The Myths of Security and over one million other books are available for Amazon Kindle. Learn more
Qty:1
  • List Price: $29.99
  • Save: $8.35 (28%)
FREE Shipping on orders over $35.
In Stock.
Ships from and sold by Amazon.com.
Gift-wrap available.
Add to Cart
FREE Shipping on orders over $35.
Condition: Used: Good
Comment: Eligible for FREE Super Saving Shipping! Fast Amazon shipping plus a hassle free return policy mean your satisfaction is guaranteed! Worn edges and covers may have small creases. Otherwise book is in good condition.
Access codes and supplements are not guaranteed with used items.
Add to Cart
Have one to sell? Sell on Amazon
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image

The Myths of Security: What the Computer Security Industry Doesn't Want You to Know Paperback – June 29, 2009

ISBN-13: 978-0596523022 ISBN-10: 0596523025 Edition: 1st

Buy New
Price: $21.64
34 New from $3.87 43 Used from $0.01
Amazon Price New from Used from
Kindle
"Please retry"
Paperback
"Please retry"
$21.64
$3.87 $0.01

Free%20Two-Day%20Shipping%20for%20College%20Students%20with%20Amazon%20Student



Frequently Bought Together

The Myths of Security: What the Computer Security Industry Doesn't Want You to Know + Beautiful Security: Leading Security Experts Explain How They Think
Price for both: $58.57

Buy the selected items together

NO_CONTENT_IN_FEATURE

Like this book? Find similar titles in the O'Reilly Bookstore.

Product Details

  • Paperback: 264 pages
  • Publisher: O'Reilly Media; 1 edition (June 29, 2009)
  • Language: English
  • ISBN-10: 0596523025
  • ISBN-13: 978-0596523022
  • Product Dimensions: 0.7 x 5.8 x 8.5 inches
  • Shipping Weight: 9.6 ounces (View shipping rates and policies)
  • Average Customer Review: 3.9 out of 5 stars  See all reviews (33 customer reviews)
  • Amazon Best Sellers Rank: #1,356,044 in Books (See Top 100 in Books)

Editorial Reviews

About the Author

John Viega is CTO of the Software-as-a-Service Business Unit atMcAfee, and was previously Vice President, Chief Security Architect atMcAfee. He is an active advisor to several security companies,including Fortify and Bit9, and is the author of a number of securitybooks, including Network Security with OpenSSL (O'Reilly) and BuildingSecure Software (Addison-Wesley).

John is responsible for numerous software security tools and is theoriginal author of Mailman, the popular mailing list manager. He hasdone extensive standards work in the IEEE and IETF, and co-inventedGCM, a cryptographic algorithm that NIST (US Department of Commerce)has standardized. He holds a B.A. and M.S. from the University ofVirginia.


More About the Author

John is Executive Vice President at SilverSky, the leader in cloud security solutions. John is the former editor-in-chief for IEEE Security and Privacy Magazine, and his technical work in cryptography has been standardized by NIST, the IEEE and IETF. Prior to SilverSky, John was CTO for Software-as-a-Service at McAfee.

John started out writing fiction in high school and college, but Randy Pausch (of Last Lecture Fame) convinced him to make a career in technology.



Related Media


Customer Reviews

Overall this book was a very fast (you could read it on a short flight), but very good read.
Wayne M. Gipson
John Viega's latest book "Myths of Security" has something for everyone - from the everyday home computer user to the corporate security analyst.
Wesley H. Higaki
And the preface is just one big advert for McAfee, even though Viega does bag them a little - just a little - elsewhere in the book.
David I

Most Helpful Customer Reviews

28 of 31 people found the following review helpful By Richard Bejtlich on August 13, 2009
Format: Paperback
Let me start by saying I usually like John Viega's books. I rated Building Secure Software 5 stars back in 2005 and 19 Deadly Sins of Software Security 4 stars in 2006. However, I must not be the target audience for this book, and I can't imagine who really would be. The book mainly addresses consumer concerns and largely avoids the enterprise. However, if most consumers think "antivirus" when they think "security," why would they bother reading The Myths of Security (TMOS)?

