The Myths of Security: What the Computer Security Industry Doesn't Want You to Know (Paperback)

~ (Author), Viega John (Author)

Editorial Reviews

Product Description

If you think computer security has improved in recent years, The Myths of Security will shake you out of your complacency. Longtime security professional John Viega, formerly Chief Security Architect at McAfee, reports on the sorry state of the industry, and offers concrete suggestions for professionals and individuals confronting the issue.

Why is security so bad? With many more people online than just a few years ago, there are more attackers -- and they're truly motivated. Attacks are sophisticated, subtle, and harder to detect than ever. But, as Viega notes, few people take the time to understand the situation and protect themselves accordingly. This book tells you:

• Why it's easier for bad guys to "own" your computer than you think
• Why anti-virus software doesn't work well -- and one simple way to fix it
• Whether Apple OS X is more secure than Windows
• What Windows needs to do better
• How to make strong authentication pervasive
• Why patch management is so bad
• Whether there's anything you can do about identity theft
• Five easy steps for fixing application security, and more

Provocative, insightful, and always controversial, The Myths of Security not only addresses IT professionals who deal with security issues, but also speaks to Mac and PC users who spend time online.

About the Author

John Viega is CTO of the SaaS Business Unit at McAfee, his second stint at McAfee. Previously, he was their Chief Security Architect, after which he founded and served as CEO of Stonewall Software, which focused on making anti-virus technology faster, better and cheaper. John was also the founder of Secure Software (now part of Fortify). John is author of many security books, including Building Secure Software (Addison-Wesley), Network Security with OpenSSL (O'Reilly), and the forthcoming Myths of Security (O'Reilly). He is responsible for numerous software security tools and is the original author of Mailman, the GNU mailing list manager. He has done extensive standards work in the IEEE and IETF and co-invented GCM, a cryptographic algorithm that NIST has standardized. John is also an active advisor to several security companies, including Fortify and Bit9. He holds a MS and BA from the University of Virginia.

---

Product Details Paperback: 260 pages Publisher: O'Reilly Media; 1 edition (June 29, 2009) Language: English ISBN-10: 0596523025 ISBN-13: 978-0596523022 Product Dimensions: 8.3 x 5.5 x 0.4 inches Shipping Weight: 9.6 ounces (View shipping rates and policies) Average Customer Review: 4.4 out of 5 stars  See all reviews (26 customer reviews) Amazon.com Sales Rank: #155,851 in Books (See Bestsellers in Books) Popular in these categories: (What's this?) #4 in  Books > Computers & Internet > Web Development > Security & Encryption > Viruses #7 in  Books > Computers & Internet > Computer Science > Artificial Intelligence > Expert Systems #63 in  Books > Computers & Internet > Networking > Network Administration

---

More About the Author

Discover books, learn about writers, read author blogs, and more.

› Visit Amazon's John Viega Page

Front Cover | Table of Contents | First Pages | Index | Back Cover | Surprise Me!

Search Inside This Book:

---

Inside This Book (learn more)

Browse Sample Pages:
Front Cover | Table of Contents | First Pages | Index | Back Cover | Surprise Me!

Search Inside This Book:

---

What Do Customers Ultimately Buy After Viewing This Item?

	84% buy the item featured on this page: The Myths of Security: What the Computer Security Industry Doesn't Want You to Know 4.4 out of 5 stars (26) $19.80
	6% buy Beautiful Security 5.0 out of 5 stars (8) $34.07
	5% buy Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance (Theory in Practice) 5.0 out of 5 stars (6) $31.49
	3% buy The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System 4.7 out of 5 stars (6) $32.97

Explore similar items

---

Tags Customers Associate with This Product  (What's this?) Click on a tag to find related items, discussions, and people. Check the boxes next to the tags you consider relevant or enter your own tags in the field below.  security(6) anti-virus(4) information security(4) computer security(3) malware(3) internet security(2) bejtlich(1) cloud(1) facebook(1) google(1) Agree with these tags? See all 17 tags... Your tags: Add your first tag

Search Products Tagged with   See most popular tags

---

 

