lists some common macro viruses. Chapter six lumps trojans, worms, backdoors, and DDoS (Distributed Denial of Service) packages together in a somewhat confusing manner. One useful inclusion in the material is a list of RAT utilized port numbers. The invention of real-time conferencing, or instant messaging, appears to be credited to AOL, in chapter seven, although various forms existed long before AOL's existence. All forms of chat or messaging seem to be lumped together in the chapter, although it concentrates on the technology and examples from IRC (Internet Relay Chat). Chapter eight contains a reasonable overview of Web browser technologies, although Grimes makes the usual mistakes, such as confusing Secure HyperText Transfer Protocol (S-HTTP) with the https protocol specifier actually used by Secure Sockets Layer (SSL). A number of old program bugs and exploits are described in chapter nine. Most relate to browsers, although some depend on HTML enabled mail clients. The preventive measures listed, however, deal strictly with the settings on recent versions of Microsoft's Internet Explorer, and do not mention other browsers at all. Since Java applet bugs and exploits have been confined to implementation errors, it is difficult to understand why chapter ten was included in the book. Again, some older exploits are described, and there is a bit of confusion in the text between the applet sandbox model and the full Java security model. Chapter eleven examines the possibility of the malicious misuses of the ActiveX system, but first it spends a lot of time and space presenting the one security aspect of ActiveX: digital signatures. By doing so, Grimes is giving Microsoft way more than the benefit of the doubt. The text does, eventually, get around to pointing out some of the flaws in the Authenticode system, but the structure of the chapter works to downplay the dangers. In chapter twelve, the Microsoft chauvinism that has been evident in prior sections ramps up to full throttle. Grimes states that it isn't just Outlook that can be exploited for email viruses, any mail client could be so abused. (He later has to tacitly admit that almost no other email client has been so utilized, and none to the same extent.) There is even a paean of praise to Windows Script Host, the application that made the Love Bug possible. The material on virus hoaxes, in chapter thirteen, is a bit of a mix, but does have a good list of signs to watch for. Defence consists mainly of a generic security planning process and a reasonable, though brief, outline of the types of antiviral software, in chapter fourteen. Chapter fifteen finishes off with the usual look to the future. Overall, the content is wide-ranging, but not complete. There is coverage of a broader range of topics than was the case with other recent books, such as Dunham (see reviews) and Schmauder (see reviews). However, depth of research and understanding of the problem is not in evidence. The material is very questionable in view of the number of errors Grimes makes in his retailing of details of specific viruses. While some support and background content is included, the book is written in a very field independent style: at the end of the chapter you are simply supposed to do what Grimes tells you to, and believe what he says. There is virus code in the book. Not extensively, perhaps, but it is there. Grimes justifies its presence by saying that it is not code for an entire virus, and that he has made changes to disable it in any case. Unfortunately, it is real code, for some important sections of viruses, and the missing and changed bits aren't all that hard to spot. While it would not allow wannabe vxers to compile a complete virus right off the page, it would help any semi-competent code dweeb write a more functional virus. And, all protestations notwithstanding, it doesn't provide any help to the user or network manager. Aside from problems with the content, Grimes' organization and writing is careless and difficult to understand. The chapters address individual topics, and have a standard structure, but the structure is only a template. Within each topic the flow of sections and even paragraphs does not always course logically. The illustrations and figures are not very informative. This is not a good book on viruses or malware. The breadth of coverage and detailed content on macro and email virus technology does save it from being really awful: up to the summer of 2001 no other book has dealt with those topics in sufficient depth. And the MS-centrism does have one very positive advantage. If you absolutely must use Microsoft software and applications, the prevention sections of the various chapters do contain a lot of detail that will be useful in reducing the risk that you face. copyright Robert M. Slade, 2001
Add my review for Malicious Mobile Code: Virus Protection for Windows (O'Reilly Computer Security)

Book description:

Malicious mobile code is a new term to describe all sorts of destructive programs: viruses, worms, Trojans, and rogue Internet content. Until fairly recently, experts worried mostly about computer viruses that spread only through executable files, not data files, and certainly not through email exchange. The Melissa virus and the Love Bug proved the experts wrong, attacking Windows computers when recipients did nothing more than open an email. Today, writing programs is easier than ever, and so is writing malicious code. The idea that someone could write malicious code and spread it to 60 million computers in a matter of hours is no longer a fantasy. The good news is that there are effective ways to thwart Windows malicious code attacks, and author Roger Grimes maps them out in Malicious Mobile Code: Virus Protection for Windows. His opening chapter on the history of malicious code and the multi-million dollar anti-virus industry sets the stage for a comprehensive rundown on today's viruses and the nuts and bolts of protecting a system from them. He ranges through the best ways to configure Windows for maximum protection, what a DOS virus can and can't do, what today's biggest threats are, and other important and frequently surprising information. For example, how many people know that joining a chat discussion can turn one's entire computer system into an open book? Malicious Mobile Code delivers the strategies, tips, and tricks to secure a system against attack. It covers: The current state of the malicious code writing and cracker community How malicious code works, what types there are, and what it can and cannot do Common anti-virus defenses, including anti-virus software How malicious code affects the various Windows operating systems, and how to recognize, remove, and prevent it Macro viruses affecting MS Word, MS Excel, and VBScript Java applets and ActiveX controls Enterprise-wide malicious code protection Hoaxes The future of malicious mobile code and how to combat such code These days, when it comes to protecting both home computers and company networks against malicious code, the stakes are higher than ever. Malicious Mobile Code is the essential guide for securing a system from catastrophic loss.