The Myths of Security and over one million other books are available for Amazon Kindle. Learn more
Qty:1
  • List Price: $29.99
  • Save: $7.71 (26%)
FREE Shipping on orders over $35.
Only 3 left in stock (more on the way).
Ships from and sold by Amazon.com.
Gift-wrap available.
+ $3.99 shipping
Used: Good | Details
Condition: Used: Good
Comment: Book shows a small amount of wear to cover and binding. Some pages show signs of use. Sail the Seas of Value.
Access codes and supplements are not guaranteed with used items.
Have one to sell? Sell on Amazon
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image

The Myths of Security: What the Computer Security Industry Doesn't Want You to Know Paperback – June 29, 2009

ISBN-13: 978-0596523022 ISBN-10: 0596523025 Edition: 1st

Buy New
Price: $22.28
33 New from $4.31 38 Used from $0.09
Amazon Price New from Used from
Kindle
"Please retry"
Paperback
"Please retry"
$22.28
$4.31 $0.09
Free Two-Day Shipping for College Students with Amazon Student Free%20Two-Day%20Shipping%20for%20College%20Students%20with%20Amazon%20Student


Frequently Bought Together

The Myths of Security: What the Computer Security Industry Doesn't Want You to Know + Hacking: The Next Generation (Animal Guide)
Price for both: $51.44

Buy the selected items together
NO_CONTENT_IN_FEATURE

Holiday Deals in Books
Holiday Deals in Books
Find deals for every reader in the Holiday Deals in Books store, featuring savings of up to 50% on cookbooks, children's books, literature & fiction, and more.

Product Details

  • Paperback: 264 pages
  • Publisher: O'Reilly Media; 1 edition (June 29, 2009)
  • Language: English
  • ISBN-10: 0596523025
  • ISBN-13: 978-0596523022
  • Product Dimensions: 5.5 x 0.7 x 8.5 inches
  • Shipping Weight: 9.6 ounces (View shipping rates and policies)
  • Average Customer Review: 3.9 out of 5 stars  See all reviews (33 customer reviews)
  • Amazon Best Sellers Rank: #947,868 in Books (See Top 100 in Books)

Editorial Reviews

About the Author

John Viega is CTO of the Software-as-a-Service Business Unit atMcAfee, and was previously Vice President, Chief Security Architect atMcAfee. He is an active advisor to several security companies,including Fortify and Bit9, and is the author of a number of securitybooks, including Network Security with OpenSSL (O'Reilly) and BuildingSecure Software (Addison-Wesley).

John is responsible for numerous software security tools and is theoriginal author of Mailman, the popular mailing list manager. He hasdone extensive standards work in the IEEE and IETF, and co-inventedGCM, a cryptographic algorithm that NIST (US Department of Commerce)has standardized. He holds a B.A. and M.S. from the University ofVirginia.


More About the Author

John is Executive Vice President at SilverSky, the leader in cloud security solutions. John is the former editor-in-chief for IEEE Security and Privacy Magazine, and his technical work in cryptography has been standardized by NIST, the IEEE and IETF. Prior to SilverSky, John was CTO for Software-as-a-Service at McAfee.

John started out writing fiction in high school and college, but Randy Pausch (of Last Lecture Fame) convinced him to make a career in technology.



Related Media


Customer Reviews

They are worth perusing, and the book is definitely worth reading.
Ben Rothke
John Viega's latest book "Myths of Security" has something for everyone - from the everyday home computer user to the corporate security analyst.
Wesley H. Higaki
I was not a huge fan of The New School of Information Security or Geekonomics (both 4 stars), but those two titles are better than TMOS.
Richard Bejtlich

Most Helpful Customer Reviews

28 of 31 people found the following review helpful By Richard Bejtlich on August 13, 2009
Format: Paperback
Let me start by saying I usually like John Viega's books. I rated Building Secure Software 5 stars back in 2005 and 19 Deadly Sins of Software Security 4 stars in 2006. However, I must not be the target audience for this book, and I can't imagine who really would be. The book mainly addresses consumer concerns and largely avoids the enterprise. However, if most consumers think "antivirus" when they think "security," why would they bother reading The Myths of Security (TMOS)?

