Enter your mobile number below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
Getting the download link through email is temporarily not available. Please check back later.

  • Apple
  • Android
  • Windows Phone
  • Android

To get the free app, enter your mobile phone number.

The Myths of Security: What the Computer Security Industry Doesn't Want You to Know 1st Edition

3.7 out of 5 stars 35 customer reviews
ISBN-13: 978-0596523022
ISBN-10: 0596523025
Why is ISBN important?
ISBN
This bar-code number lets you verify that you're getting exactly the right version or edition of a book. The 13-digit and 10-digit formats both work.
Scan an ISBN with your phone
Use the Amazon App to scan ISBNs and compare prices.
Have one to sell? Sell on Amazon
Buy used On clicking this link, a new layer will be open
$5.74 On clicking this link, a new layer will be open
Buy new On clicking this link, a new layer will be open
$18.75 On clicking this link, a new layer will be open
More Buying Choices
35 New from $1.50 39 Used from $0.01
Free Two-Day Shipping for College Students with Prime Student Free%20Two-Day%20Shipping%20for%20College%20Students%20with%20Amazon%20Student


Security
ITPro.TV Video Training
Take advantage of IT courses online anywhere, anytime with ITPro.TV. Learn more.
$18.75 FREE Shipping on orders with at least $25 of books. In Stock. Ships from and sold by Amazon.com. Gift-wrap available.
click to open popover

Frequently Bought Together

  • The Myths of Security: What the Computer Security Industry Doesn't Want You to Know
  • +
  • Hacking: The Next Generation (Animal Guide)
  • +
  • Gray Hat Hacking The Ethical Hacker's Handbook, Fourth Edition
Total price: $90.68
Buy the selected items together

Editorial Reviews

About the Author

John Viega is CTO of the Software-as-a-Service Business Unit atMcAfee, and was previously Vice President, Chief Security Architect atMcAfee. He is an active advisor to several security companies,including Fortify and Bit9, and is the author of a number of securitybooks, including Network Security with OpenSSL (O'Reilly) and BuildingSecure Software (Addison-Wesley).

John is responsible for numerous software security tools and is theoriginal author of Mailman, the popular mailing list manager. He hasdone extensive standards work in the IEEE and IETF, and co-inventedGCM, a cryptographic algorithm that NIST (US Department of Commerce)has standardized. He holds a B.A. and M.S. from the University ofVirginia.

NO_CONTENT_IN_FEATURE

Like this book? Find similar titles in the O'Reilly Bookstore.

Product Details

  • Paperback: 264 pages
  • Publisher: O'Reilly Media; 1 edition (June 29, 2009)
  • Language: English
  • ISBN-10: 0596523025
  • ISBN-13: 978-0596523022
  • Product Dimensions: 5.5 x 0.7 x 8.5 inches
  • Shipping Weight: 9.6 ounces (View shipping rates and policies)
  • Average Customer Review: 3.7 out of 5 stars  See all reviews (35 customer reviews)
  • Amazon Best Sellers Rank: #1,428,853 in Books (See Top 100 in Books)

Related Media

Customer Reviews

Top Customer Reviews

Format: Paperback
Let me start by saying I usually like John Viega's books. I rated Building Secure Software 5 stars back in 2005 and 19 Deadly Sins of Software Security 4 stars in 2006. However, I must not be the target audience for this book, and I can't imagine who really would be. The book mainly addresses consumer concerns and largely avoids the enterprise. However, if most consumers think "antivirus" when they think "security," why would they bother reading The Myths of Security (TMOS)?

TMOS is strongest when Viega talks about the antivirus (or antimalware, or endpoint protection, or whatever host-centric security mechanism you choose) industry. I didn't find anything to be particularly "myth-shattering," however. I have to agree with two of the previous reviewers. Many of the "chapters" in this book could be blog posts. The longer chapters could be longer blog posts. The lack of a unifying theme really puts TMOS at a disadvantage compared to well-crafted books. I was not a huge fan of The New School of Information Security or Geekonomics (both 4 stars), but those two titles are better than TMOS.

If you want to read books that will really help you think properly about digital security, the two must-reads are still Secrets and Lies by Bruce Schneier and Security Engineering, 2nd Ed by Ross Anderson. I would avoid Bruce's sequel, Beyond Fear -- it's ok, but he muddles a few concepts. (Heresy, I know!) I haven't read Schneier on Security, but I imagine it is good given the overall quality of his blog postings.

