O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

The Myths of Security

Book Description

If you think computer security has improved in recent years, The Myths of Security will shake you out of your complacency. Longtime security professional John Viega, formerly Chief Security Architect at McAfee, reports on the sorry state of the industry, and offers concrete suggestions for professionals and individuals confronting the issue.

Why is security so bad? With many more people online than just a few years ago, there are more attackers -- and they're truly motivated. Attacks are sophisticated, subtle, and harder to detect than ever. But, as Viega notes, few people take the time to understand the situation and protect themselves accordingly. This book tells you:

  • Why it's easier for bad guys to "own" your computer than you think
  • Why anti-virus software doesn't work well -- and one simple way to fix it
  • Whether Apple OS X is more secure than Windows
  • What Windows needs to do better
  • How to make strong authentication pervasive
  • Why patch management is so bad
  • Whether there's anything you can do about identity theft
  • Five easy steps for fixing application security, and more

Provocative, insightful, and always controversial, The Myths of Security not only addresses IT professionals who deal with security issues, but also speaks to Mac and PC users who spend time online.

Table of Contents

  1. Foreword
  2. Preface
    1. Why Myths of Security?
    2. Acknowledgments
    3. How to Contact Us
    4. Safari® Books Online
  3. 1. The Security Industry Is Broken
  4. 2. Security: Nobody Cares!
  5. 3. It’s Easier to Get “0wned” Than You Think
  6. 4. It’s Good to Be Bad
  7. 5. Test of a Good Security Product: Would I Use It?
  8. 6. Why Microsoft’s Free AV Won’t Matter
  9. 7. Google Is Evil
  10. 8. Why Most AV Doesn’t Work (Well)
  11. 9. Why AV Is Often Slow
  12. 10. Four Minutes to Infection?
  13. 11. Personal Firewall Problems
  14. 12. Call It “Antivirus”
  15. 13. Why Most People Shouldn’t Run Intrusion Prevention Systems
  16. 14. Problems with Host Intrusion Prevention
  17. 15. Plenty of Phish in the Sea
  18. 16. The Cult of Schneier
  19. 17. Helping Others Stay Safe on the Internet
  20. 18. Snake Oil: Legitimate Vendors Sell It, Too
  21. 19. Living in Fear?
  22. 20. Is Apple Really More Secure?
  23. 21. OK, Your Mobile Phone Is Insecure; Should You Care?
  24. 22. Do AV Vendors Write Their Own Viruses?
  25. 23. One Simple Fix for the AV Industry
  26. 24. Open Source Security: A Red Herring
  27. 25. Why SiteAdvisor Was Such a Good Idea
  28. 26. Is There Anything We Can Do About Identity Theft?
  29. 27. Virtualization: Host Security’s Silver Bullet?
  30. 28. When Will We Get Rid of All the Security Vulnerabilities?
  31. 29. Application Security on a Budget
  32. 30. “Responsible Disclosure” Isn’t Responsible
  33. 31. Are Man-in-the-Middle Attacks a Myth?
  34. 32. An Attack on PKI
  35. 33. HTTPS Sucks; Let’s Kill It!
  36. 34. CrAP-TCHA and the Usability/Security Tradeoff
  37. 35. No Death for the Password
  38. 36. Spam Is Dead
  39. 37. Improving Authentication
  40. 38. Cloud Insecurity?
  41. 39. What AV Companies Should Be Doing (AV 2.0)
  42. 40. VPNs Usually Decrease Security
  43. 41. Usability and Security
  44. 42. Privacy
  45. 43. Anonymity
  46. 44. Improving Patch Management
  47. 45. An Open Security Industry
  48. 46. Academics
  49. 47. Locksmithing
  50. 48. Critical Infrastructure
  51. A. Epilogue
  52. Index
  53. About the Author
  54. Colophon
  55. Copyright