The Art of Computer Virus Research and Defense (Symantec Press)

Author - Peter Szor ... [Goo?] [Posters]

This Paperback Book item from Addison-Wesley Professional was reviewed on 3-Apr-2008.

Search ISBN:0321304543 offer from Abebooks or used books from Alibris. The Art of Computer Virus Research and Defense (Symantec Press) Reference Book. Classifications : Viruses Security & Encryption Web Development Computers & Internet Subjects Books Privacy Business & Culture Computers & Internet Subjects Books Network Security Networking Computers & Internet Subjec . Click the following link to view the cover of The Art of Computer Virus Research and Defense (Symantec Press).

Related topics: Viruses. Web Development. Subjects. Books. Privacy. Business & Culture. Subjects. Books. Network Security. Networking.

1) Paperback Book The Art of Computer Virus Research and Defense (Symantec Press) by Addison-Wesley Professional. Peter Szor´s book is definitely THE book any aspiring anti-virus researcher and computer security professional must read. It is very broad and information-packed, covering just about every single important aspect of computer viruses and anti-virus research. The book is very technical which, from my point of view, is a big plus - although beginners might find some parts of it daunting. This is definitely no "viruses for dummies" book. In the field of computer viruses and anti-virus research, this book is what Donald Knuth´s Art of Computer Programming, The, Volumes 1-3 Boxed Set (2nd Edition) (The Art of Computer Programming Series) is for computer scientists.

The only gripe I have is that it is perhaps not deep enough. While every important aspect of viruses and anti-virus defense is covered, some of them are not covered deeply enough. This is not the author´s fault but the publisher´s. Originally, the author intended to write two separate volumes (one dedicated to computer viruses and one dedicated to anti-virus defenses), covering in depth every aspect of these two areas. However, the publisher imposed size restrictions on him. Although the book is rather thick (700+ pages), the space is still not enough to cover in sufficient depth every important aspect of this field.

However, each chapter contains references for further reading and the interested reader can do their own research of the aspects that are not covered deeply enough.

In summary: excellent book, useful both as a textbook and as a reference. Great read, information-packed, useful. Just don´t expect to find any "how to write a virus" recipies there - fortunately, the author went to great lengths to avoid them.¤

2) Paperback Book The Art of Computer Virus Research and Defense (Symantec Press) by Addison-Wesley Professional. As a relative amature in the subject of computer viruses, this book was very helpful. With a little background in basic computing, you can easily understand this book. The book starts off simple virus from back in the day, describing the first viruses to appear. The book then goes into detail about the more advanced forms of virus infections and viruses to appear on more modern systems. After reading the book, i came away with a new respect for the art of self replicating code (aka Virus), and the techniques that virus researchers use to develop software to protect your PC from these threats.¤

3) Paperback Book The Art of Computer Virus Research and Defense (Symantec Press) by Addison-Wesley Professional. I was wondering in the bookshop trying to find some in-depth books on Computer Virus and Network Security and suddenly I came across this book. In a few pages the book lit up my eyes and the author successfully attracted my attention and I was simply amazed by his solid background and rich knowledge and also his effort in presenting all the materials in an orderly and logical way that has successfully flatten the learning curve for people fresh to the area.
Well, some people may complain that this is a disappointing book in that it hasn´t gone far enough to illustrate the necessary virus writing skills and they believe only in this way can one speciallized in virus defense benefit most. Again, this is not the truth as far as I see. If one simply want to write virus by following existing codes he can only gain a narrow horizon by focusing upon one or two popular virus. But as the old idiom goes, you will miss the forest by seeing a tree only. New virus are produced by those high-intelligent poeple everyday and promises to continue to come in the forseeable future. New technologies too, emerge and then disapper with the patch or hot fixes. But as long as you have a comprehensive knowledge of the basic of virus research and defense you will never lose in this battle against virus. I think the author has trying to model his book to be some thing beyond the mere technology collection but to present to us how one might equip himself with the fundamental knowledge of the virus´s history, main ideas, or even try to give definition in some places. So this is why the author names his creation to be "Virus research & defense" instead of "virus writing & defense". And as far as I see, his attempt has been a huge success.
And what´s more, even for people who are crazy about writing virus this book is not such a disappointment. It incorporate many code snippet into the book and these code has actually reveal the dark side of the virus and one smart enough and with some knowledge in coding will be able to rebuild the complete viruses. Those who complain about the lack of virus writing skills might better try to figure out the reason in themselves. Anyway, there are a lot of sample virus within your easy reach on the internet. So why take the trouble to reproduce it here?
And finally I would like to show my thanks for the great effort Peter has spent on this book. For me this book has brought to me great pleasures and it has helped to orgnize my knowledge about computer virus in a more systematical manner. For those either new to the area or those professionals this is a must read and you shouldn´t miss it.¤