If you want to shatter some serious myths, spend time writing a book on the "80% myth," which is stated in a variety of ways by anyone who is trying to demonstrate that insider threats are the worst problem facing digital security.
Read more ›
Comment 29 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Paperback
The Myths of Security: What the Computer Security Industry Doesn't Want You to Know is an interesting and thought-provoking book. Ultimately, the state of information security can be summed up in the book's final three sentences, in which John Viega writes that 'real, timely improvement is possible, but it requires people to care a lot more [about security] than they do. I'm not sure that's going to happen anytime soon. But I hope it does.'

The reality is that while security evangelists such as Viega write valuable books such as this, it is for the most part falling on deaf ears. Most people don't understand computer security and its risks, and therefore places themselves and the systems they are working in danger. Malware finds computers to load on, often in part to users who are oblivious to the many threats.

Much of the book is made up of Viega's often contrarian views of the security industry. With so much hype abound, many of the often skeptical views he writes about, show what many may perceive are information security truths, are indeed security myths.

From the title of the book, one might think that there is indeed a conspiracy in the computer security industry to keep users dumb and insecure. But as the author notes in chapter 45 -- An Open Security Industry, the various players in the computer security industry all work in their own fiefdoms. This is especially true when it comes to anti-virus, with each vendor to a degree reinventing the anti-virus wheel. The chapter shows how sharing amongst these companies is heavily needed. With that, the book's title of What the Computer Security Industry Doesn't Want You to Know is clearly meant to be provocative, but not true-life.

The book is made up of 48 chapters, on various so called myths.
Read more ›
Comment 17 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Paperback
I've been heavily involved in security and network admin for a financial institution for many years, so maybe I'm just not the target audience, but I never felt like I learned anything from John's rants. Based on the title, I fully expected to have chapter after chapter of what was thought to be good security, but in fact was not - i.e. A Myth.

Unfortunately that's not what I found. Instead it was what I'd consider rants about how things could or should be different. For example, one of the final chapters was how he wanted electronic locks on his house, but he can't find a lock-smith that knows anything about them. In his ideal world, he would have a cell phone that could unlock any door in his house automatically, but his kids wouldn't be able to unlock the door to the alcohol cabinet until they were 40. He said the biggest drawback was when the power went out. That pretty well summed up the entire chapter.

I wish I could say that was an exception, but frankly I couldn't discern the "Myths" in most of his topics. Just random rants about how things should be different.
Comment 3 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Paperback
I expected much more from John Viega, but this book has so much unsubstantiated opinion and reads like an arrogant and ill thought out blog, that I want to return the book for a refund.

Chapter 5, "Test of a Good Security Product: Would I Use It?", he then lists some he uses and those he doesn't:

Under the "he does use it" category: "I've been forced to run god-awful VPN (virtual private net-work) software at work (usually the crappy Cisco client). This allows me to access my company's resources even when I'm not actually in the office."

So I take it the god-awful software is a pass of this test? And the use of VPN software to access internal office network resources is a revelation?

Under the "he does NOT use it" category: he lists firewalls and his reasoning? Because he does not need to use one at home, on account that his cable MODEM and wireless router are NAT capable and therefore hosts behind them are not externally addressable. So firewalls fail the "good security product" test because John Viega does not need them at home? Seriously?

He then ends the "does NOT use" category with "Any other consumer security product"!

In Chapter 16, "The Cult of Schneier", he has a few stabs at Bruce Schneier, but does not give any specifics with the technical depth that Bruce Schneier deserves. He complains that Applied Cryptography is overly referred to by Schneier cultists, given that it has been 13 years since it was updated and the field has advanced since then. He uses MD5 as an example of something that was considered very strong then but not now. From my recollection of that brilliant cryptography foundation, Bruce mentioned that MD5 was suspected to have a weakness.
Read more ›
Comment 11 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse

Most Recent Customer Reviews

Set up an Amazon Giveaway

The Myths of Security: What the Computer Security Industry Doesn't Want You to Know
Amazon Giveaway allows you to run promotional giveaways in order to create buzz, reward your audience, and attract new followers and customers. Learn more about Amazon Giveaway
This item: The Myths of Security: What the Computer Security Industry Doesn't Want You to Know