Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.

  • Apple
  • Android
  • Windows Phone
  • Android

To get the free app, enter your email address or mobile phone number.

The Myths of Security: What the Computer Security Industry Doesn't Want You to Know 1st Edition

3.8 out of 5 stars 34 customer reviews
ISBN-13: 978-0596523022
ISBN-10: 0596523025
Why is ISBN important?
ISBN
This bar-code number lets you verify that you're getting exactly the right version or edition of a book. The 13-digit and 10-digit formats both work.
Scan an ISBN with your phone
Use the Amazon App to scan ISBNs and compare prices.
Have one to sell? Sell on Amazon
Buy used On clicking this link, a new layer will be open
$7.16 On clicking this link, a new layer will be open
Buy new On clicking this link, a new layer will be open
$24.07 On clicking this link, a new layer will be open
More Buying Choices
38 New from $2.50 28 Used from $1.74
Free Two-Day Shipping for College Students with Amazon Student Free%20Two-Day%20Shipping%20for%20College%20Students%20with%20Amazon%20Student


Save Up to 90% on Textbooks Textbooks
$24.07 FREE Shipping on orders over $35. In Stock. Ships from and sold by Amazon.com. Gift-wrap available.

Frequently Bought Together

  • The Myths of Security: What the Computer Security Industry Doesn't Want You to Know
  • +
  • Hacking: The Next Generation (Animal Guide)
Total price: $54.33
Buy the selected items together

Editorial Reviews

About the Author

John Viega is CTO of the Software-as-a-Service Business Unit atMcAfee, and was previously Vice President, Chief Security Architect atMcAfee. He is an active advisor to several security companies,including Fortify and Bit9, and is the author of a number of securitybooks, including Network Security with OpenSSL (O'Reilly) and BuildingSecure Software (Addison-Wesley).

John is responsible for numerous software security tools and is theoriginal author of Mailman, the popular mailing list manager. He hasdone extensive standards work in the IEEE and IETF, and co-inventedGCM, a cryptographic algorithm that NIST (US Department of Commerce)has standardized. He holds a B.A. and M.S. from the University ofVirginia.

NO_CONTENT_IN_FEATURE


Like this book? Find similar titles in the O'Reilly Bookstore.

Product Details

  • Paperback: 264 pages
  • Publisher: O'Reilly Media; 1 edition (June 29, 2009)
  • Language: English
  • ISBN-10: 0596523025
  • ISBN-13: 978-0596523022
  • Product Dimensions: 5.5 x 0.7 x 8.5 inches
  • Shipping Weight: 9.6 ounces (View shipping rates and policies)
  • Average Customer Review: 3.8 out of 5 stars  See all reviews (34 customer reviews)
  • Amazon Best Sellers Rank: #1,518,289 in Books (See Top 100 in Books)

Related Media


More About the Author

John is Executive Vice President at SilverSky, the leader in cloud security solutions. John is the former editor-in-chief for IEEE Security and Privacy Magazine, and his technical work in cryptography has been standardized by NIST, the IEEE and IETF. Prior to SilverSky, John was CTO for Software-as-a-Service at McAfee.

John started out writing fiction in high school and college, but Randy Pausch (of Last Lecture Fame) convinced him to make a career in technology.


Customer Reviews

Top Customer Reviews

Format: Paperback
Let me start by saying I usually like John Viega's books. I rated Building Secure Software 5 stars back in 2005 and 19 Deadly Sins of Software Security 4 stars in 2006. However, I must not be the target audience for this book, and I can't imagine who really would be. The book mainly addresses consumer concerns and largely avoids the enterprise. However, if most consumers think "antivirus" when they think "security," why would they bother reading The Myths of Security (TMOS)?

TMOS is strongest when Viega talks about the antivirus (or antimalware, or endpoint protection, or whatever host-centric security mechanism you choose) industry. I didn't find anything to be particularly "myth-shattering," however. I have to agree with two of the previous reviewers. Many of the "chapters" in this book could be blog posts. The longer chapters could be longer blog posts. The lack of a unifying theme really puts TMOS at a disadvantage compared to well-crafted books. I was not a huge fan of The New School of Information Security or Geekonomics (both 4 stars), but those two titles are better than TMOS.