Customer Reviews

26 Reviews 5 star:  (16) 4 star:  (6) 3 star:  (2) 2 star:  (2) 1 star:    (0)           Average Customer Review 4.4 out of 5 stars (26 customer reviews)		Share your thoughts with other customers:
Most Helpful Customer Reviews 5 of 5 people found the following review helpful: 5.0 out of 5 stars A Rude Awakening for Many (Who Will Probably Try and Hide or Dismiss the Facts), July 9, 2009 By  Mark Curphey (Seattle, USA) - See all my reviews (REAL NAME)    I was lucky enough to be sent a pre-production copy of the book by John. As I read the TOC my jaw dropped. Finally someone has the balls to say whats really happening. Far too many people have been hiding behind marketing FUD or driving their opinions and defending their actions laregly to defend their careers and salaries. I am sure it's a tough message to swallow for many. I saw many things I am or have been guilty of in the book. That's all the more reason why it needed to be said. The industry needs to be cleaned up and the BS called out for what it is. I applaude John for having the balls to write it. Its not just a must read, its a must take note and must take action book! 4 of 4 people found the following review helpful: 4.0 out of 5 stars Wonderfully contrarian writing on our views of computer security, August 18, 2009 By  James Holmes "Co-Author 'Windows Developer Po... (South Central Ohio) - See all my reviews (REAL NAME)    This is a wonderfully contrarian view to much of the information we are fed regarding security. Viega brings a much-needed skeptical view to many of the things we as consumers and workers in the IT industry are fed. He skewers everything from antivirus to identity theft and takes a lot of effort to lay out his propositions around how bad guys are driven by money. I got a bit weary of the not-quite-shilling for McAffee, the company Viega works for, and there were a couple technical howlers (a server-side application which required 200 servers simply "because it was written in Java"). Those irritants aside, it really is a great read which, whether you agree with his points or not, should make you re-evaluate how you look at security. Books which make you think are always a Good Thing. 3 of 3 people found the following review helpful: 5.0 out of 5 stars The Plain Truth, August 6, 2009 By  Dennis Fisher "security writer" (Boston) - See all my reviews (REAL NAME)    John Viega has written the book about the security industry that has needed writing for a very long time. He exposes the plain (and often ugly) truth about the way that the industry works and why the state of computer and Internet security has continued to deteriorate over the last decade. Viega is one of the smarter and more candid people in the security community and those two qualities come through loud and clear throughout the book. He's an industry insider who knows what's real and what's tripe, and this book will help even complete security newbies figure out what's what. With chapters with titles such as "Security: Nobody Cares!" (sad, but true) and "Is Apple Really More Secure?" (no), you know right away that Viega is not in this to make friends. But this isn't just a hack job on the security industry (which, after all, wouldn't be very original). Viega takes the time to explain what's going wrong as well as what can be done to fix it. Still, the key thing to remember in all of this is that things are bad and they're likely going to get worse. Probably much worse. But as long as there are cats like Viega around to give us the real scoop, at least we'll be entertained while the ship goes down.		Ad feedback   Most Recent Customer Reviews 4.0 out of 5 stars A very fun read; hard to put down Think about this book as a printed selection of blog posts - some a dozen pages, some half a page. John's essays - all 48 of them - reads like a typical blog: fun views on hot... Read more Published 8 days ago by Dr Anton Chuvakin 5.0 out of 5 stars An early warning of disasters that might happen in the future This is a great book for either security specialist or a general computer user. For the former the book gives lots of criticism for the awful state of today's security, for the... Read more Published 19 days ago by Alexey I. Smirnov 5.0 out of 5 stars Very Good; Practical This book is an easy, fun, and somewhat scary read all at the same time. It accomplishes its goal of raising awareness about security issues by presenting material in small... Read more Published 1 month ago by J. Druin 4.0 out of 5 stars Less controversial than I expected I am not a security expert, so I am not in a position to understand how much information contained in the book is new, part of it was new and valuable to me. Read more Published 1 month ago by Foti Massimo 4.0 out of 5 stars Good, but not what I expected. After reading a brief overview of this book I was really excited to read it. As an information security professional, I was hoping the author would stir up some controversial... Read more Published 1 month ago by Wayne M. Gipson 5.0 out of 5 stars A rare inside-look at the computer industry and its future directions John possesses a deep understanding of a wide breadth of computer security topics and communicates it to both industry insiders and outsiders in a manner that is informative and... Read more Published 2 months ago by Daniel Nunes 5.0 out of 5 stars Great read for overview of modern security industry landscape John and I don't see eye to eye on everything. In particular his thoughts of how vulnerability disclosure work. Read more Published 2 months ago by Oliver Day 4.0 out of 5 stars A contrarian provides an interesting look at the information security industry The Myths of Security: What the Computer Security Industry Doesn't Want You to Know is an interesting and thought-provoking book. Read more Published 2 months ago by Ben Rothke 3.0 out of 5 stars Great if you're not in the security industry, otherwise yawn Several security bloggers recommended this book, so I picked up. It's a very fast read, not only because of the short chapters but also the anemic content. Read more Published 2 months ago by R. Pompon 3.0 out of 5 stars Since consumers don't care about security, why write a book like this for them? Let me start by saying I usually like John Viega's books. I rated Building Secure Software 5 stars back in 2005 and 19 Deadly Sins of Software Security 4 stars in 2006. Read more Published 3 months ago by Richard Bejtlich Search Customer Reviews Only search this product's reviews

