O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

The Myths of Security

Book Description

If you think computer security has improved in recent years, The Myths of Security will shake you out of your complacency. Longtime security professional John Viega, formerly Chief Security Architect at McAfee, reports on the sorry state of the industry, and offers concrete suggestions for professionals and individuals confronting the issue. Why is security so bad? With many more people online than just a few years ago, there are more attackers -- and they're truly motivated. Attacks are sophisticated, subtle, and harder to detect than ever. But, as Viega notes, few people take the time to understand the situation and protect themselves accordingly. This book tells you:

  • Why it's easier for bad guys to "own" your computer than you think

  • Why anti-virus software doesn't work well -- and one simple way to fix it

  • Whether Apple OS X is more secure than Windows

  • What Windows needs to do better

  • How to make strong authentication pervasive

  • Why patch management is so bad

  • Whether there's anything you can do about identity theft

  • Five easy steps for fixing application security, and more

Provocative, insightful, and always controversial, The Myths of Security not only addresses IT professionals who deal with security issues, but also speaks to Mac and PC users who spend time online.

Table of Contents

  1. Special Upgrade Offer
  2. Foreword
  3. Preface
    1. Why Myths of Security?
    2. Acknowledgments
    3. How to Contact Us
    4. Safari® Books Online
  4. 1. The Security Industry Is Broken
  5. 2. Security: Nobody Cares!
  6. 3. It’s Easier to Get “0wned” Than You Think
  7. 4. It’s Good to Be Bad
  8. 5. Test of a Good Security Product: Would I Use It?
  9. 6. Why Microsoft’s Free AV Won’t Matter
  10. 7. Google Is Evil
  11. 8. Why Most AV Doesn’t Work (Well)
  12. 9. Why AV Is Often Slow
  13. 10. Four Minutes to Infection?
  14. 11. Personal Firewall Problems
  15. 12. Call It “Antivirus”
  16. 13. Why Most People Shouldn’t Run Intrusion Prevention Systems
  17. 14. Problems with Host Intrusion Prevention
  18. 15. Plenty of Phish in the Sea
  19. 16. The Cult of Schneier
  20. 17. Helping Others Stay Safe on the Internet
  21. 18. Snake Oil: Legitimate Vendors Sell It, Too
  22. 19. Living in Fear?
  23. 20. Is Apple Really More Secure?
  24. 21. OK, Your Mobile Phone Is Insecure; Should You Care?
  25. 22. Do AV Vendors Write Their Own Viruses?
  26. 23. One Simple Fix for the AV Industry
  27. 24. Open Source Security: A Red Herring
  28. 25. Why SiteAdvisor Was Such a Good Idea
  29. 26. Is There Anything We Can Do About Identity Theft?
  30. 27. Virtualization: Host Security’s Silver Bullet?
  31. 28. When Will We Get Rid of All the Security Vulnerabilities?
  32. 29. Application Security on a Budget
  33. 30. “Responsible Disclosure” Isn’t Responsible
  34. 31. Are Man-in-the-Middle Attacks a Myth?
  35. 32. An Attack on PKI
  36. 33. HTTPS Sucks; Let’s Kill It!
  37. 34. CrAP-TCHA and the Usability/Security Tradeoff
  38. 35. No Death for the Password
  39. 36. Spam Is Dead
  40. 37. Improving Authentication
  41. 38. Cloud Insecurity?
  42. 39. What AV Companies Should Be Doing (AV 2.0)
  43. 40. VPNs Usually Decrease Security
  44. 41. Usability and Security
  45. 42. Privacy
  46. 43. Anonymity
  47. 44. Improving Patch Management
  48. 45. An Open Security Industry
  49. 46. Academics
  50. 47. Locksmithing
  51. 48. Critical Infrastructure
  52. A. Epilogue
  53. Index
  54. About the Author
  55. Colophon
  56. Special Upgrade Offer
  57. Copyright