TMOS is strongest when Viega talks about the antivirus (or antimalware, or endpoint protection, or whatever host-centric security mechanism you choose) industry. I didn't find anything to be particularly "myth-shattering," however. I have to agree with two of the previous reviewers. Many of the "chapters" in this book could be blog posts. The longer chapters could be longer blog posts. The lack of a unifying theme really puts TMOS at a disadvantage compared to well-crafted books. I was not a huge fan of The New School of Information Security or Geekonomics (both 4 stars), but those two titles are better than TMOS.

If you want to read books that will really help you think properly about digital security, the two must-reads are still Secrets and Lies by Bruce Schneier and Security Engineering, 2nd Ed by Ross Anderson. I would avoid Bruce's sequel, Beyond Fear -- it's ok, but he muddles a few concepts. (Heresy, I know!) I haven't read Schneier on Security, but I imagine it is good given the overall quality of his blog postings.

If you want to shatter some serious myths, spend time writing a book on the "80% myth," which is stated in a variety of ways by anyone who is trying to demonstrate that insider threats are the worst problem facing digital security.
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
16 of 21 people found the following review helpful By Ben Rothke on August 31, 2009
Format: Paperback
The Myths of Security: What the Computer Security Industry Doesn't Want You to Know is an interesting and thought-provoking book. Ultimately, the state of information security can be summed up in the book's final three sentences, in which John Viega writes that 'real, timely improvement is possible, but it requires people to care a lot more [about security] than they do. I'm not sure that's going to happen anytime soon. But I hope it does.'

The reality is that while security evangelists such as Viega write valuable books such as this, it is for the most part falling on deaf ears. Most people don't understand computer security and its risks, and therefore places themselves and the systems they are working in danger. Malware finds computers to load on, often in part to users who are oblivious to the many threats.

Much of the book is made up of Viega's often contrarian views of the security industry. With so much hype abound, many of the often skeptical views he writes about, show what many may perceive are information security truths, are indeed security myths.

From the title of the book, one might think that there is indeed a conspiracy in the computer security industry to keep users dumb and insecure. But as the author notes in chapter 45 -- An Open Security Industry, the various players in the computer security industry all work in their own fiefdoms. This is especially true when it comes to anti-virus, with each vendor to a degree reinventing the anti-virus wheel. The chapter shows how sharing amongst these companies is heavily needed. With that, the book's title of What the Computer Security Industry Doesn't Want You to Know is clearly meant to be provocative, but not true-life.

The book is made up of 48 chapters, on various so called myths.
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
9 of 12 people found the following review helpful By Mark Curphey on July 9, 2009
Format: Paperback
I was lucky enough to be sent a pre-production copy of the book by John. As I read the TOC my jaw dropped. Finally someone has the balls to say whats really happening. Far too many people have been hiding behind marketing FUD or driving their opinions and defending their actions laregly to defend their careers and salaries. I am sure it's a tough message to swallow for many. I saw many things I am or have been guilty of in the book. That's all the more reason why it needed to be said. The industry needs to be cleaned up and the BS called out for what it is.

I applaude John for having the balls to write it.

Its not just a must read, its a must take note and must take action book!
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
3 of 4 people found the following review helpful By Eddie-Oh! on February 7, 2011
Format: Paperback Verified Purchase
The title of this book should be "Information Security: One Mans Battle With Himself and Everyone Else". The author doesn't know what he likes or dislikes, so he hedges his as he likes and dislike everything at once. In certain situations he feels the hassle for security protocol is worth the effort, in other yet remarkably similar situations he feels the same protocol a total waste of time. Only he knows, er, or maybe not, what the differences are, while the reader is feeling nauseous from the roller coaster ride of emotional opinion.
I rate it two stars only on account of the occasional tidbit of juicy security/technology bits that you can add to your repertoire. It's a shame that the author chose to road he took to convey his ideas. I think it would be more respected if it were a straight up techy book.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again

Customer Images

Most Recent Customer Reviews

Search

What Other Items Do Customers Buy After Viewing This Item?