---

Customer Discussions

This product's forum Discussion Replies Latest Post No discussions yet Ask questions, Share opinions, Gain insight Start a new discussion Topic: First post: Receive e-mail when new posts are made Prompts for sign-in   Guidelines Search Customer Discussions Search all Amazon discussions

The Security community Latest activity 55 minutes ago 2,130 customers have contributed 1,508 products, 89 lists & guides and more... › Explore the community The Computer Security community Latest activity 5 days ago 490 customers have contributed 194 products, 22 lists & guides and more... › Explore the community Related forums computer... (1 discussion) information... internet... (4 discussions) oreilly books (2 discussions) security (3 discussions) Explore more › See all Customer Communities › Your communities

---

Listmania!

Next shopping list: A list by Ivan Zuzak   Secure Development Resources: A list by Jesper M. Johansson "Deep and secure"   edgeblog: A list by edgeblog Create a Listmania! list

Search Listmania!

---

So You'd Like to...

Become a Computer Security Expert: A guide by GuitarPlayer   be a computer security expert.: A guide by unicityd Create a guide

Search Guides

---

Product Information from the Amapedia Community

Beta (What's this?)

Be the first person to add an article about this item at Amapedia.com.

› See featured Amapedia.com articles

---

Look for Similar Items by Category

• Books > Business & Investing > Industries & Professions > E-commerce
• Books > Business & Investing > Industries & Professions > High-Tech
• Books > Computers & Internet > Business & Culture > Privacy
• Books > Computers & Internet > Certification Central > Exams > Security+
• Books > Computers & Internet > Computer Science > Artificial Intelligence
• Books > Computers & Internet > Computer Science > Systems Analysis & Design
• Books > Computers & Internet > Home Computing > Internet
• Books > Computers & Internet > Networking > Network Administration
• Books > Computers & Internet > Networking > Network Security
• Books > Computers & Internet > Networking > Networks, Protocols & APIs
• Books > Computers & Internet > Programming
• Books > Computers & Internet > Web Development > Security & Encryption

---

Look for Similar Items by Subject

Search Books by subject:
Data in computer systems
Internet
Knowledge-based systems / expert systems
Network security
Computer Data Security
Computers
Computers - Computer Security
Computer Books: Internet General
Computers / Disaster Recovery
Computers / Expert Systems
Computers / Internet / General
Computers / Internet / Security
Computers / Networking / Network Protocols
Computers / Programming / Systems Analysis & Design
Computers / Security / General
Security - General
Industries - Computer Industry
Internet - Security
Computer security
Computing: Professional & Programming


i.e., each book must be in subject 1 AND subject 2 AND ...

Ad feedback

 

Feedback If you need help or have a question for Customer Service, contact us.  Would you like to update product info or give feedback on images? Is there any other feedback you would like to provide? Your comments can help make our site better for everyone. Please note that we are unable to respond directly to all feedback submitted via this form, but we'll ask you to sign in so we can contact you if needed.

Your Recent History

 (What's this?)

After viewing product detail pages or search results, look here to find an easy way to navigate back to pages you are interested in.