If you want to read books that will really help you think properly about digital security, the two must-reads are still Secrets and Lies by Bruce Schneier and Security Engineering, 2nd Ed by Ross Anderson. I would avoid Bruce's sequel, Beyond Fear -- it's ok, but he muddles a few concepts. (Heresy, I know!) I haven't read Schneier on Security, but I imagine it is good given the overall quality of his blog postings.

If you want to shatter some serious myths, spend time writing a book on the "80% myth," which is stated in a variety of ways by anyone who is trying to demonstrate that insider threats are the worst problem facing digital security.
Read more ›
Comment 29 of 32 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Paperback
The Myths of Security: What the Computer Security Industry Doesn't Want You to Know is an interesting and thought-provoking book. Ultimately, the state of information security can be summed up in the book's final three sentences, in which John Viega writes that 'real, timely improvement is possible, but it requires people to care a lot more [about security] than they do. I'm not sure that's going to happen anytime soon. But I hope it does.'

The reality is that while security evangelists such as Viega write valuable books such as this, it is for the most part falling on deaf ears. Most people don't understand computer security and its risks, and therefore places themselves and the systems they are working in danger. Malware finds computers to load on, often in part to users who are oblivious to the many threats.

Much of the book is made up of Viega's often contrarian views of the security industry. With so much hype abound, many of the often skeptical views he writes about, show what many may perceive are information security truths, are indeed security myths.

From the title of the book, one might think that there is indeed a conspiracy in the computer security industry to keep users dumb and insecure. But as the author notes in chapter 45 -- An Open Security Industry, the various players in the computer security industry all work in their own fiefdoms. This is especially true when it comes to anti-virus, with each vendor to a degree reinventing the anti-virus wheel. The chapter shows how sharing amongst these companies is heavily needed. With that, the book's title of What the Computer Security Industry Doesn't Want You to Know is clearly meant to be provocative, but not true-life.

The book is made up of 48 chapters, on various so called myths.
Read more ›
Comment 16 of 21 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Paperback
I expected much more from John Viega, but this book has so much unsubstantiated opinion and reads like an arrogant and ill thought out blog, that I want to return the book for a refund.

Chapter 5, "Test of a Good Security Product: Would I Use It?", he then lists some he uses and those he doesn't:

Under the "he does use it" category: "I've been forced to run god-awful VPN (virtual private net-work) software at work (usually the crappy Cisco client). This allows me to access my company's resources even when I'm not actually in the office."

So I take it the god-awful software is a pass of this test? And the use of VPN software to access internal office network resources is a revelation?

Under the "he does NOT use it" category: he lists firewalls and his reasoning? Because he does not need to use one at home, on account that his cable MODEM and wireless router are NAT capable and therefore hosts behind them are not externally addressable. So firewalls fail the "good security product" test because John Viega does not need them at home? Seriously?

He then ends the "does NOT use" category with "Any other consumer security product"!

In Chapter 16, "The Cult of Schneier", he has a few stabs at Bruce Schneier, but does not give any specifics with the technical depth that Bruce Schneier deserves. He complains that Applied Cryptography is overly referred to by Schneier cultists, given that it has been 13 years since it was updated and the field has advanced since then. He uses MD5 as an example of something that was considered very strong then but not now. From my recollection of that brilliant cryptography foundation, Bruce mentioned that MD5 was suspected to have a weakness.
Read more ›
Comment 9 of 12 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse

Most Recent Customer Reviews

Set up an Amazon Giveaway

Amazon Giveaway allows you to run promotional giveaways in order to create buzz, reward your audience, and attract new followers and customers. Learn more
The Myths of Security: What the Computer Security Industry Doesn't Want You to Know
This item: The Myths of Security: What the Computer Security Industry Doesn't Want You to Know
Price: $24.07
Ships from and sold by Amazon.com

Want to discover more products? Check out these pages to see more: merchant credit card processing, virus programming