TMOS is strongest when Viega talks about the antivirus (or antimalware, or endpoint protection, or whatever host-centric security mechanism you choose) industry. I didn't find anything to be particularly "myth-shattering," however. I have to agree with two of the previous reviewers. Many of the "chapters" in this book could be blog posts. The longer chapters could be longer blog posts. The lack of a unifying theme really puts TMOS at a disadvantage compared to well-crafted books. I was not a huge fan of The New School of Information Security or Geekonomics (both 4 stars), but those two titles are better than TMOS.

If you want to read books that will really help you think properly about digital security, the two must-reads are still Secrets and Lies by Bruce Schneier and Security Engineering, 2nd Ed by Ross Anderson. I would avoid Bruce's sequel, Beyond Fear -- it's ok, but he muddles a few concepts. (Heresy, I know!) I haven't read Schneier on Security, but I imagine it is good given the overall quality of his blog postings.

If you want to shatter some serious myths, spend time writing a book on the "80% myth," which is stated in a variety of ways by anyone who is trying to demonstrate that insider threats are the worst problem facing digital security.
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
16 of 21 people found the following review helpful By Ben Rothke on August 31, 2009
Format: Paperback
The Myths of Security: What the Computer Security Industry Doesn't Want You to Know is an interesting and thought-provoking book. Ultimately, the state of information security can be summed up in the book's final three sentences, in which John Viega writes that 'real, timely improvement is possible, but it requires people to care a lot more [about security] than they do. I'm not sure that's going to happen anytime soon. But I hope it does.'

The reality is that while security evangelists such as Viega write valuable books such as this, it is for the most part falling on deaf ears. Most people don't understand computer security and its risks, and therefore places themselves and the systems they are working in danger. Malware finds computers to load on, often in part to users who are oblivious to the many threats.

Much of the book is made up of Viega's often contrarian views of the security industry. With so much hype abound, many of the often skeptical views he writes about, show what many may perceive are information security truths, are indeed security myths.

From the title of the book, one might think that there is indeed a conspiracy in the computer security industry to keep users dumb and insecure. But as the author notes in chapter 45 -- An Open Security Industry, the various players in the computer security industry all work in their own fiefdoms. This is especially true when it comes to anti-virus, with each vendor to a degree reinventing the anti-virus wheel. The chapter shows how sharing amongst these companies is heavily needed. With that, the book's title of What the Computer Security Industry Doesn't Want You to Know is clearly meant to be provocative, but not true-life.

The book is made up of 48 chapters, on various so called myths.
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
9 of 12 people found the following review helpful By Mark Curphey on July 9, 2009
Format: Paperback
I was lucky enough to be sent a pre-production copy of the book by John. As I read the TOC my jaw dropped. Finally someone has the balls to say whats really happening. Far too many people have been hiding behind marketing FUD or driving their opinions and defending their actions laregly to defend their careers and salaries. I am sure it's a tough message to swallow for many. I saw many things I am or have been guilty of in the book. That's all the more reason why it needed to be said. The industry needs to be cleaned up and the BS called out for what it is.

I applaude John for having the balls to write it.

Its not just a must read, its a must take note and must take action book!
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
7 of 10 people found the following review helpful By S. Pearson on December 3, 2010
Format: Paperback
I expected much more from John Viega, but this book has so much unsubstantiated opinion and reads like an arrogant and ill thought out blog, that I want to return the book for a refund.

Chapter 5, "Test of a Good Security Product: Would I Use It?", he then lists some he uses and those he doesn't:

Under the "he does use it" category: "I've been forced to run god-awful VPN (virtual private net-work) software at work (usually the crappy Cisco client). This allows me to access my company's resources even when I'm not actually in the office."

So I take it the god-awful software is a pass of this test? And the use of VPN software to access internal office network resources is a revelation?

Under the "he does NOT use it" category: he lists firewalls and his reasoning? Because he does not need to use one at home, on account that his cable MODEM and wireless router are NAT capable and therefore hosts behind them are not externally addressable. So firewalls fail the "good security product" test because John Viega does not need them at home? Seriously?

He then ends the "does NOT use" category with "Any other consumer security product"!

In Chapter 16, "The Cult of Schneier", he has a few stabs at Bruce Schneier, but does not give any specifics with the technical depth that Bruce Schneier deserves. He complains that Applied Cryptography is overly referred to by Schneier cultists, given that it has been 13 years since it was updated and the field has advanced since then. He uses MD5 as an example of something that was considered very strong then but not now. From my recollection of that brilliant cryptography foundation, Bruce mentioned that MD5 was suspected to have a weakness.
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again

Most Recent Customer Reviews


What Other Items Do Customers Buy After Viewing This Item?