› View and edit your browsing history

Get to Know Us Careers Investor Relations Press Releases Amazon and Our Planet Make Money with Us Sell on Amazon Join Associates Self-publish with Us › See all Let Us Help You Shipping Rates & Policies Amazon Prime Returns Help

Canada | China | France | Germany | Japan | United Kingdom  And don't forget: Amazon Windowshop | AmazonWireless | Askville | Audible | DPReview | Endless | IMDb | Shopbop | SoundUnwound | Warehouse Deals by Amazon | Zappos Conditions of Use | Privacy Notice  © 1996-2009, Amazon.com, Inc. or its affiliates

Product Details

• Paperback: 260 pages
• Publisher: O'Reilly Media; 1 edition (June 29, 2009)
• Language: English
• ISBN-10: 0596523025
• ISBN-13: 978-0596523022
• Product Dimensions: 8.3 x 5.5 x 0.4 inches
• Shipping Weight: 9.6 ounces (View shipping rates and policies)
• Average Customer Review: 4.4 out of 5 stars  See all reviews (26 customer reviews)
• Amazon.com Sales Rank: #155,851 in Books (See Bestsellers in Books)

  Popular in these categories: (What's this?)

  #4 in	Books > Computers & Internet > Web Development > Security & Encryption > Viruses
  #7 in	Books > Computers & Internet > Computer Science > Artificial Intelligence > Expert Systems
  #63 in	Books > Computers & Internet > Networking > Network Administration

Customer Reviews

Most Helpful Customer Reviews

5 of 5 people found the following review helpful:

5.0 out of 5 stars A Rude Awakening for Many (Who Will Probably Try and Hide or Dismiss the Facts), July 9, 2009

By	Mark Curphey (Seattle, USA) - See all my reviews (REAL NAME)

I was lucky enough to be sent a pre-production copy of the book by John. As I read the TOC my jaw dropped. Finally someone has the balls to say whats really happening. Far too many people have been hiding behind marketing FUD or driving their opinions and defending their actions laregly to defend their careers and salaries. I am sure it's a tough message to swallow for many. I saw many things I am or have been guilty of in the book. That's all the more reason why it needed to be said. The industry needs to be cleaned up and the BS called out for what it is.

I applaude John for having the balls to write it.

Its not just a must read, its a must take note and must take action book!

4 of 4 people found the following review helpful:

4.0 out of 5 stars Wonderfully contrarian writing on our views of computer security, August 18, 2009

By	James Holmes "Co-Author 'Windows Developer Po... (South Central Ohio) - See all my reviews (REAL NAME)

This is a wonderfully contrarian view to much of the information we are fed regarding security. Viega brings a much-needed skeptical view to many of the things we as consumers and workers in the IT industry are fed. He skewers everything from antivirus to identity theft and takes a lot of effort to lay out his propositions around how bad guys are driven by money.

I got a bit weary of the not-quite-shilling for McAffee, the company Viega works for, and there were a couple technical howlers (a server-side application which required 200 servers simply "because it was written in Java"). Those irritants aside, it really is a great read which, whether you agree with his points or not, should make you re-evaluate how you look at security.

Books which make you think are always a Good Thing.

3 of 3 people found the following review helpful:

5.0 out of 5 stars The Plain Truth, August 6, 2009

By	Dennis Fisher "security writer" (Boston) - See all my reviews (REAL NAME)

John Viega has written the book about the security industry that has needed writing for a very long time. He exposes the plain (and often ugly) truth about the way that the industry works and why the state of computer and Internet security has continued to deteriorate over the last decade.

Viega is one of the smarter and more candid people in the security community and those two qualities come through loud and clear throughout the book. He's an industry insider who knows what's real and what's tripe, and this book will help even complete security newbies figure out what's what. With chapters with titles such as "Security: Nobody Cares!" (sad, but true) and "Is Apple Really More Secure?" (no), you know right away that Viega is not in this to make friends.

But this isn't just a hack job on the security industry (which, after all, wouldn't be very original). Viega takes the time to explain what's going wrong as well as what can be done to fix it. Still, the key thing to remember in all of this is that things are bad and they're likely going to get worse. Probably much worse. But as long as there are cats like Viega around to give us the real scoop, at least we'll be entertained while the ship goes down.