4) Paperback Book The Art of Computer Virus Research and Defense (Symantec Press) by Addison-Wesley Professional. If you are interested in historical details about viruses/malware, if you are searching for details about various techniques getting used by malicious software and if you are interested how people in the AV industry work... This book is definatly THE reference. Peter, a very competent virus researcher, who is known through his various articles in the Virus Bulletin magazine shows you all the techniques you need to analyse, to detect and to remove malicious software. His technical overview includes the entire history of computer viruses and is written in a very impressive and entertaining style. While I have read many books and articles about exploiting software, he also serves the most understandable definition of exploiting techniques like the classical stack overflow etc. I must say that his style impressed me so much that I read through the book in one day, something normally happening to me when reading thrillers of James Patterson. But this book is so well written, that you can rarely lay it out of your hands. You just want to know where Peter leds to, the next step in the voyage through the malicious world of computer viruses and malware. This book is geared through everybody trying to understanding what´s happening in the malicious code polluting the Internet. For me well worth the money I spent on it.¤

5) Paperback Book The Art of Computer Virus Research and Defense (Symantec Press) by Addison-Wesley Professional. The book is very disappointing in that the author does not show explicitly how to create and code viruses. The author explains in the preface that he does not include such code because of its obvious dangers. This reviewer believes however that the more understanding we have of viruses the better we can deal with their threats. We need to understand just what is possible, and this can only be done by creating viruses that may or may not be hazardous to computer systems. The more viruses that we create and then study the more we can guard against their infection. This goes for computer viruses as well as biological ones. Yes, there are dangers involved in doing this, but these dangers are nullified by the tools and artificial immune systems that we create in the process of studying viruses.

The book of course is not without its merits, one of these being the discussion of the history of computer viruses, which the author includes in the first chapter of the book. The designation "computer virus" was done in 1984, at which time a formal mathematical model was created for computer viruses. The author defines a computer virus as being a program that can recursively and explicitly copy a possibly evolved version of itself. This definition he says covers the notion of a `companion virus´, which does not necessarily modify the code of other programs.

The author is also very thorough in his treatment of the different viruses and their association with specific computer platforms. In addition, he gives a detailed treatment of how to analyze a computer virus using disassemblers, debuggers, emulators, virtual machines, virus test networks, and unpackers, along with various other tools. Readers will definitely benefit from knowledge of assembly code.

For non-experts in virus research (such as this reviewer) but who have a strong mathematical background, a natural question to ask is whether one could develop a highly sophisticated computer immune system that would be able to detect any kind of computer virus within a reasonable time scale. The author believes that this cannot be accomplished, quoting a result by the mathematician Frederick Cohen (the inventor of the term "computer virus") indicating that such an immune system is not possible. The Cohen proof is not included in the book unfortunately, but a perusal of the literature will reveal that the proof is based, as expected, on the theory of computability and Turing machines. What Cohen showed was that the detection of generic computer viruses is undecidable by showing that if such a procedure existed, it would solve the halting problem for Turing machines.

Given the Cohen result, it is appropriate to ask whether viruses can come in such a wide variety as to make their detection and annihilation unique to the actual virus. In addition, it would appear that after a reasonable amount of time, it would become more difficult for virus writers to come up with `exotic´ viruses that elude detection. Have most of the effective or interesting viruses already been invented, and therefore countered, by anti-virus programs? When reading this book one gets the impression that this is the case. However, the author shows that such a judgment would be premature, and he spends a fair amount of time in the book discussing possible future developments in computer viruses, particularly in distributed environments.

Even if virus writers are exhausting the possibilities for effective viruses, they can still find ways of evading the detection programs, using encryption for example. The author discusses several different approaches to the encryption of viruses, all of these having varying degrees of success, depending of course on the resources and knowledge base of the virus analyst. An interesting topic discussed in this connection is the origin of `oligomorphic´ viruses, which change their decryptors in new generations. The `polymorphic´ viruses, which are the next stage in complexity, are also discussed in this context, these allowing the mutation of their decryptors in possibly millions of different forms. When a virus is able to create new generations of itself that look different, it is called a ´metamorphic´ virus. The author gives examples of these, how thay are detected, and the possibility of using them to construct a virus generator able to create new virus mutations on the fly without any human intervention. One of the metamorphic viruses, named W95/Zmist, is described by the author as being one the most complex binary viruses ever created. For that reason it is discussed in detail in the book. This discussion is fascinating reading, and one would have hoped that the source code was supplied in the book in order to allow responsible and curious individuals to create the W95/Zmist virus and study its behavior in real systems under controlled laboratory conditions.

The author does not distinguish between computer worms and viruses, except to say that the former are sometimes distinguished from the latter in the way they infect networks. A worm does not usually need to infect files but can propagate as a standalone program. However, the author gives examples of worms that do propagate by the infection of files. Illicit information gathering is the purpose of most worms, and the author discusses several different techniques that worms use to obtain this information. Particularly interesting to read about are the different techniques that computer worms are used to propagate themselves. One of these involves instant messaging, which because of its popularity will certainly be one that is given more attention by future attackers.

Virus writers will become more creative in the future, and their efforts will no doubt be discussed in future editions of this book. But it is the more subtle approaches that remain undiscovered that are the most devastating to both individuals and businesses. One gets the impression when reading this book that most of the viruses are created by pranksters who gain emotional reinforcement by the success of the exploits. The antivirus defense techniques work in the latter but not the former.¤

Page Updated: Robert N. Goolsby, 1-May-2008, 03213045439780321304544, 190-430-3X0-740-170-411-8

The Art of Computer Virus Research and Defense (Symantec Press), Book, Image © Addison-Wesley Professional

Search: Addison-Wesley Professional, Book Posters, Book Art